Over-the-air update

Last updated

An over-the-air update (or OTA update), also known as over-the-air programming (or OTA programming), [1] is an update to an embedded system that is delivered through a wireless network, such as Wi-Fi or a cellular network. [2] [3] [4] These embedded systems include mobile phones, tablets, set-top boxes, cars and telecommunications equipment. OTA updates for cars and internet of things devices can also be called firmware over-the-air (FOTA). [5] [6] Various components may be updated OTA, including the device's operating system, applications, configuration settings, or parameters like encryption keys.

Contents

Terminology

The term over-the-air update applies specifically to embedded systems, [4] rather than non-embedded systems like computers. Before OTA updates, embedded devices could only be flashed through direct physical access (with a JTAG) or wired connections (usually through USB or a serial port).

Purpose

Over-the-air delivery may allow updates to be distributed at larger scales, reduce the cost of delivering updates [7] , or increase the rate of adoption of these updates.

Implementation

The distributor of these updates can decide whether users are allowed to decline these updates, and may choose to disable certain features on end-user devices until an update is applied. Users may be unable to revert an update after it is installed.

OTA updates are designed to be as small as possible in order to minimize energy consumption, network usage, and storage space. This is achieved by only transferring the differences between the old firmware and the new firmware, rather than transmitting the entire firmware. A delta of the old and new firmware is produced through a process called diffing; then, the delta file is distributed to the end-device, which uses the delta file to update itself. [8]

Industries

Smartphones

On smartphones, tablets, and other devices, an over-the-air update is a firmware or operating system update that is downloaded by the device over the internet. Previously, users had to connect these devices to a computer over USB to perform an update. These updates may add features, patch security vulnerabilities, or fix software bugs. The two main mobile operating systems are iOS and Android.

iOS gained support for over-the-air updates in iOS 5. [9] iOS updates are distributed exclusively by Apple, resulting in wide availability and relatively high adoption rates. Major iOS releases are usually installed on 60%-70% of iPhones within a few months of the update's release. [10] [11] [12]

Android OTA updates are not distributed directly by Google, but by OEMs (like Samsung) and wireless carriers. [13] This has led to inconsistent availability of updates, and to Android fragmentation. [11] [12] In the past, fragmentation increased the complexity of developing third-party apps for Android (due to inconsistent availability of the latest software frameworks on users' phones), [14] and led to security concerns due to delays in the distribution of security updates. [15] Google has reduced Android fragmentation through the 2017 Project Treble, which allows OEMs to release OS updates without needing to re-test hardware drivers for each version, [13] [16] and the 2019 Project Mainline, which allows Google to update Android components [16] and deliver security patches [17] through its Play Store, without requiring a full OS update. [16] Project Mainline significantly lowers the role of middlemen in delivering OTA updates. [18] [17] Since Android 8.0, Android OTA updates follow an A/B partition scheme, in which an update is installed to a second ("B") partition in the background, and the phone switches to that partition the next time it is rebooted; this reduces the time taken to install updates. [19]

Automotive

Cars can support OTA updates to their in-car entertainment system, navigation map, telematic control unit, or their electronic control units (the onboard computers responsible for most of the car's operation). [20] In cars, the telematic control unit is in charge of downloading and installing updates, [4] and OTA updates are downloaded through cellular networks, like smartphones. Cars cannot be driven while an OTA update is being installed. Before an update, the car checks that the update is genuine, and after the update completes, it verifies the integrity of all affected systems. [20]

OTA updates provide several benefit. In the past, Volkswagen had to recall 11 million vehicles to fix an issue with its cars' emissions control software, and other manufacturers have instituted recalls due to software bugs affecting the brakes, or the airbags, requiring all affected customers to travel to dealership to receive updates. OTA updates would have removed the need to go through dealerships, leading to lower warranty costs for manufacturers and lower downtime for customers. OTA updates also allow manufacturers to deploy potential new features and bug fixes more quickly, making their cars more competitive in the market, and resulting in an increased pace of product improvements for consumers. For example, OTA updates can deliver improvements to a car's driver assistance systems and improve the car's safety. [5] :138–139 [20]

