Buttonles DFU security

Hi Michal, 

I assume that the question is about the BLE DFU update, not the Mesh DFU. 

Currently in our buttonless example there is no security or password needed to put the device to DFU mode. However, you can enable pairing and that can block other devices from connecting to your device after you bond to a device. 

If you plan to implement password, I can suggest implementing a challenge response mechanism. If you want to avoid using same master key on all of the devices (so that if one device is hacked, all the devices will break) you would need to have a serial number on each of the device and use this serial number to identify/generate the key of the device. 

Hi Michal, 

I assume that the question is about the BLE DFU update, not the Mesh DFU. 

Currently in our buttonless example there is no security or password needed to put the device to DFU mode. However, you can enable pairing and that can block other devices from connecting to your device after you bond to a device. 

If you plan to implement password, I can suggest implementing a challenge response mechanism. If you want to avoid using same master key on all of the devices (so that if one device is hacked, all the devices will break) you would need to have a serial number on each of the device and use this serial number to identify/generate the key of the device. 

Hello, sorry to hijack this thread, but I have a similar question. Can you expand on the challenge-response mechanism. Is there an example on how to implement this? Scenario is for a peripheral to only accept dfu/jump to bootloader from a trusted source.

We don't have an example for that. But it explained quite clear in the wiki page I linked to. 
Another option is to only allow switching to DFU mode when the link is encrypted (bonded) and if you use whitelisting, only the paired device(s) can connect and encrypt the link.