Remote updates for IoT devices: Securing your IoT ecosystem

blog-header-remote iot device update

The overall number of IoT (Internet of Things) devices in operation has boomed. There are now nearly 15 billion of these devices in operation, with experts predicting the number will reach nearly 17 billion within a year. 

The growth of IoT devices has increased the demand for remote IoT software updates. Software updates to IoT devices are crucial from a security perspective, but also to keep device firmware up to date with the latest developments.

But remote updates can be challenging when not properly implemented. And sending technicians out physically isn't really a viable option, even for small numbers of devices. 

In this article, we're going to look at what options exist for the Remote Update of IoT devices and how to best achieve an effortless remote IoT update process. 

Why remote update IoT devices is important

As the number of IoT devices grows, the need for remote update OTA ("Over the Air") becomes increasingly vital. These devices are often deployed in potentially unreachable locations, and IoT OTA updates serve as the key method to update them. 

From a security perspective, unpatched IoT devices can become potential points of vulnerability because of their deeply interconnected nature. Remote updates of devices can prevent such vulnerabilities or provide a means to rapidly respond to any attacks. This is especially crucial in sectors where a security breach can lead to widespread impacts​, such as:

  • Medical
  • Governmental
  • Energy
  • Financial Services
  • Transportation
  • Manufacturing
  • Telecommunications
  • Utilities
  • Defense
  • Education
  • Smart Cities

Remote updates enable companies to provide ongoing improvements to the device and to easily introduce new features. This not only increases the value of the IoT devices over time but also guarantees their continued compatibility with evolving technologies. 

Device maintenance costs are greatly reduced by remote update OTA. Conventional methods of updating IoT devices, such as manual updates using a direct PC connection, are logistically difficult and cost-prohibitive. Conversely, companies can implement a Remote Update of IoT devices in phases, unrestricted by the number or frequency of updates. Fleet managers can also execute updates on an individual basis or in groups. 

How do IoT devices update remotely?

Several strategies exist for IoT remote updates, including peer-to-peer structures and multi-tiered options. Regardless of the topology, the essence of remote IoT updates is that a robust backend communicates with devices securely and carries out an update process that can recover in case of errors. 

What about manual updates?

Manual updates are a hassle, to put it mildly. Even if a company only has a handful of devices in its fleet, sending technicians out to manually update devices suffers from several flaws, including:

  • Higher costs. (Implementing a full-scale IoT Remote Updates strategy was once also costly. But remote updates are now cheaper.)
  • Time-consuming.
  • Risk of human error.
  • Limited scalability.
  • Downtime during updates.
  • Inconsistent updates.
  • Reduced security.
  • Difficulty in tracking.
  • Inefficient use of resources.
  • Delayed response to issues.

Remote Update IoT Device: What's happening under the hood?

Under the hood, the procedure to Remote Update an IoT device is fairly intricate. When you remotely update OTA enabled devices, that procedure requires at least the following steps: 

  • Compiling an update on the backend. (This requires huge system resources for Android devices.)
  • Testing the compiled package.
  • Signing the package.
  • Automatically pushing it to an update server
  • Checking for updates.
  • Secure download of an update package.
  • Verifying the package.
  • In some cases, a user might need to be notified of the update, although many enterprise solutions carry out updates automatically.
  • Preparing for installation.
  • The device installs the update with minimum-possible downtime.
  • Reboot.
  • At any stage, the device must be able to recover from a failed update.
  • Cleaning up unnecessary files on the device.
  • Reporting securely to the update server if the update was successful or not.

As you can see, a successful remote IoT software update requires robust protocols at both the backend and the frontend. The infrastructure and resources required in the backend are quite enormous. 

On the backend, providers need to invest in the following:Android-OTA

  • Developers
  • Quality Assurance Engineers
  • Security analysts
  • Systems administrators
  • Network engineers
  • Database managers
  • Product managers
  • Legal and compliance experts
  • DevOps engineers
  • Cloud infrastructure
  • Version control systems
  • Security certificates and keys
  • Backup and recovery systems
  • Scalable server infrastructure

Creating your own backend infrastructure for existing devices isn't realistic unless you're a massive B2C provider of devices. To facilitate OTA updates, companies with custom devices usually end up doing manual updates or looking for a trustworthy third-party service provider to do the remote IoT software update. 

