Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been changed or corrupted since it was signed. The process uses a cryptographic signature/fingerprint to validate authenticity and integrity of the delivered software.
IoT devices are usually updated automatically without direct end user intervention. Because of this, software updates can be a key target for cybercriminals to add malicious code. These updates could be used to gather sensitive customer information and/or change the operating behavior of the device damaging the IoT vendors reputation. Without code signing, the IoT device vendor cannot guarantee that delivered updates isn’t modified by third parties.
