Quiz Entry - updated: 2026.07.14
What cryptographic mechanisms protect software updates (e.g. an iPhone update, Windows Update)?
A SHA-256 hash for integrity, an RSA or ECDSA signature for authenticity, an X.509 certificate for vendor identity, TLS for download, and optionally HMAC binding the update to a specific device.
| Purpose | Algorithm | What it does |
|---|---|---|
| Hashing (integrity) | SHA-256 / SHA-384 | Checksum of the firmware/update bundle |
| Digital signature | RSA-2048 / ECDSA-P256 | Vendor signs the hash with their private key |
| Public-key certificate | X.509 | Authenticates the vendor's public key via a CA chain |
| Transport encryption | TLS 1.2 / 1.3 (AES-GCM, ECDHE) | Protects the download channel |
| Device binding (optional) | HMAC-SHA-256 | Update can be installed only on devices with a matching device-ID hash |
The two-step verification on the device:
- Receive the update bundle over TLS.
- Compute SHA-256 of the bundle.
- Verify the vendor's signature on that hash using the embedded vendor public key (often pinned in the bootloader).
- (Optionally) verify the HMAC tying the update to this device's serial number.
- Only then write the update to firmware.
Why signatures matter so much:
- A compromised CDN can serve any bytes — TLS only protects the transport, not the content.
- A signature lets the device verify the bundle came from the real vendor, not from a network-level attacker.
- That's why a compromised mirror or CDN cannot push malware to a device that enforces signature checks: it can serve any bytes, but it can't produce a valid vendor signature over them.
Real-world failures:
- SolarWinds (2020) — attackers compromised the build server and injected malware before the legitimate signing took place. The signed update was real, but its content was malicious.
- ASUS Live Update (2019) — attackers stole the signing key, signed their own malware as ASUS, distributed to ~1M users.
- These are why reproducible builds + transparency logs (sigsum, Sigstore) are increasingly used: anyone can verify what was actually built and signed.
Tip: "Just check the SHA-256" is insufficient without a signed hash. A man-in-the-middle who controls your network can replace both the download and the published hash. Always verify a signature, not just a hash.