How to achieve remote IoT software updates

The three most popular methods for achieving a Remote Update of IoT devices are: 

  • Edge-to-Cloud (E2C)
  • Gateway-to-Cloud (G2C)
  • Edge-to-Gateway-to-Cloud OTA updates (E2G2C)

Edge-to-Cloud (E2C)

In E2C updates, the IoT device communicates directly with the update server, and the update server sends updates directly to the device. This strategy is most common in consumer devices. 

In an E2C context, you can update devices separately from each other. Any errors in the update therefore don't bring the entire fleet down. 

Gateway-to-Cloud (G2C)

In a G2C strategy, gateways exist to oversee an array of IoT devices. When an update is ready, it gets sent to this central gateway that receives, processes, and disseminates the OTA update to IoT devices. 

This strategy is typically used for devices that don't have direct internet access or for devices with less sophisticated computational capabilities, such as IoT embedded systems

This strategy is especially secure and is therefore favored by sectors that handle sensitive information, such as finance and health. But this strategy also has a single potential point of failure: The Gateway. 

Edge-to-Gateway-to-Cloud OTA updates (E2G2C)

In the E2G2C scenario, a central gateway still exists, but the gateway does not execute the update itself. It simply receives it and then forwards it to the device, which then executes the update. 

In this scenario, the Remote Update IoT devices don't need to have internet connectivity, but they must be powerful enough to run through an entire updating procedure, including recovering from any failed steps. 

Challenges and best practices to remotely update OTA

Here are some common challenges and best practices when performing a Remote Update of IoT devices.

Context-aware remote IoT software updates

When IoT devices are in constant use, updates can disrupt work processes if they're carried out while the device is performing a primary task, causing downtime. Updates should ideally be carried out when the device isn't actively working on its primary function. 

If you use a third party to remote update IoT devices, check that the service provider offers the ability to schedule updates according to your business's needs. 

Plan for connectivity issues

IoT devices may experience connectivity issues that make it difficult to receive and perform OTA updates. To avoid bricking devices, we recommend performing a connectivity test before remotely update OTA enabled devices. Devices that are unable to sustain the connection should be removed from the update list and scheduled for maintenance​. 

Prepare for recovery from failed or interrupted updates

OTA updates should ideally succeed completely or fail completely. In the case of failure, the device should be able to recover functionality and alert someone of the failure. 

Reduce security risks when remotely update OTA

After a remote update, it's essential that the device carries out an integrity check once the update is completed. Also, OTA updates should only be performed over encrypted communication channels, including any local connections between devices and the network​. 

Learn from customer challenges

If you're managing devices on behalf of customers, consider the potential effect on their business when you Remote Update an IoT device. Provide a feedback loop to ensure updates run smoothly and don't interrupt critical production when you remotely update OTA enabled devices. 

How to carry out IoT device remote updates with emteria

Emteria is a third-party Android OS provider that facilitates the procedure of remotely updating IoT devices. Emteria has its own enterprise-friendly version of the Android OS, and it has also built the necessary infrastructure to manage every aspect of IoT updates from the backend to the frontend. 

Download OTA update management check list
Learn more about how to effectively scale device fleets that meet critical security requirements like OTA update management.
Get check list

Emteria.OS, a freely downloadable, modified version of Android OS for enterprises, has been built from the bottom up to allow for effortless Remote Update of IoT devices. The operating system runs on many different hardware configurations out of the box, and devices can be easily provisioned using emteria's browser-based remote management system, Device Hub

Using the Device Hub, you can trigger OTA firmware updates for Android (FOTA updates). 

The Device Hub serves as a unified platform for Android fleet management, allowing for streamlined administration, monitoring, and maintenance of an Android fleet. It's a full-scale Mobile Device Management (MDM) platform that lets you manage both emteria and other Android devices, provided the devices have been provisioned for it. 

Using Device Hub, you can easily implement any of several update strategies with your Android device, such as: emteria-Device-Hub

  • Automatically scheduled updates.
  • Updating the device only when it's idle.
  • Manually triggering updates.
  • Updating the entire fleet or updating only a subset of it down to just a single device.
Remote Update of IoT devices is thus greatly simplified. Emteria itself takes care of the backend infrastructure complexities, while fleet managers are empowered to manage the specific devices they're in charge of.

Build unique Android products, keep them up-to-date

See why emteria is the chosen Android™ customization & management platform for product builders — build Android products based on your requirements and keep them up-to-date.

Book live demo

Table of contents

emteria Demo
See emteria in action