{"id":5816,"date":"2025-07-06T14:35:51","date_gmt":"2025-07-06T14:35:51","guid":{"rendered":"https:\/\/www.detus.co\/?p=5816"},"modified":"2026-01-21T10:39:28","modified_gmt":"2026-01-21T10:39:28","slug":"device-for-secure-remote-updates","status":"publish","type":"post","link":"https:\/\/www.detus.co\/uk\/firmware-development\/device-for-secure-remote-updates\/","title":{"rendered":"How to prepare a device for secure remote updates"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The ability to update firmware remotely is no longer a luxury. In many cases, it is a technical and operational requirement, especially in systems installed in hard-to-reach locations or in products with long life cycles. However, allowing a device to receive updates in the field involves much more than simply adding an \u201cupdate\u201d function.<\/p>

At Detus, we treat this topic with special care because we know that a poorly managed update can compromise the entire system. In this article, we outline the main principles we follow to ensure security, reliability and integrity in remote updates.<\/p>

Why this is critical<\/h2>

An error during an update can cause serious failures, such as:<\/p>

  • Devices that stop booting entirely, commonly referred to as bricks<\/li>
  • Memory corruption or data loss<\/li>
  • Systems left vulnerable to unauthorised modifications<\/li>
  • The need for physical intervention to reprogram the device<\/li><\/ul>

    This is why it is essential to design, from the beginning, a system that supports fail-safe updates, rigorous validation and safe rollback capability.<\/p>

    Key elements of a secure remote update<\/h2>

    Robust and isolated bootloader<\/h3>

    The bootloader is the code that manages both system startup and the update process. It must be logically separated from the main firmware and protected from being overwritten. That way, even if an update fails, the bootloader can still restore a functional version of the system.<\/p>

    Integrity verification<\/h3>

    The firmware must be validated before being applied. This can include the use of cryptographic signatures, hash verification, or integrity checks based on cyclic redundancy codes (CRC).<\/p>

    Power failure protection<\/h3>

    The system must be able to handle power interruptions during the update process. For this, the new version should only be written after full validation and must never overwrite the current version until it has been completely verified.<\/p>

    Rollback system<\/h3>

    If the new version fails during boot or within the first few minutes of operation, the system must be able to detect the anomaly and automatically revert to the previous version, ensuring continuity of service.<\/p>

    Logging and diagnostics<\/h3>

    All update operations should be logged for technical audit purposes. These logs are essential for continuous improvement of the update process and for identifying failure patterns.<\/p>

    Secure communication<\/h3>

    Beyond the firmware itself, it is crucial to ensure that the communication between the device and the server is fully protected. This includes:<\/p>

    • Encryption of data in transit<\/li>
    • Mutual authentication between client and server<\/li>
    • Prevention against replay attacks<\/li><\/ul>

      Conclusion<\/h2>

      Secure remote firmware updates are a strategic capability for any technology product aiming for longevity and scalability. However, this capability requires technical planning from the very start. It is not enough that it works. It must be guaranteed that, even in the event of failure, the system remains operational.<\/p>

      At Detus, we design firmware with remote update support from the earliest stages of the project, applying strict best practices in security, validation and reliability.<\/p><\/div><\/div><\/div><\/div><\/div><\/article><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/article><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

      The ability to update firmware remotely is no longer a luxury. In many cases, it is a technical and operational requirement, especially in systems installed in hard-to-reach locations or in products with long life cycles. However, allowing a device to receive updates in the field involves much more than simply adding an \u201cupdate\u201d function. At […]<\/p>\n","protected":false},"author":2,"featured_media":5817,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-5816","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-firmware-development"],"_links":{"self":[{"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/posts\/5816","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/comments?post=5816"}],"version-history":[{"count":1,"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/posts\/5816\/revisions"}],"predecessor-version":[{"id":6726,"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/posts\/5816\/revisions\/6726"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/media\/5817"}],"wp:attachment":[{"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/media?parent=5816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/categories?post=5816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.detus.co\/uk\/wp-json\/wp\/v2\/tags?post=5816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}