From the course: Programming Foundations: Secure Coding
Join today to access over 24,700 courses taught by industry experts.
Software versioning
From the course: Programming Foundations: Secure Coding
Software versioning
- When we have an embedded device, the software will eventually need to be updated. This brings us to our software versioning attacks in the embedded world. In this attack, a bad actor will leverage a flaw in the firmware update process to carry out their attack. Let's start out with the granddaddy of this attack vector, at least in my opinion. It is labeled as a time of check, time of use attack. In this attack, the bad actor utilizes the firmware update process to inject malicious firmware after the update process was validated, but before it was written. Another attack impacts those that leverage digital signatures for validation. Often in embedded devices, the capacity for key size for asymmetric encryptions is small. This opens up a greater possibility that the signature can be cracked. They may not even have to go that far if they can bypass the check. In either case, they leverage this to provide malicious firmware to the updater. Now, there are others, but the idea behind…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.