However, OTA updates can also present a new attack vector for hackers, since security vulnerabilities in the update process could be used by hackers to remotely take control of cars. Hackers have discovered such vulnerabilities in the past, and many car manufacturers have responded by instituting vulnerability disclosure programs (a.k.a. bug bounty programs). [20] [21] Attack vectors specific to OTA updates include "spoofing, tampering, repudiation [attacks], information leakage, denial-of-service," replay attacks, and privilege escalation attacks. Example scenarios include a hacker successfully interrupting an ongoing update (deemed a "flashing fail"), which may corrupt the car's computer systems and make the car malfunction later on; another scenario is "arbitrary flashings", in which hackers trick the car into installing a malicious OTA update. [5] :141–142

Internet of things (IoT)

More recently, with the new concepts of Wireless Sensor Networks and the Internet of Things (IoT), where the networks consist of hundreds or thousands of nodes, OTA is taken to a new direction: for the first time OTA is applied using unlicensed frequency bands (868 MHz, 900 MHz, 2400 MHz) and with low consumption and low data rate transmission using protocols such as 802.15.4 and Zigbee. [22]

Sensor nodes are often located in places that are either remote or difficult to access. As an example, Libelium has implemented an OTA programming system for Zigbee WSN devices. This system enables firmware upgrades without the need of physical access, saving time and money if the nodes must be re-programmed. [23]

Internet routers

OTA is similar to firmware distribution methods used by other mass-produced consumer electronics, such as cable modems, which use TFTP as a way to remotely receive new programming, thus reducing the amount of time spent by both the owner and the user of the device on maintenance.

Over-the-air provisioning (OTAP) is also available in wireless environments (though it is disabled by default for security reasons). It allows an access point (AP) to discover the IP address of its controller. When enabled, the controller tells the other APs to include additional information in the Radio Resource Management Packets (RRM) that would assist a new access point in learning of the controller. It is sent in plain text however, which would make it vulnerable to sniffing. That is why it is disabled by default.

Cellular networks

Over-the-air provisioning (OTAP) is a form of OTA update by which cellular network operators can remotely provision a mobile phone (termed a client or mobile station in industry parlance) and update the cellular network settings stored on its SIM card. This can occur at any time while a phone is turned on. The term over-the-air parameter administration (OTAPA) is synonymous. [24] [25] OTA provisioning allows mobile phones to remain properly configured when cellular network operators make changes to their networks. It also configures phones with the settings required to access certain features, like WAP (an early incarnation of the mobile web), MMS messaging, and cellular data (which requires the configuration of an Access Point Name).

The similar term over-the-air service provisioning (OTASP) specifically refers to the wireless initial provisioning ("activation") of a phone. During activation, a mobile phone is provisioned with parameters like its phone number, mobile identification number, and system ID, granting it initial access to the cellular network. OTASP is sometimes called over-the-air activation or over-the-air bootstrapping. The alternative to OTA bootstrapping is SIM bootstrapping, where the phone reads the network settings stored on a SIM card. SIM bootstrapping has limitations: settings stored on a SIM card may become stale between the time the SIM is manufactured and the time it is used; also, some phones (and other cellular client equipment) do not use SIM cards. [25] [26]

Various standards bodies have issued OTA provisioning standards. In 2001, the WAP Forum published the WAP Client Provisioning standard. After the Open Mobile Alliance subsumed the WAP Forum, this standard became known as OMA Client Provisioning (OMA CP). In OMA CP, phones are provisioned by "invisible" SMS messages sent by the cellular network, which contain the requisite settings. OMA CP was followed by a newer standard, OMA Device Management (OMA DM), which use a different form of SMS-based provisioning (called "OMA Push"). OMA DM sessions are always client-initiated. The "invisible" SMS does not contain configuration settings; instead, it tells the phone (the "DM Client") to connect to a DM Server (operated by the cellular network provider); once connected, the DM Server sends configuration commands to the client. [26]

OTA standards

There are a number of standards that describe OTA functions. One of the first was the GSM 03.48 series. The Zigbee suite of standards includes the Zigbee Over-the-Air Upgrading Cluster which is part of the Zigbee Smart Energy Profile and provides an interoperable (vendor-independent) way of updating device firmware.

