![]() ![]() ![]() The update mechanism has several checks that are meant to ensure the authenticity of OTA images before they are applied: the over-the-air download is supposed to happen over a secure connection to prevent Man-In-The-Middle attacks, the zip file has a cryptographic signature that is verified by the update process, and finally the contents of the zip file include further authentications tags. OTA updates are packaged into a zip container. Huawei devices - both those running Android and those running HarmonyOS - use Huawei’s custom implementation for applying OTA updates. The vulnerability was fixed in March 2022. In this advisory we are disclosing a vulnerability in the Huawei Over-The-Air (OTA) update implementation that allows bypassing SSL protections and execute a Man-In-The-Middle attack. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |