Over-the-Air Updates for IoT: What They Are and How to Approach Them
Get foundational knowledge on Over-the-Air (OTA) updates. Learn how OTAs work with different IoT architectures, common challenges, and how to make your OTAs successful.
Ready to build your IoT product?
Create your Particle account and get access to:
- Discounted IoT devices
- Device management console
- Developer guides and resources
If you’ve stumbled upon this guide, you’re likely combing the Internet to discover what goes into successful, reliable over-the-air updates to Internet of Things-connected devices. Well, you’re in the right place.
Maybe you manage or sell connected products at your organization, or perhaps you’re simply exploring the nuances of over-the-air updates to see if they’re a viable consideration for your products. Regardless of what stage you’re at on your IoT journey, we think you’ll learn something here. In this short guide, we’ll cover:
- What OTAs are
- How OTAs work
- How you can apply OTAs to your current or future products
What Is an Over The Air (OTA) Update?
An OTA update (often just called an OTA) is the remote delivery of new software, firmware, or other information to Internet-connected hardware.
“Remote” is the key word here. If you have a smartphone or a laptop, you’ve almost certainly authorized an OTA and enjoyed new software without visiting an Apple or Dell storefront. For emergency and commercial vehicles, electronic bikes and scooters, smart thermostats, and most other smart devices, OTA rollouts happen all the time.
That said, rolling out successful OTAs is far easier said than done—and unfortunately, OTA-related horror stories aren’t few or far between.
- In July 2021, Google bricked Chrome OS devices by pushing an update with a typo into production.
- In July 2019, security researchers from the U.K. revealed that many smart cars were vulnerable to hackers via their OTA functions.
- In August 2017, a smart lock company bricked its own devices with an OTA update.
Mistakes happen to the best of us, but a great way to avoid them (and stay out of the news) is to have a deep understanding of how OTAs work.
How Do OTA Updates Work?
The smartest companies always consider their device management approach before they start building a solution. The two most common ways that teams maintain healthy and functional connected devices involve the use of OTAs or manual updates, wherein a technician physically alters the hardware or uploads firmware to individual devices.
Depending on the situation and the products in question, both approaches make sense—but what rarely makes sense is switching from OTAs to manual updates or vice versa. Ultimately, the upfront decision needs to scale as you accumulate more customers and sell more devices.
Let’s take a look at each approach in more detail.
OTA Updates vs. Manual Updates
While both approaches have validity, consider this: Making manual updates becomes impossible when proximity between technicians and devices becomes an issue and when there’s a higher volume of devices than technicians can keep up with. (You can learn more about this in our guide to IoT device management.)
Here are the key differences:
Volume and Proximity Agnostic vs. Volume and Proximity Dependent
Being able to push OTA updates to your entire fleet or a subset of your fleet means that your device-to-technician ratio is irrelevant. You expend the same effort and cost to push the OTA to one devices as you would to push an OTA to thousands.
Manual updates rely on truck rolls to send technicians to the physical locations of the devices, which limits how quickly you can update your fleet.
Cost of OTAs
OTA updates can reduce your operational costs significantly. They reduce truck rolls, allow you to add functionality, and patch security vulnerabilities in a cost-effective way.
Manual updates require costly truck rolls to diagnose issues and update devices in the field. Depending on how remote your devices are, this can be a major cost driver.
Can OTA Updates Be Applied at Different Layers?
The short answer to this technical question is yes—with Particle.
Connected products often have two different layers: a firmware layer and an application layer. For example, Particle Device OS, an embedded IoT operating system, handles the “abstraction” piece connected products need.
Essentially, Particle Device OS provides all connectivity, networking, and low-level interactions that communicate with the hardware we make, which our customers then purchase and use. The application layer is typically the software our customers have built—the actual sensing and business logic behind the project. Together, our firmware and its applications make a good pair.
You can conduct firmware and application updates separately with this kind of setup as long as there is clear communication between the firmware provider and the application developers. For instance, if a developer wants to deploy multiple bug fixes and launch a new piece of functionality, they need to confirm with the firmware provider that the current version can support the launch.
Common OTA Update Architectures for Connected Devices
Do any research on actually deploying OTA updates for connected devices and you’ll likely come across the phrase “OTA update architectures” and new architectures like Asset OTA. We’ll highlight three such architectures today, emphasizing edge-to-cloud because that’s Particle’s specialty.
1. Edge-to-cloud
This architecture is perfect if you only want to monitor and upload a few variables at a time. It works well for non-processing-intensive applications with a small number of sensors, and is also a great choice in industrial monitoring use cases.
Consider an air conditioning unit that uses an edge device like our product Monitor One. This lower-processing and generally lower-power piece of hardware is made to monitor just a few variables—in this case, the status of the refrigerant line in terms of pressure and temperature. If those are the only pieces of critical data desired and there’s no need to perform DSP or FFT operations on the edge, this would qualify as a low processing-intensive application that’s a perfect candidate for edge-to-cloud architecture.
2. Gateway-to-cloud
Gateway architectures are necessary when you have a central repository that collects tons of data streams from multiple sensor nodes. They are perfect for projects with 50+ variables that require way more processing power than an edge solution. To manage all that information, companies invest in processors with high computing power—think Linux or Windows machines—and developers must then build OTA updates for the processing system.
