Over-the-air update expert reminds us that the software update process is a critical component in deploying IoT devices.
The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of implementing security before bringing your embedded devices online. A more recent strain of Mirai caused network outages to about a million Deutsche Telekom customers due to poorly secured routers.
A secure and robust deployment approach for software updates to your connected device fleet is yet another of a myriad security considerations to take into account before you go into production. Deploying software updates mitigates against growing security risks.
One to 25 bugs and vulnerabilities exist per 1,000 lines of code, estimates Steve McConnell in his book Code Complete: A Practical Handbook of Software Construction. The ability to deploy new features over-the-air (OTA) without having to recall the entire device fleet can save manufacturers substantially on costs. A good example of the problems associated with not having this capability was demonstrated by Fiat Chrysler recalling at least 1.4 million of their vehicles in 2014 in order to install software to prevent hackers from gaining remote control of the engine, steering, and other systems. Since Fiat Chrysler did not have the capability to deploy this software update OTA, the vehicles had to be updated "by hand" via USB drives.
Deploying updates could help avoid serious breaches, such as the large DDOS Mirai botnet attack, by securing devices remotely once a vulnerability has been found. Specifically, in the case of the Mirai botnet attack, video camera and digital video recorder devices had simple default passwords and many of them had the password hardcoded into the firmware. Thus, the only way to change them was to deploy an update and install a patch.
There are two primary approaches to updates. One is an image-based approach in which the entire image is updated, including the root filesystem. The other is package-based, which allows the user to implement changes at the file-level.
We conducted a survey of embedded developers and found that 45.5% preferred image-based updates, while 18.2% preferred the package-based approach. The remaining 36% were indecisive as to their preferred technique.
The most cited reason image-based updates were chosen was the confidence in device consistency: It helped lower the risk of device downtime and the developers claimed they were certain that what was being evaluated in their test environment was exactly the same as the code being deployed to devices in the field. This approach also eases the design burden for atomic installations as many use a failover partition if there is a problem mid-update such as a power loss or a network connectivity issue.
Continue reading on Embedded.com.