[controversial97]

This reminds me of a thing from a few years ago, my vague memory is that it was by Travis Goodspeed.

A smart TV would accept a firmware update from a file on a standard USB stick.

The TV reads the file start to finish to check the digital signature then reads it again to update.

A device that is pretending to be a USB storage device can send a manufacturer firmware file the first time then send your unofficial firmware after.

[zrail]

Nice. This is a class of error with the delightful acronym TOCTOU (Time of Check to Time of Use) which is present in an astonishing number of places.

https://en.m.wikipedia.org/wiki/Time-of-check_to_time-of-use

[TeMPOraL]

No surprise, those are near-impossible to avoid. I mean, a simple:

  if(check(resource)) {
    use(resource);
  }

is already vulnerable, unless you somehow make the entire piece of code run atomically.

[X-Cubed]

One approach is to copy the data to a location that you control first (eg: RAM) and perform both the check and the use of that data from the trusted location. That can be difficult though on embedded devices with constrained resources.

[crtasm]

For a firmware update: read it into memory or copy it to storage you control first.

[hypercube33]

Correct me if I'm wrong but I think that's how Gameboy carts show custom logos bypassing the Nintendo copyright check thing - one logo to pass the internal check and another for display.