Digitally signed updates

BR/EDR

BLE

For each of the available update mechanisms in a device, a check to verify if updates are digitally signed is needed.

If a device uses and accepts non-signed updates or software, then, it is possible to craft custom software pieces, firmwares and applications that may access data or perform malicious actions by using the device in ways non-intended by the manufacturer and user.

Description

In order to check wether updates are digitally signed, multiple techniques may be used:

Source code review.
Sligtly modifying random bytes of a valid update file and trying to use the modifyed software. Beware that this may result in a bricked device if the software is finnaly installed.

This control is considered satisfactory when it is verified that the device does not remotely accept minimally modified updates.

BUSINESS UNITS

CONTACT INFO

EUROPE HQ:
Madrid
Quintanapalla 8,
Las Tablas, 28050

(0034) 912 919 319

contact@tarlogic.com

LINKS

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Necessary cookies

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

3rd party cookies

Cookies policy