Over the Air and Under Your Screen: The Magic of OTA Updates

A key, almost trademark feature of modern electronics is their ability to be updated wirelessly with help of the internet. Updates to games, device security policies, and even firmware are all bundled under the umbrella of over-the-air (OTA) updates. The advent of administering updates to technology over the internet revolutionized the way customer service for connected devices is carried out, eliminating the need to send a device back to the manufacturer to repair or upgrade it. Critical security updates can now be applied instantly, reducing the number of victims that would suffer in the time it took to have their device physically updated. This is a key functionality in mitigating the damage that could be caused by a data breach or other cyber-attack. The technology used to carry out such updates is also remarkable, especially when it comes to updating the firmware controlling the device’s hardware.

Due to the firmware being the base upon which all other software on a device runs, updating it poses certain challenges, such as how to optimize memory usage while also mitigating the possibility of an update malfunction. Two prevalent techniques for updating device firmware are binary replacement and delta updating.

Binary replacement is the simpler of the two, requiring the entire firmware binary file to be downloaded before the update can begin. Once the update is downloaded, some situation-specific trade-offs must be made before updating. If the manufacturer wishes to include a rollback feature (ability for an old firmware to be re-installed in the event of a failed/compromised update) then they must allocate space equal to three times that of the device’s firmware. The advantage to including a rollback is that it becomes very difficult for a device to be disabled due to a failed firmware update, and not including a rollback can cause damage beyond the scope of another OTA update.

A delta update is a more selective, resource-saving strategy to applying firmware updates. This technique uses knowledge of the firmware version already on the target device, and only transmits the differences between the new and old versions, reducing the amount of data needed for the update. Once the device has downloaded the patch and enters update mode, however, there still remains the risk of errors resulting in a bricked device if proper mitigation steps are not taken.

As the computers in connected cars begin to drive the innovation and progress of the automotive industry, secure OTA update capability will be a necessity in automotive applications of the future. Administering firmware and security patches to vehicles not only protects user data and privacy, but their very lives as well. Despite being born to the mobile device industry, OTA technology will see its true potential in the automotive ecosystem.