3. Edge-to-gateway-to-cloud
This architecture brings the first two types together. In edge-to-gateway-to-cloud, OTAs must be made to both the processing system and the data-gathering edge devices and nodes. Often, our customers will deploy sensor nodes alongside the gateway solution of their choice.
4. Asset OTA
Asset OTA takes OTA architectures a step further by allowing the gateway device to coordinate and manage updates across all processors and components in an IoT system. The gateway bundles and delivers OTA updates over-the-air to peripherals, sensors, displays, vehicle ECUs etc.
With Asset OTA, users can update entire IoT infrastructures beyond just the gateway firmware. The gateway handles compatibility checks between interdependent components. Asset OTA brings comprehensive OTA updates to complex, heterogeneous systems.
Benefits of Using OTA Updates for IoT Deployments
Choosing to set up your embedded devices for OTA updates is a strategic, scalable solution that’ll keep your IoT deployments feasible from Day One.
A successful OTA update requires complex coordination between IoT hardware, device firmware, network connectivity, and an IoT device cloud. While that’s no small feat, OTA updates save weeks of manual labor and sky-high costs. Learn more about how Particle does it here.
Here are three ways OTAs benefit IoT deployments:
1. You easily can update products after they're deployed in the field.
Continuing to add new software features to a product and entire systems will improve its functionality and make your customers happy. As you innovate, all customers—past and present—reap the benefits.
2. You can rapidly address bugs and vulnerabilities at scale.
Companies can avoid recalls, truck rolls, and general panic by identifying and resolving issues with firmware OTAs. This can help you cross off many items on your IoT security checklist.
Addressing bugs and security vulnerabilities is a natural part of software development and managing IoT-connected products. It’s stressful for developers to quickly solve problems that cause outages and havoc for their customers, but once a solution is identified, developers can roll it out without having to coordinate technicians and on-site support.
3. You can innovate faster as a team.
When embedded solution architects and developers can quickly prototype and roll out new versions of device firmware, innovation abounds. With Particle, teams often cut versions of firmware automatically sent to their fleets—all with sensible safeguards to ensure responsible rollouts and monitor fleet health for changes and compatibility between components.
Common Challenges of Designing OTA Update Systems
To counterbalance the perks of OTA updates, you’re probably wondering if there are any challenges. Although there are, these are few and far between when you build on an integrated IoT Platform-as-a-Service.
That said, if you’re working off a SIM, mobile virtual network operator, or in-house deployment, you may struggle to find the right security solution, combat device bricking, and keep context awareness. Problems like this commonly occur when a company pieces together many point solutions.
Security
OTA updates can expose your devices to rogue firmware attacks because there are more entry points for malicious users. To truly secure your devices, we recommend only installing trusted firmware through secure boot functionality. After all, getting to market quickly should never come at the expense of building secure, reliable products.
To clarify, a secure boot is another layer of encryption and protection for your customers that involves authenticating your device's firmware and operating system against a known secure key placed on the device at the time of manufacture. Secure boot functionality helps you avoid man-in-the-middle attacks on the application or firmware itself.
In the U.K., secure boot is now a requirement for electric vehicles and EV chargers following a rash of incidents involving people tampering with charging stations.
Learn how Particle makes securing IoT devices easier.
Device Bricking
Without a platform like Particle, “device bricking” (or simply “bricking”) can be another OTA drawback. If you're not familiar, “bricking” is how manufacturers describe what happens when a developer breaks a device by pushing an OTA update, thereby turning the device into an expensive brick.
To avoid bricking, we recommend always keeping a copy of a previous version in your device’s memory when pushing OTAs live. That way, your devices can revert back if a new update fails.
If an update fails and you don’t have a copy of a prior version, recovery is often challenging or impossible. This is a major concern for legacy manufacturers with older devices, so stay mindful of the age of the firmware and the volume of application updates you make.
Context Awareness
Regarding context awareness, keep this golden rule in mind: Don’t force OTA updates when customers are using a device or the device is in the middle of a critical operation.
When possible, choose to push updates in the background or schedule OTAs outside of a product’s busiest hours. Sometimes that just can’t happen—and devices won’t always need to be updated at the same time—but using a platform with resumable OTAs to serve as a “catch-all” after the initial push, you can get creative with how your latest updates reach your customers.
Pushing OTA Updates and Choosing the Right OTA Service
OTA updates help maintain and improve your connected devices. Although these updates aren’t without challenges, the benefits of making changes at scale efficiently—and without draining resources like network bandwidth, storage, and computing power or data efficiency—far outweigh the difficulties.
If you’re considering this form of device management for your company, Particle can help. We offer OTA services and advanced architectures like Asset OTA for single devices, segments of fleets, and whole fleets. With our fully integrated Platform-as-a-Service, our OTAs are designed to avoid the common pitfalls that come with pushing OTAs over a homegrown tech stack.
Whether you’re in prototyping or production mode, we’re ready to partner with you and offer a cost-effective way to update your devices. Particle handles the hard parts of device management, including OTA updates, global connectivity, and access to hardware in the face of supply shortages. With Particle, launching solutions on time and within budget is easier than ever.
Learn more about our OTA services and advanced architectures like Asset OTA here.