This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure DFU, how secure is it?

Hi,

We are expecting many of our devices to be in close proximity. How can we be certain that when a user initiates a buttonless DFU, that they are uploading to the correct device?

Could an attacker be listening for devices in DFU mode and attempt to upload an image? Is it possible to whitelist only the phone (android/iOS) that initiated DFU?

Any other security pitfalls to watch out for?

Related