IoT and Updates Gone Wrong
One of the things about IoT is that many devices are, or will become, vulnerable to various exploits. There are a variety of reasons for this, but for the most part it can be broken down into two parts – not baking security in from the ground up and not including reasonable provisions for automated updates that patch and address known security issues.
The first part manifests itself in things like hardcoded passwords, backdoors that help device testing and hackers alike and a general lack of device hardening. The second part manifests itself in devices that may ship in a condition believed to be relatively secure but where vulnerabilities are eventually discovered and made widely known and available.
Putting on the Tinfoil Hat
With tinfoil hat firmly in place, one is tempted to trumpet that if only IoT device makers would enable OTA (over the air) updates and supply such updates for some reasonable period of time, that things would all be good, or at least considerably better. Of course this raises questions about what reasonable updates are and what a reasonable period of time would be – for example, when does an IoT enabled light bulb become obsolete?
Best Laid Plans…
Of course, there are cases where the needful is being done and OTA updates are being pushed to devices but it still goes pear shaped. For example, recent updates to Fiat Chrysler Uconnect vehicles (many 2017-2018 Chrysler, Dodge, Jeep and Ram) have resulted in that Uconnect infotainment systems entering a boot loop where the device reboots once every 45 seconds or so.
Fiat Chrysler is not alone. In 2016 Lexus ran into a similar situation where an OTA update resulted in a boot loop for certain 2014-2016 Lexus vehicles and some Land Cruisers as well. No good deed ever goes unpunished and those who were in these cases working hard to do the right thing – enable OTA updates to an important automotive component, found themselves scrambling to recover.
Obviously it is a Good Thing to update IoT devices, in particular things that are in or talk to cars and other vehicles where the wrong exploit could have very high consequences. That said, there is also a need to ensure that said updates can be delivered in a very robust manner, preferably with the ability to fall back to a non-bricked state in the even of a failure. In the world of mobile devices, technologies such as FOTA (Firmware Over The Air) have been fairly robust for years, with some implementations being able to recover from even severe insults such as a user pulling the battery in the middle of an update. While these techniques were used more with old timey feature phones, perhaps it is time to revisit not the need of updates, but rather the delivery of them.