The case for over-the-air software updates and patching the Internet of Things

Embedded systems have existed since the Apollo space program - the Apollo Guidance Computer in the Lunar Module is regarded as the first embedded computer, enabling the historic mission to land mankind on the Moon. Decades later, we are now in the age where embedded devices are being connected. The first wave was connected mobile phones, which have fundamentally changed the way we interact. As the Internet of Things continues to grow it brings great opportunities, yet it also comes with risks as embedded systems will no longer be static.

A critical element to reducing the risk is a secure process to deploy software updates over-the-air (OTA) to devices. There are three key reasons why this is necessary:

Delivering bug fixes

Steve McConnell wrote in Code Complete that on average, there will be 1-25 bugs and defects per 1,000 lines of code. For the embedded developer, having a risk-averse mechanism to safely deploy fixes to bugs and defects is absolutely necessary.

Patching known security vulnerabilities

The stream of press coverage of data breaches continues just as the IoT is emerging, making the topic of IoT Security especially big. The Jeep Cherokee hack came into the spotlight, with Fiat Chrysler announcing a recall of about 1.4 million vehicles in the US as a result of that hack. The costs kept rising up as Fiat Chrysler were required to do the software update manually (as opposed to over-the-air), either through USB drives or having each car brought into the dealership.

Deploying new features

In order to keep businesses running and delighting customers, the ability to safely provide OTA updates for new features is what will keep organizations competitive. Tesla demonstrated this by introducing 75 new features via OTA. Better navigation was one of the major updates in 2015 and Autopilot will also be delivered OTA. After the update, owners of the Model S will be able to have the vehicle park itself and keep a lane on the freeway.