Towards Characterizing IoT Software Update Practices

Software updates are critical for ensuring systems remain free of bugs and vulnerabilities while they are in service. While many Internet of Things (IoT) devices are capable of outlasting desktops and mobile phones, their software update practices are not yet well understood, despite a large body of research aiming to create new methodologies for keeping IoT devices up to date. This paper discusses efforts towards characterizing the IoT software update landscape through network-level analysis of IoT device traffic. Our results suggest that vendors do not currently follow security best practices, and that software update standards, while available, are not being deployed.