See also

Related Research Articles

OMA SpecWorks, previously the Open Mobile Alliance (OMA), is a standards organization which develops open, international technical standards for the mobile phone industry. It is a nonprofit Non-governmental organization (NGO), not a formal government-sponsored standards organization as is the International Telecommunication Union (ITU): a forum for industry stakeholders to agree on common specifications for products and services.

Sony's LocationFree is the marketing name for a group of products and technologies for timeshifting and placeshifting streaming video. The LocationFree Player is an Internet-based multifunctional device used to stream live television broadcasts, DVDs and DVR content over a home network or the Internet. It is in essence a remote video streaming server product. It was first announced by Sony in Q1 2004 and launched early in Q4 2004 alongside a co-branded wireless tablet TV. The last LocationFree product was the LF-V30 released in 2007.

SIM Application Toolkit (STK) is a standard of the GSM system which enables the subscriber identity module to initiate actions which can be used for various value-added services. Similar standards exist for other network and card systems, with the USIM Application Toolkit (USAT) for USIMs used by newer-generation networks being an example. A more general name for this class of Java Card-based applications running on UICC cards is the Card Application Toolkit (CAT).

<span class="mw-page-title-main">City ID</span> Caller mobile identification service

City ID is Cequint's first-generation caller mobile identification service. City ID displays the city and state or country associated with the caller's telephone number. In partnership with mobile network operators, the City ID service is available on many devices from Alltel, AT&T, U.S. Cellular, and Verizon Wireless.

Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. Though closely related to Enterprise Mobility Management and Unified Endpoint Management, MDM differs slightly from both: unlike MDM, EMM includes mobile information management, BYOD, mobile application management and mobile content management, whereas UEM provides device management for endpoints like desktops, printers, IoT devices, and wearables as well.

Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008.

<span class="mw-page-title-main">HTC Dream</span> Android smartphone designed by HTC introduced in 2008

The HTC Dream is a smartphone developed by HTC. First released in September 2008, the Dream was the first commercially released device to use the Linux-based Android operating system, which was purchased and further developed by Google and the Open Handset Alliance to create an open competitor to other major smartphone platforms of the time, such as Symbian, BlackBerry OS, and iPhone OS. The operating system offers a customizable graphical user interface, integration with Google services such as Gmail, a notification system that shows a list of recent messages pushed from apps, and Android Market for downloading additional apps.

Movenda is a company that provides software products for Device & SIMCard Remote Management. Movenda works for mobile operators, Handset and SIMCard manufacturers, and mobile virtual network operators to accelerate the adoption of new technologies and services. The company is heavily involved in the mobile solutions sector.

<span class="mw-page-title-main">HTC Hero</span> Smartphone developed by HTC

HTC Hero is the third phone manufactured by HTC running the Android platform, announced on June 24, 2009 in London.

Rooting is the process by which users of Android devices can attain privileged control over various subsystems of the device, usually smartphones. Because Android is based on a modified version of the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.

<span class="mw-page-title-main">Hacking of consumer electronics</span>

The hacking of consumer electronics is an increasingly common practice that users perform to customize and modify their devices beyond what is typically possible. This activity has a long history, dating from the days of early computer, programming, and electronics hobbyists.

Google Play Services is a proprietary software package produced by Google for installation on Android devices. It consists of background services and libraries for use by mobile apps running on the device. When it was introduced in 2012, it provided access to the Google+ APIs and OAuth 2.0. It expanded to cover a variety of Google services, allowing applications to communicate with the services through common means.

