Is it possible for an attacker to trigger a firmware download to another device by sending a malicious network packet that initiates a malicious download of a file that contains attacker controlled code for the firmware?
1
-
you don't necessarily need packet injection to do this. Some devices allow firmware updates over localhost. So a simple CSRF could force a firmware update for a device such as a router. To get it to update firmware to one that includes malware there'd need to be some kind of exploit or complete lack of security on manufacturer's part. (somehow forging a signature for the update and/or DNS record, or insider modifying manufacturer's release code)– browsermatorCommented Oct 30, 2024 at 19:46
Add a comment
|
1 Answer
If there is a bug or backdoor in the firmware this can be achieved. And bugs which allowed remote code execution over malicious WiFi packets actually happened in the past - see Over The Air: Exploiting Broadcom’s Wi-Fi Stack. But there is no "generic" way applicable to arbitrary firmware.
answered Oct 27, 2024 at 1:18
