With more devices connected to the internet than ever before, we’re all interested in finding out how the latest gadget will make our life easier. But usually, as consumers, the furthest thing from our minds is how a device will stay up-to-date and if there is security built-in. Device manufacturers are more mindful of both of these things— and they need a way to execute updates to each connected device or system while maintaining security.
Over-the-air updates, often abbreviated “OTA,” are used by manufacturers to deliver important information to devices. The updates are sent over wireless connections to distribute provisioning information or software updates to a connected device, and ensure the device is in proper working order.
In today’s connected world, it’s much more convenient to send an improvement, bug fix, or upgrade to you wirelessly than requiring you to connect a device to a computer, or go to a storefront or service center to receive an update.
You are probably already familiar with OTA updates. A common example would be downloading the latest iOS on your iPad. In this scenario, the device manufacturer (Apple) develops and then pushes their updates out to their network of deployed devices (all iPads in consumer hands), you are notified a new version of the software is available, and you can choose to download it to your individual devices when it’s convenient for you.
OTA updates are prominently used for smartphones, tablets, and computers, and have been for some time. Now, with smart home systems, learning thermostats, and self-driving cars becoming more popular, OTA updates are used for these systems as well.
The importance of secure OTA updates is increasingly important as new devices come online. Business Intelligence predicts there will be more than 30 billion connected devices by 2020.
Any time a device is connected to the internet, it is exploitable. How OTA updates are sent can introduce more risks, like malware, downtime, physical safety threats due to downtime, and exposed personal information, so it’s crucial that over-the-air updates are transmitted over a secure channel to avoid these problems.
One of the reasons connected systems are often vulnerable is because they don’t receive regular updates, according to a researcher at Tripwire. Connected devices need OTA updates, but any data sent to or from the device should include a security component to protect users.
End-to-end security needs to be used for OTA and should be considered for all new connected devices at the time of manufacturing. Generally, a complete security solution for connected devices and OTA updates would include identity, authentication, encryption, secure infrastructure, firewalls, a management dashboard, and more.
Digital certificates play an important role in securing OTA. Certificates should be used to provide identity for each device and encrypt in-transit data. Certificates authenticate a user or device to establish they are the intended recipient of an update. They can also sign messages to ensure the data came from the correct source and was not tampered with.
This is just the beginning. Nearly 160 million vehicles around the world will have the capability to upgrade their systems with OTA updates by 2022. Security should be built-in at the time of manufacturing to protect millions of users and drivers in the future, but there are security options available after devices come off the line. To learn more about IoT security solutions, click here.