<span class="mw-page-title-main">Wear OS</span> Smartwatch operating system by Google

Wear OS is a version of Google's Android operating system designed for smartwatches and other wearables. By pairing with mobile phones running Android version 6.0 "Marshmallow" or newer, or iOS version 10.0 or newer with limited support from Google's pairing application, Wear OS integrates Google Assistant technology and mobile notifications into a smartwatch form factor. Wear OS is closed-source, in contrast to the free and open-source Android.

<span class="mw-page-title-main">Windows 10 Mobile</span> Mobile operating system developed by Microsoft

Windows 10 Mobile is a discontinued mobile operating system developed by Microsoft. First released in 2015, it is a successor to Windows Phone 8.1, but was marketed by Microsoft as being an edition of its PC operating system Windows 10.

Google Fi Wireless, formerly Project Fi and Google Fi, is an American MVNO telecommunications service by Google that provides telephone calls, SMS, and mobile broadband using cellular networks and Wi-Fi. Google Fi uses the T-Mobile network. Google Fi is a service for US residents only, as of late 2023.

Android Things is a deprecated Android-based embedded operating system platform by Google, announced at Google I/O 2015, and launched in 2018. Android Things Dashboard shutdown began on January 5, 2021. After January 5, 2022, Android Things Dashboard has been shut down completely and all remaining data has been deleted.

<span class="mw-page-title-main">CopperheadOS</span> Mobile operating system focused on privacy and security

CopperheadOS is a mobile operating system for smartphones, based on the Android mobile platform. It adds privacy and security features to the official releases of the Android Open Source Project by Google. CopperheadOS is developed by Copperhead, a Canadian information security company. It is licensed under Creative Commons BY-NC-SA 4.0, although its source code is not available for public download.

<span class="mw-page-title-main">Android Oreo</span> Eighth major version of the Android mobile operating system

Android Oreo is the eighth major release and the 15th version of the Android mobile operating system. It was first released as an alpha quality developer preview in March 2017 and released to the public on August 21, 2017.

<span class="mw-page-title-main">PinePhone</span> Smartphone with Linux-based mobile operating system

The PinePhone is a smartphone developed by Hong Kong-based computer manufacturer Pine64, intended to allow the user to have full control over the device. Measures to ensure this are: running mainline Linux-based mobile operating systems, assembling the phone with screws, and simplifying the disassembly for repairs and upgrades. LTE, GPS, Wi-Fi, Bluetooth and both cameras can be physically switched off. The PinePhone ships with the Manjaro Linux-based operating system using the Plasma Mobile graphic interface, although other distributions can be installed by users.

