Hi all
nrf52840 Development board,sdk is nRF5_SDK_15.2.0_9412b96,PC is windows 10
I want to use the DFU to update my file,but I find that only the Init packet is signatured.If the attacker uses the init packet which is signatured and adds his aclicious code,the firmware of ble device will be updated using the aclicious code.Is this a security vulnerablility?
Hi Mijiale,
you are correct that its only the init packet that contains a signed hash of the firmware, but this does not mean that one can update arbitrary firmware just by using a Init packet from a previous update.
The init packet signature is actually an encrypted hash of the firmware image, this encrypted hash is de-crypted on the receiver side and compared to the hash of the received data(i.e. firmware). If the data is modified after the signature is created(i.e. the hash of the data is calculated and encryted), then the hash comparison on the receiver side will fail.
Hence, this method ensures three things:
Best regards
Bjørn
Hi Mijiale,
you are correct that its only the init packet that contains a signed hash of the firmware, but this does not mean that one can update arbitrary firmware just by using a Init packet from a previous update.
The init packet signature is actually an encrypted hash of the firmware image, this encrypted hash is de-crypted on the receiver side and compared to the hash of the received data(i.e. firmware). If the data is modified after the signature is created(i.e. the hash of the data is calculated and encryted), then the hash comparison on the receiver side will fail.
Hence, this method ensures three things:
Best regards
Bjørn
