OTA update (over-the-air update)

History

OTA technology has grown more prominent with the growth of mobile devices and applications. Mobile operators and telecommunication third parties can send OTA updates through SMS to configure data updates in SIM cards; distribute system updates; or access services, such as wireless access protocol (WAP) or multimedia messaging service (MMS). OTA updates also enable mobile operators to activate user subscriptions. OEMs can use OTA updates to fix bugs through firmware and change the user interface.

The proliferation of IoT has led manufacturers to use OTA updates for autonomous vehicles, smart home speakers and other IoT devices. These manufacturers typically update their systems through unlicensed frequency bands, such as 868 MHz, and low data rate transmission protocols, such as 802.15.4.

Apple introduced OTA updates to iOS devices with the release of iOS 5.0.1. Previously, end users needed to connect the device to a computer using a USB cord and update the OS through iTunes. With OTA updates, however, Apple can deliver updates remotely in unencrypted zip files.

How they work

OEMs can deliver OTA updates to users in a few ways. From the end user's perspective, the OTA update can either be automatic or manual.

With an automatic OTA update, the back-end system of a mobile operator can push a firmware update to the end user's device. OEMs can use products that automate OTA updates, such as platforms from Smith Micro and Akamai, to manage and deploy OTA updates to their end users' devices. Devices that are in remote locations, such as IoT sensors, or devices that don't have frequent human contact, such as an autonomous vehicle, are good contenders for automatic OTA updates.

Manual OTA updates notify a user about an available update, and the user can accept or refuse to download the update on their device. Mobile carriers can also send an SMS message to all users who have a particular device, prompting them to dial a number to receive a software update when it is most convenient. For example, Verizon Wireless subscribers can dial *228 to either configure their mobile devices or update the preferred roaming list.

IoT devices can receive OTA updates in a variety of ways. With edge-to-cloud OTA updates, a microcontroller receives firmware images from a remote server to update the underlying hardware or application. Gateway-to-cloud OTA updates use an internet-connected gateway that receives updates from a remote server to update the software app itself, the software app's host environment or the gateway's firmware.

Benefits and drawbacks

OTA updates are a more efficient way for OEMs to fix bugs and update software than to manually upgrade each individual device. OTA updates can catch issues before devices launch, which can save OEMs time and money, as well as reduce the software development and quality-assurance (QA) process. OTA updates also enable OEMs to more easily update software on devices that are difficult to access, such as advertising displays. 

An OTA update is also convenient for end users because it prevents them from having to go to a physical store or connect to a PC to update their devices. Instead, the end user only needs to press a button on their smartphone to download a software update, for example.

There are some security risks involved with OTA updates. OEMs that don't properly secure their OTA update process can enable hackers to change the device's software. Attackers can push unofficial updates that introduce security vulnerabilities. For example, an OTA company called Adups, based in China, installed adware and spyware to collect personal information from devices.

To avoid security breaches, OEMs should encrypt and authenticate OTA updates and deliver them to end users via a secure protocol.