https://devzone.nordicsemi.com/f/nordic-q-a/19769/secure-dfu-how-secure-is-itHi, We are expecting many of our devices to be in close proximity. How can we be certain that when a user initiates a buttonless DFU, that they are uploading to the correct device? Could an attacker be listening for devices in DFU mode and attempten-USTelligent Community 13Wed, 21 Jun 2017 00:05:33 GMThttps://devzone.nordicsemi.com/thread/76868?ContentTypeID=1Wed, 21 Jun 2017 00:05:33 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ae121330-7d58-4a1a-8f13-3efb0e3d7e1cPaul<p>The Nordic &quot;Secure DFU&quot; mode signs your firmware before uploading <a href="https://devzone.nordicsemi.com/question/111803/dfu-signingencryption-security/">but does NOT encrypt it over the air.</a></p> <p>This means a malicious party can still view your application over the wire, decompile, and analyze it for vulnerabilities / reverse proprietary features but they can not modify the firmware and upload it to the device.</p> <p>Provided your adversary does not have physical access to your users devices you have reasonable assurance they are running &quot;legitimate&quot; versions of your firmware. If your adversary does have physical access they can upload tampered firmware using a j-link programmer.</p> <p>In terms of &quot;how secure&quot;? The Secure DFU is 50% secure. Firmware is authenticated but not confidential. <a href="https://k9mail.github.io/2016/11/24/OpenPGP-Considerations-Part-I.html">Others have made the case that signing without encrypting is actually a disservice</a>. I wouldn&#39;t go so far as to say that, but I do think it&#39;s reasonable to define &quot;secure&quot; firmware as firmware which is both signed and encrypted and it is a misnomer to call Nordic&#39;s implementation &quot;secure DFU&quot; - technically it is &quot;signed DFU&quot;.</p> <p>Others (ourselves included) implemented firmware encryption using elliptic curves independent of the Nordic tools to get full coverage. As <a href="https://lacklustre.net/bluetooth/">has been demonstrated elsewhere</a>, relying on Bluetooth&#39;s built in &quot;Link Layer Encryption&quot; is not sufficient to meet the latter encryption requirement given the numerous ways in which it can be bypassed.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/76867?ContentTypeID=1Fri, 17 Feb 2017 10:10:52 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5bd045a7-2631-4395-97c7-8c5817d1a5a3bjorn-spockeli<p>Using directed advertising will prevent &quot;DOS&quot;-attacks, see <a href="https://devzone.nordicsemi.com/question/70959/advertisment-directeddiscoverable/?answer=71073#post-id-71073">this</a> answer for more info.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/76866?ContentTypeID=1Thu, 16 Feb 2017 15:05:17 GMT137ad170-7792-4731-bb38-c0d22fbe4515:7d3f7fb5-a035-40ea-9f1a-7dfa782f8315Wojtek<p>Yes, that is possible, something like whitelisting could be some kind of solution for that, but that is not perfect of course. In general, advertising in connectable mode makes device vunerable for that &quot;DOS&quot; attack.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/76865?ContentTypeID=1Thu, 16 Feb 2017 15:02:12 GMT137ad170-7792-4731-bb38-c0d22fbe4515:61673443-eb31-41d3-aa3e-eece4dded555parco<p>Good, but what if the attacker continues to connect first and spam these uploads, could they essentially prevent the correct user from uploading?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/76864?ContentTypeID=1Thu, 16 Feb 2017 14:58:20 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d28a01c8-1152-49dd-a050-95374a359594Wojtek<p>Attacker can attempt to upload, but if you just use your own signing key, he will probably fail miserably. Unless he get access to Your private key.</p><div style="clear:both;"></div>