Software updates are a fast and cheap alternative to recalls, but they could present security issues.
Recalling and upgrading products used to take months of work and huge expense, but many companies are showing that this is no longer the case as upgrades through software become the norm.
Apple has announced that a diagnostic capability will be added to iOS to help manage battery consumption, which has been an issue in some iPhone 6s handsets.
Samsung’s woes over the over-heating batteries in its Galaxy Note 7 devices were a long saga earlier this year. As a growing number of users reported issues with the devices while charging, Samsung was forced to issue a recall of many of the devices.
Yet in South Korea, the smartphone maker hit on an innovative stop-gap solution: it sent out a software update to the devices that limited their charge to 60 percent. The devices will still have to be replaced, but the immediate danger to users could be removed far more quickly.
Samsung announced on 9 December 2016 that the software update would be rolled out to all Samsung Galaxy Note 7 handsets from 15 December.
Other companies have been able to go further still and fundamentally rework their users’ systems.
Recently, Tesla issued an update to its autonomous driving software that it claimed would have prevented a fatality that happened in May. A 40-year-old died on a Florida highway while using the Autopilot, which features various systems such as Autosteer and Auto Lane Change.
Version 8 of the software will make more prominent use of radar to process signals from the car’s surroundings. Until the update the radar had been used as an auxiliary sensor to the vehicles’ main cameras.
Radar was initially added to Tesla vehicles in October 2014 as part of the Autopilot hardware suite, but through the software update the whole system could be rebuilt around it.
This seems like a win-win scenario. The consumer is able to continue using the same product and gain new functionality without having to buy a newer model. For the manufacturer, it protects the investment made in developing and bringing a product to market.
But how widely can this solution be applied, and does it throw up any new problems?
Alex Mathews, EMEA Technical Manager of Positive Technologies, says that the model is already widely used in security, but there are limits to it: for example, when a manufacturer uses components from a third-party company that it cannot repair itself.
It is also possible that the flawed system could be used in a critical business process that cannot simply be shut off while it is upgraded, he says.
Specifically in the case of the Samsung update, Mathews says that “in the case of flawed batteries, some other conditions (ambient temperature spikes or heavy blows) can lead to dangerous consequences too, so the 60% charge limit won’t help.”
Ken Munro, Partner in Pen Test Partners, says that as long as the firmware can carry out such an update there is no limit on what can be done, meaning that it will be useful in the Internet of Things era to roll out updates en masse.
To achieve this, however, an automatic update mechanism would be preferable, says Munro, since consumers are unlikely to be vigilant in ensuring ‘fit and forget’ devices.
The main danger in opening more functionality to control by software is security.
As Mathews of Positive Technologies, says: “Imagine a hacker who got access to this feature in your Galaxy: he can turn off the charge limit, or set it to 0 percent instead of 60 percent.”
As Munro says, it is possible that an attacker could send out a malicious update if the firmware has not been signed and encrypted.
Munro also says that over-reliance on software updates could lead to companies being less meticulous when ironing out security issues in their products.
“Many start-up manufacturers, such as those developing IoT devices, simply aren’t flexible enough to incorporate security changes into the manufacturing process and need to get to market as quickly as possible,” says Munro.
In addition, vendors need to ensure when rolling out upgrades that they don’t introduce new security problems.
Another very real limit of the software enhancement model is the hardware. More demanding software will place greater demands on the hardware in question, which is not receiving any simultaneous upgrade.
For example, a petition last summer demanding that Apple stop ‘sabotaging’ older devices with iOS upgrades attracted hundreds of thousands of signatures. The petition argued that owners of older iPhones find the performance on their devices becomes so poor that they will simply opt to buy a newer device.
However, the use of software to provide updates is still at the beginnings of what it can do, having only recently been introduced to industries such as automotive with the arrival of Tesla on the scene.
As Sudhir Sharma of ANSYS, says, “in a nut-shell, more and more electronic devices will include smarter processors and additional memory so they can be reprogrammed.”
There are still issues to be navigated, but in the future we will see more and more of our products being updated through software.