In an era of supply chain attacks, ZTE has hardened its update framework with the following:

The client communicates with the update server exclusively over TLS 1.2/1.3. To prevent man-in-the-middle attacks, the framework pins the server’s certificate, rejecting any connection that does not match the pre-loaded certificate hash.

The framework is engineered for high reliability and minimal user disruption. It coordinates several critical stages of the update lifecycle:

| Type | Description | Typical Use | |-------|-------------|--------------| | | Complete system image | Major OS upgrades | | Incremental (delta) | Binary diff between versions | Security patches, bug fixes | | Module-specific | Modem firmware, bootloader, TEE OS | Critical component updates | | App-only | APK or container update | Preinstalled system apps | | Configuration | XML/JSON parameter update | Carrier settings, region profiles |

Software Update Framework 'link' | Zte Terminal

In an era of supply chain attacks, ZTE has hardened its update framework with the following:

The client communicates with the update server exclusively over TLS 1.2/1.3. To prevent man-in-the-middle attacks, the framework pins the server’s certificate, rejecting any connection that does not match the pre-loaded certificate hash. zte terminal software update framework

The framework is engineered for high reliability and minimal user disruption. It coordinates several critical stages of the update lifecycle: In an era of supply chain attacks, ZTE

| Type | Description | Typical Use | |-------|-------------|--------------| | | Complete system image | Major OS upgrades | | Incremental (delta) | Binary diff between versions | Security patches, bug fixes | | Module-specific | Modem firmware, bootloader, TEE OS | Critical component updates | | App-only | APK or container update | Preinstalled system apps | | Configuration | XML/JSON parameter update | Carrier settings, region profiles | It coordinates several critical stages of the update