References

  1. White, Elecia (November 2011). Making Embedded Systems: Design Patterns for Great Software. "O'Reilly Media, Inc.". p. 197. ISBN   978-1-4493-0214-6.
  2. "Definition of OTA". PCMag. Retrieved 2023-04-01.
  3. "Definition of Over The Air". Gartner. Retrieved 2023-04-01.
  4. 1 2 3 Kathiresh, M.; Neelaveni, R. (2021-04-24). Automotive Embedded Systems: Key Technologies, Innovations, and Applications. Springer Nature. pp. 94–95. ISBN   978-3-030-59897-6.
  5. 1 2 3 Maglaras, Leandros; Kantzavelou, Ioanna (2021-10-14). Cybersecurity Issues in Emerging Technologies. CRC Press (Taylor & Francis). doi:10.1201/9781003109952. ISBN   9780367626174.
  6. Rayes, Ammar; Salam, Samer (2019). Internet of Things From Hype to Reality: The Road to Digitization. Cham: Springer International Publishing. doi:10.1007/978-3-319-99516-8. ISBN   978-3-319-99515-1.
  7. "What are OTA Updates?". Mobility Connected. Retrieved 16 January 2024.
  8. Kachman, Ondrej; Balaz, Marcel (2016). "Effective Over-the-Air Reprogramming for Low-Power Devices in Cyber-Physical Systems". In Camarinha-Matos, Luis M.; Falcão, António J.; Vafaei, Nazanin; Najdi, Shirin (eds.). Technological Innovation for Cyber-Physical Systems. Springer Cham. doi:10.1007/978-3-319-31165-4. ISBN   978-3-319-31164-7.
  9. Savov, Vlad (June 6, 2011). "Apple's iOS 5: all the details". Engadget. Retrieved 2023-04-02.
  10. Rossignol, Joe. "Apple Reveals How Many iPhones and iPads Are Running iOS 16 and iPadOS 16". MacRumors. Retrieved 2 April 2023.
  11. 1 2 Mearian, Lucas (21 January 2022). "Apple: iOS 15 now installed on more than 60% of all iPhones". Computerworld. Retrieved 2 April 2023.
  12. 1 2 Evans, Jonny (31 May 2013). "Fragmented Android drives big dev to Apple". Computerworld. Retrieved 2 April 2023.
  13. 1 2 Amadeo, Ron (2017-05-12). "Google's "Project Treble" solves one of Android's many update roadblocks". Ars Technica. Retrieved 2023-04-02.
  14. "What is Android fragmentation, and can Google fix it?". Android Authority. 5 September 2016.
  15. Nguyen-Vu, Long; Ahn, Jinung; Jung, Souhwan (1 November 2019). "Android Fragmentation in Malware Detection". Computers & Security. 87: 101573. doi: 10.1016/j.cose.2019.101573 .
  16. 1 2 3 Amadeo, Ron (2019-05-22). "Android at I/O 2019: The Project Mainline update system and other highlights". Ars Technica. Retrieved 2023-04-02.
  17. 1 2 Siddiqui, Aamir (2020-10-10). "Everything you need to know about Android's Project Mainline". XDA Developers. Retrieved 2023-04-02.
  18. Amadeo, Ron (2020-09-23). "Android 11—The Ars Technica Review". Ars Technica. Retrieved 2023-04-02.
  19. Amadeo, Ron (2017-08-07). "Android 8.0's "streaming OS updates" will work even if your phone is full". Ars Technica. Retrieved 2023-04-02.
  20. 1 2 3 4 Halder, Subir; Ghosal, Amrita; Conti, Mauro (2020-09-04). "Secure over-the-air software updates in connected vehicles: A survey". Computer Networks. 178: 107343. doi:10.1016/j.comnet.2020.107343. ISSN   1389-1286.
  21. Gitlin, Jonathan M. (11 January 2023). "Hackers discover that vulnerabilities are rife in the auto industry". Ars Technica.
  22. Gascón, David; Alberto Bielsa; Félix Genicio; Marcos Yarza (9 May 2011). "Over the Air programming with 802.15.4 and ZigBee - OTA". www.Libelium.com. Libelium . Retrieved 28 May 2012.
  23. "Libelium.com 50 Sensor applications for a smarter world. Get inspired!". www.Libelium.com. Libelium. 2 May 2012. Retrieved 28 May 2012.
  24. Raghunandan, Krishnamurthy (April 1, 2022). Introduction to Wireless Communications and Networks: A Practical Perspective. Textbooks in Telecommunication Engineering (1st ed.). Springer Cham. doi:10.1007/978-3-030-92188-0. ISBN   978-3-030-92187-3.
  25. 1 2 Snyder, Randall A.; Gallagher, Michael D. (2001-04-05). Wireless Telecommunications Networking with ANSI-41. McGraw Hill Professional. pp. 374–376. ISBN   978-0-07-138358-5.
  26. 1 2 Brenner, Michael; Unmehopa, Musa (2008-02-28). The Open Mobile Alliance: Delivering Service Enablers for Next-Generation Applications. John Wiley & Sons. pp. 273–279. ISBN   978-0-470-51918-9.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.