How to Design Secure OTA Firmware and Software Updates for Modern Vehicles
The greater state of connectivity presents a host of exciting new opportunities for businesses, as well as certain technological challenges. The connected driver will expect more conclusive experience when it comes to vehicle updates. Just like smartphones, they’ll want their car systems to update seamlessly without their direct involvement. Autonomous driving as well assumes a lesser degree of “physical” involvement.
Thus, OTA technology is gaining more importance in the automotive industry as it is a backbone of efficient and remote operations in the future. Consider just one major issue – recalls. According to Stout Risius Ross report, software issues accounted for 15% of the all-industry recalls. OTA promises to reduce that number dramatically. By 2022, it is expected to save businesses over $35 billion in operational costs.
So What Does OTA Mean?
OTA (over-the-air) stands for a new technological way of delivering software and firmware updates to devices via Wi-Fi, mobile broadband and built-in functions in the device OS. “Over-the-air” means that there’s no need to connect the device to another one to install those updates. If you own an iOS or Android smartphone, you’ve probably installed a few OTA updates already.
What is FOTA?
This acronym stands for firmware over-the-air updates. The modern cars include “smart” hardware components (e.g., ECUs (Electronic Control Units) of ADAS systems) helping drivers with navigation, providing alerts or notifications during driving or even taking control of a car to avoid collisions and accidents. For instance, Tesla is now working on an advanced autopilot, capable of avoiding potholes on the road.
Such safety-critical systems require continuous updating to meet high technical requirements to quality, security and efficiency of such functional safety standards as ISO 26262.
Instead of asking the vehicle owner to drive in for maintenance, automotive companies can leverage over-the-air programming to remotely update a system. However, the embedded hardware must come with OTA support for this to work.
Firmware over-the-air (FOTA) updates are aimed at fixing bugs, improving system’s functionality and replacing old firmware with a newer version.
The Benefits of Over-the-Air Firmware Updates
- Cost efficient. OEMs can seamlessly manage firmware updates across a fleet of IoT devices from one unified interface. The costs significantly decrease over the entire lifecycle of a car.
- Continuous improvements. Bugs can be fixed and product behavior can be enhanced after the device lands in the hands of your consumers. This can potentially eliminate costly recalls and in-person maintenance.
- Improved scalability. FOTA updates enable manufacturers to add new features to infrastructure after the release without physical access to upgrade firmware.
- Faster time-to-market. Developers can test new features on selected devices and deploy frequently knowing that the products will remain stable. Firmware updates can be dispatched even while the vehicle is still on the production line or in dealer center.
What is SOTA?
SOTA stands for software over-the-air updates that enable file transmission, download and installation to a connected vehicle. SOTA updates are dispatched from a cloud-based server across a Wi-Fi or mobile network.
To decrease the file size, most manufacturers choose to send “delta” updates – the part of the file that needs to be changed. The software delta file, along with the security details specific to the vehicle are sent together as an “update package”.
Such over-the-air updates include upgrades to navigation software, controlling the car’s physical parts; updates to the electronic signal processing system; infotainment screens and instrument clusters.
The Benefits of Over-the-Air Software Updates
- Improved safety and compliance. OEMs can use SOTA updates to patch the known vulnerabilities, e.g. defective adapter plugs, instead of recalling the vehicles. Your business can respond to the legal and regulatory responsibilities faster and more cost-effectively.
- Better software quality. SOTA updates allow you to continuously amend your systems. Whenever you discover a new opportunity for improvement (e.g., a way to reduce vehicles fuel consumption), you can instantly deliver it to customers, instead of waiting to incorporate it in a new batch of vehicles.
- Timely updates. Ensure that your users are receiving the latest products from your business – new add-ons to the infotainment systems or navigation. For autonomous driving, regular OTA software updates will become crucial to ensure safe and smooth navigation and routing.
- Two-way communication. OTA data exchanges can happen both ways. By collecting data on the vehicle usage or performance and deploying analytics tools, OEMs can promote better customer experience and show customers that they care about them by issuing regular system updates. Additionally, you can gather intel for R&D and ensure preventive maintenance. Finally, you can also monetize your in-vehicle generated data using Caruso Dataplace – an innovative data marketplace for the mobility ecosystem. And you can enrich your solutions with additional data sources or white-label solutions purchased through this service.
6 Promising OTA Use Cases in the Automotive Industry
The list of manufactures delivering OTA updates keeps growing. Tesla is a known pioneer in the OTA space with their latest Tesla Model S cars coming equipped with a Wi-Fi router and embedded AT&T 3G data connection. Renault leverages Orange Business Services, which provide the SIM M2M cards used in R-Link-equipped connected cars. Audi uses an embedded T-Mobile 3G data connection for its newer models. Daimler has Car-to-X technology installed in the latest Mercedes-Benz models to enable seamless interactions and has been using Mbrace2 in-dash system in the SL roadster to accept OTA since 2012. Clearly, the race is on!
Struggling to identify the areas where connectivity and OTAs will make the most impact on your business, consider the following use cases.
1. Predictive Maintenance.
Telematics systems paired with OTA can collect and analyze vehicle usage data and predict the need for maintenance/parts replacements well in advance. OEMs can improve the performance of their vehicles based on actual data received from drivers, run remote diagnostics and deliver software updates. Drivers can receive OTA updates to hardware and, if needed, additional instructions and directions to the nearest service center. All of this helps brands deliver a better experience.
Case in point: Tesla recently partnered with Orange telecom to offer a better suite of services to their French customers. Using their in-car data plan, customers can run remote diagnostics and receive SOTA updates, access driver assistance and web browsing services. Tesla, in turn, can seamlessly dispatch updates to the autopilot unit so that drivers could access the latest innovations.
Fleet managers largely benefit from predictive maintenance as well. It allows them to streamline their schedule, experience less downtime and optimize inventory management for spare parts. Read more about how new technologies like IoT, ML and Big Data can improve fleet and asset management.
2. Biometric Services and Remote Access Management.
Biometric security solutions are held in high regard – 23% of US consumers; 26% of UK consumers and 40% of German consumers name biometrics as the most preferable and secure way for their authentication.
As the market for shared on-demand vehicles (Mobility as a Service/MaaS) keeps growing in numbers – by 2030, it will be worth $1.4 trillion in the U.S., the E.U. and China – manufacturers need to look for better ways to enable secure multi-usage for cars.
Vehicles in the car fleet can incorporate bio authentication mechanisms for granting access to the rented car (e.g., through fingerprint scanning). Fujitsu, for instance, recently developed a FIDO-compliant authentication system, backed by OTA, that can effectively identify individual users/car owners/car sharers.
Digital keys are another way of modernizing and streamlining vehicle access. Infopulse team has recently developed an innovative solution powered by NFC technology for a leading German OEM.
3. Pay Per Use Insurance.
Partner with innovative players in the insurance market to deliver personalized protection to your customers based on their needs and requirements. Over-the-air technology can be used to dispatch data on the vehicle’s current condition and usage to the insurer, who will, in turn, propose either of the following options:
- Pay As You Drive (PAYD) assesses driving frequency to price the insurance package.
- Pay How You Drive (PHYD) rewards responsible drivers who are consistently behaving well on the road.
For instance, Viasat, a popular service operator for insurance companies, recently started providing connectivity solution that enables telematic devices in the vehicles to send/receive data, text messages, or calls. OEMs can choose either develop a similar solution or sign partnership deals with insurance providers offering proprietary technology.
4. Voice-Guided Business Services.
Cars are gradually rising to the status of a “moving computer” as drivers want to get more things done on the go. To cater to the segment of ever-busy professionals, OEMs can provide email access as well as calendar and location integration with satellite navigation in the car.
Mercedes, for instance, already offers an “In-Car Office” as part of Mercedes me connect service for the C‑Class and GLC. The driver can synchronize their smartphone with the onboard computer and have the locations of calendar entries automatically transferred to the car’s navigation system; and can also hop onto a telephone conference on the basis of a calendar entry.
In the future, instead of touch screens the drivers could rely on voice to activate the business features and manage their chores on the go.
OTA software updates can be delivered to ensure that the driver always has the latest version of the software installed. This suite of services is particularly relevant to corporate car fleets, where owners expect their drivers to be “always on”. With driverless experience not so far away, business tools integration to cars will only grow in-demand.
5. In-Car Shopping Experience.
Per Xevo survey, 71% of drivers state that they’d want the vehicle’s infotainment system to support ordering food, coffee, groceries or arrange pick-ups for those. Connected commerce is a brave new world of business opportunities, worth approximately $230 billion.
GM is among the first brands to explore it. The automotive giant has signed up a partnership deal with several popular retailers including Starbucks and Dunkin’ Donuts to enable seamless shopping experience. Using the car’s infotainment system, drivers can place advance orders and pay for a range of services and products including fueling, parking, hotels, food, and dinner reservations. For every in-dashboard transaction, GM receives a commission and, at the same time, raises their profile with the customers who greatly enjoy the on-the-drive purchasing experience.
With the help of OTA, new services can be quickly added to the onboard computers without the need for the customer to install anything manually.
6. Personalized Updates.
Connect with your drivers on a more granular level and deliver custom updates based on their needs and driving behaviors. Fleet managers may want to deliver more proactive management to certain drivers, known to exhibit riskier behavior on the road.
OTA server can be configured to deliver different types of updates to different devices. For instance, you may choose to add a software patch limiting the maximum speed for certain vehicles in your fleet.
OEMs can follow a similar approach and deliver unique upgrades to selected customers. Tesla’s Ludicrous mode is a prime example of an update that some customers found attractive, while others didn’t really care for.
To develop a better take on what OTA is and how it can be technologically implemented, read our detailed case study, where we examine the OTA process architecture and security.
How to Approach OTA Firmware and Software Development
The best OTA implementation strategies are aligned with the nature of the hardware in question for “smartification”, the current system architecture and the technological choices. For instance, you can choose between developing an OTA firmware system from scratch or purchasing a managed OTA firmware solution from a vendor. The latter assumes faster implementation, but a lesser degree of control and customization of the final system.
If you choose to develop a solution from scratch, consider either of the following update OTA frameworks:
Edge-to-cloud OTA updates: An ECU microcontroller installed in the vehicle can receive firmware OTA packages from a remote server. The package can include upgrades to both the microcontroller’s underlying hardware capabilities (FOTA) and updates to applications running on those (SOTA).
Gateway-to-cloud OTA updates: An Internet-connected gateway (for instance, a telematics system), in charge of managing a set of local edge devices, can receive updates from a remote server. These updates can be aimed at improving all or some of the installed software applications, the app’s host environment, and/or the gateway device’s firmware.
Edge-to-gateway-to-cloud OTA updates: An internet-connected gateway manages a group of locally connected edge devices. These devices receive remote firmware updates via the gateway.
The best architecture set up will largely depend on the type of IoT product you are working with and the kind of final system you envision. Consult with professional developers to get more in-depth explanations of the technical characteristics of different systems.
Questions to Ask When Considering OTA Updates Implementation
How secure will be the new OTA mechanism? IoT security has received some bad reputation back in the early days. Even Hollywood tried to capitalize on how staggering a cyber attack on connected cars could look like.
While celebrities’ take on connected car security is largely overblown, there are indeed some valid concerns you should address. Utmost care should be taken to ensure the security of cloud infrastructure storing and supporting the delivery of software. Specifically, you should design a security chain of trust to ensure that only updates from trusted sources can be installed. And that trust can be validated starting from the end entity and up to the root certificate. Another necessary measure is Denial of Service prevention system as those are often stages against IoT tech.
How the OTA authentication process will look like? There are different mechanisms worth exploring. For example, SOTA update application and the cloud server can be programmed to cross-authenticate each other. This way you tackle two issues at once:
- Prevent the software being made available to a 3rd party.
- Ensure that the server is not dealing with a stolen identity.
Additionally, implement added security to protect private keys so that they could not be compromised by any malicious party.
What kind of security monitoring will be in place? Your new OTA system should allow for logs and audit of critical events. Every critical transaction, error and/or anomaly should be logged and assessed.
Do you have a mechanism for reverting OTA updates? OTA rollbacks are essential to prevent and mitigate possible failures. In case an update fails to install, make sure that the OTA client is capable of reverting the ECU to the last working version.
Does the OTA system leverage container technology? Container technology allows seamless functioning across diverse software and hardware environments. We advise reading our previous post about using cloud containers in DevOps to develop a better grasp of the matter.
How can you minimize the resources usage for OTA updates? Striking the optimal balance between network bandwidth, storage, compute and cellular data will be essential to drive down the costs of delivering OTAs.
Over-the-air technology may initially appear too complex and too costly to implement. But failure to deliver greater connectivity can stagger your business growth in the future. Market leaders are already exploring how OTA updates can be applied towards recall, non-recall updates and security corrective issues. At the end of the day, those cost of recalls will outweigh the cost of rolling out an OTA system.