How to prepare a device for secure remote updates
  1. Home
  2. Firmware
  3. How to prepare a device for secure remote updates

How to prepare a device for secure remote updates

May 23, 2025
|In Firmware, Hardware
|By Milton Resendes

The ability to update firmware remotely is no longer a luxury. In many cases, it is a technical and operational requirement, especially in systems installed in hard-to-reach locations or in products with long life cycles. However, allowing a device to receive updates in the field involves much more than simply adding an “update” function.

At Detus, we treat this topic with special care because we know that a poorly managed update can compromise the entire system. In this article, we outline the main principles we follow to ensure security, reliability and integrity in remote updates.

Why this is critical

An error during an update can cause serious failures, such as:

  • Devices that stop booting entirely, commonly referred to as bricks

  • Memory corruption or data loss

  • Systems left vulnerable to unauthorised modifications

  • The need for physical intervention to reprogram the device

This is why it is essential to design, from the beginning, a system that supports fail-safe updates, rigorous validation and safe rollback capability.

Key elements of a secure remote update

Robust and isolated bootloader

The bootloader is the code that manages both system startup and the update process. It must be logically separated from the main firmware and protected from being overwritten. That way, even if an update fails, the bootloader can still restore a functional version of the system.

Integrity verification

The firmware must be validated before being applied. This can include the use of cryptographic signatures, hash verification, or integrity checks based on cyclic redundancy codes (CRC).

Power failure protection

The system must be able to handle power interruptions during the update process. For this, the new version should only be written after full validation and must never overwrite the current version until it has been completely verified.

Rollback system

If the new version fails during boot or within the first few minutes of operation, the system must be able to detect the anomaly and automatically revert to the previous version, ensuring continuity of service.

Logging and diagnostics

All update operations should be logged for technical audit purposes. These logs are essential for continuous improvement of the update process and for identifying failure patterns.

Secure communication

Beyond the firmware itself, it is crucial to ensure that the communication between the device and the server is fully protected. This includes:

  • Encryption of data in transit

  • Mutual authentication between client and server

  • Prevention against replay attacks

Conclusion

Secure remote firmware updates are a strategic capability for any technology product aiming for longevity and scalability. However, this capability requires technical planning from the very start. It is not enough that it works. It must be guaranteed that, even in the event of failure, the system remains operational.

At Detus, we design firmware with remote update support from the earliest stages of the project, applying strict best practices in security, validation and reliability.