BLOG
Reducing IoT Security Costs with Better Firmware Updates
As the number of IoT devices climbs from around 7 billion in 2018 to an expected 75 billion by 2025, companies today are seeing new challenges in administering all of these devices. Between the devices’ minimalistic hardware, lightweight operating systems, and geographic locations that include remote and even off-grid sites, we’re forced to look for new solutions to keep them online and safely operating.
One of the hardest updates to manage for IoT devices-or any computer for that matter-is firmware upgrades and patches. Firmware is code running on hardware that is critical to the hardware’s operation. It interacts with the hardware’s electrical components and includes programs like bootloaders, which begin interfacing with the hardware before handing off system management to the kernel.
(I recently delivered a talk on this subject at an IoT security webinar – check it out below.)
Traditionally, firmware isn’t updated that often, partially because embedded firmware is inflexible, difficult to update, and, when something goes wrong, can turn a device into an unbootable brick.
However, since there’s no such thing as bug-free code, device owners need to push frequent updates to keep our systems secure and functional.
Our IoT engineers at Very package device firmware by using Nerves, an open-source, fully customizable IoT platform that gives us complete control over what kernel modules to include, which bootloaders to use, and many other benefits. This includes direct access to an Erlang VM (virtual machine) for easy development in Elixir, a programming language that’s tailor-made for embedded devices.
To actually push those packaged firmware versions to the devices, we use NervesHub, an extensible web service that drastically simplifies this otherwise complex process by enabling over-the-air (OTA) firmware updates over an encrypted channel. This simplification directly translates to improving security and reducing costs in your IoT projects in a few key ways that I’d like to share.
NervesHub Supports Advanced IoT Security
On our client projects at Very, we see an immediate benefit from NervesHub when it comes to IoT security.
Because most IoT devices have such lightweight hardware, cybersecurity issues are traditionally a top concern for organizations that integrate these devices into their networks.
Since they often lack robust security features, hackers target IoT devices in otherwise secure systems, as demonstrated in 2016’s Mirai Botnet, where hackers used compromised IoT devices to launch a massive denial of service (DDoS) attack that crippled large portions of America’s internet.
Firmware vulnerabilities pose a special risk. When attackers get access to these foundational programs, they can install malware like rootkits, which are particularly difficult to detect and combat.
That’s why Nerves firmware development includes security from the very first prototyping. This starts with building a good root of trust, which means utilizing a hardware security module (HSM) – a dedicated security microchip – to build client-side SSL (Secure Socket Layer) into the device itself.
This setup makes secure OTA updates possible without having to manually log in to each device. When we discover a vulnerability, we get to work on a patch, and then we push that code out to devices in the field.
To guarantee a channel that’s secured against unauthorized access, the NervesHub server verifies each device’s identity by checking their client-side SSL certificate, while the devices in turn check the server-side certificate from NervesHub.
Essentially, this ensures that both sides are who they say they are, enabling us to protect our clients’ networks, prevent downtime, and stop the potential for costly data breaches.
Reducing File Size and Transmission Cost with Delta Updates
In addition to supporting the development of secure IoT devices, NervesHub reduces IoT admin costs with delta updates.
Basically, this means that we only send the parts of the code that we changed to the device, instead of duplicating information over the wire and being wasteful. Therefore, we can reduce the costs that we incur pushing to our fleet, and we can push more frequent updates.
This reduction of file size is critical because, in IoT, data transmission costs can seriously add up.
It’s not a big deal transferring 300MB for an update on a desktop computer that’s running an OS like Ubuntu or Windows if it’s on a local network because the costs are so trivial.
Many IoT devices, however, run on cellular networks in the field, and so that same update would cost $120 at $.40/MB.
When you multiply those costs across your entire fleet, it’s not hard to see why IoT firmware is so often neglected. Delta updates solve this problem by dramatically cutting patch sizes.
Blue-Green Deployments Add Another Layer of Security
The final way that NervesHub optimizes OTA firmware updates is with blue-green deployments.
This means that each device has two firmware slots, one with the current firmware version and one with the second most recent deployment as a backup.
Once we send an update, the new code overwrites the older firmware, and the previous code then becomes the backup as the updated firmware version takes over.
This is a major safeguard that gives us even more leverage to push frequent updates. Without blue-green deployment, patching firmware poses a serious risk, as even a small misstep can render a device useless, and fixing broken firmware is laborious, difficult, and expensive.
NervesHub bypasses this issue by guaranteeing that there’s always a working firmware copy on hand.
With the right safeguards in place, your device can automatically make the choice to be able to fall back to the known good version that it was on before, preventing bricks and allowing you to continue pushing firmware updates in the future.
Minimizing risk opens the door to innovation and prevents failures. That translates to direct ROI.
Conclusion
Ultimately, NervesHub takes the fear out of firmware updates. The security and redundancy safeguards reduce the attack surface and give us more control over our devices, while simultaneously granting one of the most valuable assets in the IT world: peace of mind.
On top of that, smaller delta updates are the perfect solution for IoT devices that lack easy access to affordable data links.
The last takeaway that I want to emphasize is how important it is to build all these systems into your project from the very beginning.
You shouldn’t just consider these things down the line; you should consider them early and often. You should always be questioning what costs you might incur by making certain decisions or by choosing certain technologies earlier in the project because they can have a large impact on your project moving forward.
That’s why Very takes a holistic approach to IoT development that plans ahead for firmware updates and integrates security best practices from the onset.
