Smartphones On
smartphones, tablets, and other devices, an over-the-air update is a firmware or
operating system update that is downloaded by the device over the
internet. Previously, users had to connect these devices to a computer over
USB to perform an update. These updates may add features, patch
security vulnerabilities, or fix
software bugs. The two main mobile operating systems are
iOS and
Android. iOS gained support for over-the-air updates in
iOS 5. iOS updates are distributed exclusively by Apple, resulting in wide availability and relatively high adoption rates. Major iOS releases are usually installed on 60%–70% of iPhones within a few months of release. Android OTA updates are device-dependent, and are not distributed by Google but by
device manufacturers and sometimes
wireless carriers. This has led to inconsistent availability of updates, and to
Android fragmentation. and led to security concerns due to delays in the distribution of security updates. Google reduced Android fragmentation through the 2017
Project Treble, which allows OEMs to release OS updates without needing to re-test hardware drivers for each version, and the 2019 Project Mainline, which allows Google to update Android components through its
Play Store without requiring a full OS update.
Windows Phone OTA updates were usually distributed by
OEMs such as Nokia, and sometimes
wireless carriers. OTA updates for Windows Phone devices labelled
Microsoft Mobile were usually distributed by Microsoft.
Automotive Cars can support OTA updates to their
in-car entertainment system, navigation map,
telematic control unit, or their
electronic control units (the onboard computers responsible for most of the car's operation). OTA updates provide several benefits. In the past, Volkswagen had to recall 11 million vehicles to fix an issue with its cars' emissions control software, and other manufacturers have instituted recalls due to software bugs affecting the brakes, or the airbags, requiring all affected customers to travel to dealership to receive updates. OTA updates would have removed the need to go through dealerships, leading to lower warranty costs for manufacturers and lower downtime for customers. OTA updates also allow manufacturers to
deploy potential new features and bug fixes more quickly, making their cars more competitive in the market, and resulting in an increased pace of product improvements for consumers. For example, OTA updates can deliver improvements to a car's
driver assistance systems and improve the car's safety. Attack vectors specific to OTA updates include "
spoofing, tampering, repudiation [attacks],
information leakage,
denial-of-service,"
replay attacks, and
privilege escalation attacks. Example scenarios include a hacker successfully interrupting an ongoing update (deemed a "flashing fail"), which may corrupt the car's computer systems and make the car malfunction later on; another scenario is "arbitrary flashings", in which hackers trick the car into installing a malicious OTA update.
Sensor nodes are often located in places that are either remote or difficult to access. As an example,
Libelium has implemented an OTA programming system for Zigbee WSN devices. This system enables
firmware upgrades without the need of physical access, saving time and money if the nodes must be re-programmed.
Internet routers OTA is similar to firmware distribution methods used by other mass-produced
consumer electronics, such as
cable modems, which use
TFTP as a way to remotely receive new programming, thus reducing the amount of time spent by both the owner and the user of the device on maintenance. Over-the-air provisioning (OTAP) is also available in wireless environments (though it is disabled by default for security reasons). It allows an access point (AP) to discover the
IP address of its controller. When enabled, the controller tells the other APs to include additional information in the Radio Resource Management Packets (RRM) that would assist a new access point in learning of the controller. It is sent in plain text however, which would make it vulnerable to sniffing. That is why it is disabled by default.
Cellular networks Over-the-air provisioning (OTAP) is a form of OTA update by which
cellular network operators can remotely
provision a mobile phone (termed a
client or
mobile station in industry parlance) and update the cellular network settings stored on its
SIM card. This can occur at any time while a phone is turned on. The term
over-the-air parameter administration (OTAPA) is synonymous. Various standards bodies have issued OTA provisioning standards. In 2001, the
WAP Forum published the WAP Client Provisioning standard. After the
Open Mobile Alliance subsumed the WAP Forum, this standard became known as
OMA Client Provisioning (OMA CP). In OMA CP, phones are provisioned by "invisible" SMS messages sent by the cellular network, which contain the requisite settings. OMA CP was followed by a newer standard,
OMA Device Management (OMA DM), which use a different form of SMS-based provisioning (called "OMA Push"). OMA DM sessions are always client-initiated. The "invisible" SMS does not contain configuration settings; instead, it tells the phone (the "DM Client") to connect to a DM Server (operated by the cellular network provider); once connected, the DM Server sends configuration commands to the client. ==OTA standards==