Implementing Secured Software Updates for IoT Devices
Devices in the IoT are used in dynamic environments. The ability to install new software on devices is essential. Vendors of IoT devices have worked on highly automated software update processes to reduce customer interaction and minimize downtime of devices and their connected systems. From a security perspective, these automated processes represent possible entry points for attackers. If they are not properly protected, devices may be left open to manipulation, typically through the installation of malicious code on a device. This paper describes the architecture behind secured software update processes and what needs to be taken into account when implementing an appropriate architecture.