New FDA cybersecurity guidelines are out. Join the webinar to learn more.
New FDA cybersecurity guidelines are out. Join the webinar to learn more.

How To Avoid Post-Production Challenges with Software Update Planning

How To Avoid Post-Production Challenges with Software Update Planning

Cybellum’s Left to Their Own Devices podcast spoke with Northern Tech Co-founder & CEO, Eystein Stenberg who has a unique vantage point in preparing, deploying, and managing over the air (OTA) updates for IoT devices.

Developing IoT devices is a growing challenge as markets become increasingly saturated and devices are expected to repeatedly conduct specific tasks independently while being aware of their fleet.

IoT devices come in a range of complexity from a connected toaster or water meter, to a drone, medical device, connected warehouse machinery, and even a modern car. While the user experience is designed to be seamless, each device may come with multiple operating systems, electronic component softwares, and various interfaces. A toaster for example may have a system to manage the heating element, another to operate the LED display, and another for connectivity. So, when you are updating an IoT device, it’s not actually one update but multiple updates occurring simultaneously.

“How difficult can it be to update a device? You just download the binary from a web server and then you execute some code. But, that’s just the installation part,” explains Stenberg. He goes even deeper to say “There’s a lot of different stages to go through during a software update. Teams must check the comparability with the hardware and the software. Once that’s done, developers must conduct pre-installation checks, push the update, and then conduct post installation checks.” These post-installation checks can include checking the interoperability between internal components of a single device to check that all operations are working as intended. If even one of these components experienced a failed update or is showing some other sign of sub-optimal performance, a rollback may need to be conducted, bringing its own slew of potentially complex issues.

Post-production challenges rely on pre-production decisions

Tomorrow’s challenges remain unknown. That’s why developers need to consider OTA and maintenance capabilities well beyond the delivery date of a product to a customer.

For legacy devices, it was common for each company to develop their own operating system, creating proprietary software that was never meant to be connected or interoperable with technologies outside of its own organization. Time and experience has shown us that this soup of operating systems, components, and devices that don’t play well with others, creates difficulties later in the organization’s life, surrounding patching and cybersecurity vulnerabilities.

“I would say don’t reinvent the wheel. If you started 15 years ago, you would be excused for making a homegrown system,” said Stenberg. “Now there’s so many alternatives and I’m not talking just about Mender. [Mender is] open source and there are others out there as well that support solutions for doing OTA software updates. Should an update fail, you have to do rollback in case something goes wrong and report this to somewhere as well. What’s the status of the update, logs, etc. Then you have to hope that data logs give insights to just the right person who can figure out what really happened.” Eystein went on to explain that OTA updates can become a bit of a trap, presenting a simple problem with a simple solution that spirals out of control with the failure of one critical component.

If organization’s don’t think about post-production maintenance, the developmental challenges follow each device throughout its lifetime as teams demand dedicated resources from deployment through end of life.

Common sense cybersecurity is king

Some of the cybersecurity challenges faced by organizations post-deployment can be solved with common sense thinking, such as “How will this device be used in the field?”.

When considering an IoT device for example, what kind of access is needed? Are there extra ports that won’t be used? How often is information transferred and to where? “Usually, an IoT device would report some data points or request some services from the cloud, but rarely would you have a need for users to connect to the device itself locally,” said Eystein. When discussing physical security, he continued “Try to lock it down as much as possible in terms of ports or access.”

Without this key common-sense step, developers may insert proprietary data via SD card, which of course can be extracted. Even worse, it can be replaced with a malicious version that sends critical data back to a private server.

Finally, don’t hardcode usernames or passwords into any device. This invites DDoS attacks that quickly overwhelm systems that were never designed to handle large volumes of requests from low-data devices.

Recognizing the challenges in software updates

The growing reliance on software-defined devices brings with it an inherent demand for reliable over the air updates.

Unfortunately, it also breeds opportunities for hackers to gain access to critical data that can be used to manipulate critical systems. By prioritizing cybersecurity and thinking of what updates will look like into the future, organizations can better protect their devices against black-hat attacks.

Modern tools allow for organizations to forego building proprietary operating systems and basic applications in exchange for proven systems that are secure. Yet, without critical forward-thinking steps, organizations risk creating vulnerabilities in the core of their devices which may not be patchable until future generations of the device.

Listen to the full podcast and gain a deeper understanding of Eystein’s vantage point here.