• State Not Answered
  • Replies 2 replies
  • Subscribers 67 subscribers
  • Views 1044 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 103017
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

howto validate dfu update came from a trusted source?

tim

How do I prevent drive by wireless hackers hijacking my ble device with their own dfu ota update?

What is the standard way to make wireless hijacking ble devices hard, so wireless hijacking does not happen often?

How can I prevent a wireless hijacker from bricking my ble device?

Physical hijacking is not a concern.

Parents
  • 0

    If your only concern is that someone could "break into" a connection and transfer garbage (that might pass a checksum test), then you should be able to get along with some kind of signing scheme. After receiving the data, but before you start the update process, you send a checksum together with a signature. The app can then, thanks to a hardcoded public key, check that the checksum came from a trusted source. It can then use the checksum to verify that the data it received was written correctly, and then finally restart to start overwriting the application space.

    You would have to modify the current examples for DFU to accomplish this, and I do not have any recommendation for algorithms, but hopefully someone else can jump in and give advice about that.

Reply
  • 0

    If your only concern is that someone could "break into" a connection and transfer garbage (that might pass a checksum test), then you should be able to get along with some kind of signing scheme. After receiving the data, but before you start the update process, you send a checksum together with a signature. The app can then, thanks to a hardcoded public key, check that the checksum came from a trusted source. It can then use the checksum to verify that the data it received was written correctly, and then finally restart to start overwriting the application space.

    You would have to modify the current examples for DFU to accomplish this, and I do not have any recommendation for algorithms, but hopefully someone else can jump in and give advice about that.

Children
  • 0 in reply to Ulrich Myhre

    Thx, and basically that is what we considered.

    For simplicity I have setup DFU to only advertise after the device has been reset by replacing the battery. This adds a level of protection making the dfu ota virtually unhackable by wireless after the DFU advertising period has expired.

    A simply signed checksum in addition will prevent someone from "breaking into" the connection to transfer garbage. I have not implemented that yet. I will check around for something very compact, but less cryptocraphically hard.

Related