Description:
The Firmware Over-The-Air (FOTA) manifest signing process does not cover the entire payload, allowing for malicious firmware injection.
Details:
In src/fota.rs:62-66, the signed_data structure only includes version, svn, and the global firmware_hash. Crucial metadata, specifically chunk_hashes and size_bytes, are excluded from the signature.
Impact:
An attacker can replace individual chunk hashes or truncate the file size while maintaining a "valid" signature. This allows for the delivery of malicious or malformed firmware binaries to the IoT devices.
Location: /src/fota.rs:62-66
Description:
The Firmware Over-The-Air (FOTA) manifest signing process does not cover the entire payload, allowing for malicious firmware injection.
Details:
In src/fota.rs:62-66, the signed_data structure only includes version, svn, and the global firmware_hash. Crucial metadata, specifically chunk_hashes and size_bytes, are excluded from the signature.
Impact:
An attacker can replace individual chunk hashes or truncate the file size while maintaining a "valid" signature. This allows for the delivery of malicious or malformed firmware binaries to the IoT devices.
Location: /src/fota.rs:62-66