AnsweredAssumed Answered

IAP: Secure firmware update guidelines

Question asked by sidekick on Jan 29, 2016
Latest reply on Feb 4, 2016 by sidekick
I've implemented DFU-OTA over GSM network with Fail-back feature (reverting back to older firmware if the upgrade failed, sudden shutdown during the upgrade and in the event of network error) and so far it seem to work fine (Probably I need to test more), However, I would now like to add security features in the upgrade process. I've heard that there could be man in the middle attack, execution of malicious code by reverse engineering the firmware etc. This topic is very new to me, hence I'm looking for guidelines on what and how I should implement secured f/w upgrade.

My firmware binary (My application firmware that will be flashed on the internal main flash memory of STM32F072) will reside on a HTTPS server and I download this binary over GSM network by issuing AT+ command (STM32 MCU is connected to SIM800H GSM module over UART on the custom board). Some of the first few questions that I've in mind are:
1: Is it possible to sniff the GSM communication that my board is making, then probably doing a Man in the middle attack won't be very difficult. How to subvert such attempts ?

2: Assuming that the HTTPS server where I keep my firmware binary is very robust against attacks (the firmware binary will be uploaded on the server, only after successful authentication), what else can go wrong ?

3: Any other guidelines would be also very helpful.

Thanks,

Outcomes