The billions of devices that will be connected to the IoT will be in service for many years and will need their software and/or firmware to be updated along the way. It looks like the solution will be over the air (OTA) updates – and that raises all kinds of issues.
The sentiment at the recent Hitex ARM user conference was that the embedded systems sector hasn’t quite realised the scale of the problem. While set top box and mobile phone manufacturers have got the hang of OTA, they have the benefit of controlled channels. When it comes to the IoT, it’s going to be a very messy business.
Any system being updated OTA will need to include, at a minimum, encryption/decryption, one way functions, digital signatures and hashing. “None of this is optional,” said Feabhas’ Niall Cooling. “You have to do it all because hackers won’t attack apps in the future, they will attack the system.”
While the solution is to plan for OTA software updates from day one, security still appears to be an afterthought for many embedded system designers. While some companies take steps to secure their IP, they don’t go much beyond that.
Perhaps the late, great Leonard Cohen had it right when he said: “I’ve seen the future, brother, and it’s murder.”
