Consider blocklisting Qualcomm CSR firmware update service #20
Comments
|
@pdjstone On an unrelated note, can you tell us more about pdjstone/cloudpets-web-bluetooth#1? |
|
I've reached out to Qualcomm staff and am anticipating a response here. |
|
Blacklisting an update service that's only secured with symmetric keys sounds good to me. Sorry for missing this. Let's give Qualcomm until the 14th (1 week from @scheib's message) to respond? |
scheib
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The service UUID is 00001016-d102-11e1-9b23-00025b00a5a5
The only information I could find on that service is here: https://www.csrsupport.com/download/49800/CS-327746-RP-1-Training%20and%20Tutorials%20-%20CSR%20Over-the-Air-Update.pdf
The protocol seems to do challenge-response with a shared key, rather than properly signing the firmware.
The text was updated successfully, but these errors were encountered: