Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Bluetooth Over-The-Air Firmware Update


Published on

Presentation at April 2017 SVIOS Meetup at Tile. Talking about connected and IOT best practices for implementing OTA firmware update (converted from Keynote version to upload to Slideshare).

Published in: Technology
  • @HuckThat Sorry, I don't check Slideshare comments that often. I've seen people try including the firmware updates with apps but since firmware and mobile teams are often on different schedules, this always ends up causing issues down the line. It also makes reverting back to older versions of the firmware harder. A much better way is to use the phone app as a gateway and have it check the server for updates then download and re-upload firmware to the device. The simplest way is to put the updates on a cloud service like Amazon S3 with a separate meta-data file. Another way is to use a third-party firmware update service. Full disclosure: I'm working on exactly such a service with end-to-end security, install analytics, A/B testing, and open-source mobile SDKs. Drop me a note at if interested to learn more. We're going to open up to beta testers in a couple of months. Cheers.
    Are you sure you want to  Yes  No
    Your message goes here
  • Ramin - thank you for sharing your experience and advice. My team is currently working on implementing an OTA Firmware update solution, as part of an iOS app, just wondering what your thoughts are in regard to the idea of including the firnware binary with the application package, to reduce the complexity of publishing it to a server and all the additional things that go with that approach. Of course, this would tie the firmware release to the release schedule of the app, but in a Continuous Delivery world, that may not be much of a downside. Have you seen this done, are there any gotchas we're unaware of?
    Are you sure you want to  Yes  No
    Your message goes here

Bluetooth Over-The-Air Firmware Update

  4. 4. FIRMWARE IS… ▸ Software that runs on an embedded device CPU ▸ App typically written in ‘C’ and compiled into binary ▸ First loaded onto device using a wired connection or ‘programmer’ device ▸ App runs on power on
  5. 5. TYPICAL CONNECTED DEVICE Hardware Firmware Phone App Server REST API
  6. 6. IF THERE’S A PROBLEM WITH YOUR PHONE APP… ▸ You push out an update to the App Store ▸ But what if there’s a problem with the firmware?
  7. 7. IF PROBLEM IS WITH FIRMWARE YOU CAN: ▸ Ignore it. Maybe no one will notice ▸ Ask user to plug into a USB cable and manually update ▸ Factory recall the device then update and send back ▸ Send a new device to every new customer
  8. 8. THERE’S AN EASIER WAY ▸ Over the Air Updates ▸ OTA ▸ DFU ▸ OAD
  9. 9. HOW OTA UPDATES WORK Firmware
 v2.0 binary Update
 Server 1 Version ? v1.0 App Firmware 2 OK App Firmware 4 Here’s
 2.0 I have
 v1.0? 3 App Update
  10. 10. DEVICE NEEDS ▸ Enough flash storage to keep 2 or more copies of firmware Current New Factory 
 (optional but recommended)
  11. 11. FIRMWARE NEEDS TO HAVE… ‣ Way to get firmware version, HW rev, and type ‣ Unique ID (if user has more than one) ‣ Switch to/from normal and update mode ‣ Detect incomplete/corrupt downloads ‣ Recover from bad update (bricking) Factory 
 (maybe not so optional)
  12. 12. ▸Manual ▸Always On ▸Software switch SWITCHING IN/OUT UPDATE MODE Normal Mode Update Mode Enable
 Update Power
  13. 13. HOW TO SWITCH INTO UPDATE WITH BLE ▸ Scan/connect normally ▸ Standard BLE Service has an ‘update mode’ characteristic ▸ Write ‘1’ into characteristic (for example) ▸ Firmware reboots, this time running Update BLE Service ▸ Scan for Update service ▸ Connect and transfer binary
  14. 14. HOW TO SWITCH OUT OF UPDATE WITH BLE ▸ Wait for download complete ▸ Checksum ▸ If OK, overwrite old firmware ▸ Restart into normal mode with new firmware ▸ If not OK, either request retransmit or go back to normal
  15. 15. RECOVER FROM BAD FIRMWARE/STATE ▸ Make it hard to accidentally invoke factory reset ▸ Overwrite current firmware from on-board factory version ▸ Should not require connection (may not be there) ▸ OK to lose cached data
  16. 16. ALSO, SECURITY…
  18. 18. COMPILED BINARY ISN’T GOOD PROTECTION IDA Pro Disassembler/Debugger
  20. 20. PRO-TIPS
  21. 21. END-TO-END ENCRYPTION Firmware
 v2.0 binary Update
 Server 1 Version ? v1.0 App Firmware 2 OK App Firmware 4 Here’s
 2.0 I have
 v1.0? 3 App Update
  22. 22. ENCRYPTION BEST-PRACTICES ▸ Use asymmetric public-key encryption ▸ Use digital signatures to verify devices ▸ Choose BLE chip with built-in crypto hardware ▸ Do full security audit/code review before launch ▸ If feasible, use a ‘secure enclave’ chip to hold private keys
  23. 23. PROBLEM WITH ON-CHIP DECRYPTION ▸ Need enough flash to keep 3 or more copies of firmware Factory (Optional) New (encrypted) Current New (decrypted) (Plus scratch space during decryption)
  24. 24. ENCRYPTION TRADE-OFF ▸ Bill Of Material Cost ▸ Processing Power ▸ Added Complexity ▸ Development Time $$$
  25. 25. PLAN B: DECRYPT ON PHONE OK App Firmware 4 Here’s
 2.0 I have
 v1.0? 3 App Update
 Server Requires 
  26. 26. DECRYPTING ON IPHONE (HOMEWORK) ▸ Don’t decrypt until absolutely necessary ▸ Go watch WWDC 2015 Video: “Security and Your Apps” ▸ ▸ If too lazy check out: SecureEnclaveCrypto library on GitHub ▸ ▸ Set up bonding/pairing between phone and device ▸ central-app-to-bond/
  27. 27. BARE MINIMUM FIRMWARE UPDATE SYSTEM ▸ Manual deployment checklist ▸ Web download site with SSL (i.e. Amazon S3) ▸ Firmware metadata (text file) ▸ Simple mobile SDK (REST to server - BLE to device) ▸ Firmware with OTA update + software toggle ▸ BLE hardware with 2x flash
  28. 28. A PROPER UPDATE SYSTEM ▸ Rapid firmware build and deploy (with encryption) ▸ Back-end update server (with SSL/TLS and REST API) ▸ Release workflow automation ▸ Mobile app SDK (REST to server - BLE to device) ▸ Push notification (or WebSocket support) ▸ Application UX/UI design templates ▸ Firmware with OTA update + software toggle ▸ Hardware support for OTA 
 (4x flash + crypto + factory reset) ▸ Device segmentation and analytics ▸ End-to-end encryption
  29. 29. THINK DIFFERENT ▸ Treat Firmware Updates like App Updates ▸ Release an MVP device then iterate quickly with new features ▸ Have different firmware for different markets (or users) ▸ Use serial numbers & encryption to avoid piracy ▸ Do not load final firmware at factory (!?!)
  30. 30. COUNTERFEITS ▸ Hoverboards ▸ the-weird-story-of-the-viral- chinese-scooter-phunkeeduck-io- hawk/ ▸ Saleae Logic Analyzers ▸ counterfeit
  31. 31. PLAN AHEAD ▸ Don’t leave firmware update support to the last minute ▸ Don’t host firmware updates on same back-end as app-server ▸ Always have a fallback plan / factory reset ▸ Design app UX with firmware update in mind ▸ Test, test, test
  32. 32. ▸ If all this seems too daunting… ▸ Get in touch: Q&A Thank You