Hijacking deployed networks

If the autoupdate relies on dns, hijack dns?

SSL or just ip-based authentication?

Signed code? might need a private key.

Single point of failure gives you millions of machines. how secure?