Is there anyway to reload the software on the APs
is it possible to do a mitm attack on the software and therefore rogue software gets loaded onto the AP?. Like if someone is on your network and doing mitm on your router injecting code into the software on the AP?. Are updates signed with certificate pinning etc?
Yes, it does protect. If somebody tries to inject rogue firmware it just fails to load en returns to previous safe version.
No you can't manually reload firmware, it's all done trough AWS cloud. Read more at https://www.arubainstanton.com/techdocs/en/content/maintenance/mobile/firm-upgrd.htm?Highlight=updat...