• State Verified Answer
  • Replies 5 replies
  • Subscribers 62 subscribers
  • Views 7275 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 119768
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure DFU, how secure is it?

parco

Hi,

We are expecting many of our devices to be in close proximity. How can we be certain that when a user initiates a buttonless DFU, that they are uploading to the correct device?

Could an attacker be listening for devices in DFU mode and attempt to upload an image? Is it possible to whitelist only the phone (android/iOS) that initiated DFU?

Any other security pitfalls to watch out for?

Parents
  • 0

    The Nordic "Secure DFU" mode signs your firmware before uploading but does NOT encrypt it over the air.

    This means a malicious party can still view your application over the wire, decompile, and analyze it for vulnerabilities / reverse proprietary features but they can not modify the firmware and upload it to the device.

    Provided your adversary does not have physical access to your users devices you have reasonable assurance they are running "legitimate" versions of your firmware. If your adversary does have physical access they can upload tampered firmware using a j-link programmer.

    In terms of "how secure"? The Secure DFU is 50% secure. Firmware is authenticated but not confidential. Others have made the case that signing without encrypting is actually a disservice. I wouldn't go so far as to say that, but I do think it's reasonable to define "secure" firmware as firmware which is both signed and encrypted and it is a misnomer to call Nordic's implementation "secure DFU" - technically it is "signed DFU".

    Others (ourselves included) implemented firmware encryption using elliptic curves independent of the Nordic tools to get full coverage. As has been demonstrated elsewhere, relying on Bluetooth's built in "Link Layer Encryption" is not sufficient to meet the latter encryption requirement given the numerous ways in which it can be bypassed.

Reply
  • 0

    The Nordic "Secure DFU" mode signs your firmware before uploading but does NOT encrypt it over the air.

    This means a malicious party can still view your application over the wire, decompile, and analyze it for vulnerabilities / reverse proprietary features but they can not modify the firmware and upload it to the device.

    Provided your adversary does not have physical access to your users devices you have reasonable assurance they are running "legitimate" versions of your firmware. If your adversary does have physical access they can upload tampered firmware using a j-link programmer.

    In terms of "how secure"? The Secure DFU is 50% secure. Firmware is authenticated but not confidential. Others have made the case that signing without encrypting is actually a disservice. I wouldn't go so far as to say that, but I do think it's reasonable to define "secure" firmware as firmware which is both signed and encrypted and it is a misnomer to call Nordic's implementation "secure DFU" - technically it is "signed DFU".

    Others (ourselves included) implemented firmware encryption using elliptic curves independent of the Nordic tools to get full coverage. As has been demonstrated elsewhere, relying on Bluetooth's built in "Link Layer Encryption" is not sufficient to meet the latter encryption requirement given the numerous ways in which it can be bypassed.

Children
No Data
Related

core_v2_widget.Hide()