Key points:
- What FOTA Is: Firmware over-the-air (FOTA) updates deliver and install device firmware wirelessly, updating components like UEFI/BIOS and bootloaders.
- OTA vs. FOTA Updates: OTA updates primarily patch operating systems and applications, while FOTA updates modify pre-boot and hardware-level firmware.
- How FOTA Updates Work: FOTA uses signed firmware, integrity validation, A/B or inactive partitions, controlled reboots, and automatic rollback.
- Security Importance of FOTA: Firmware updates reduce the attack surface and help organizations meet compliance standards like NIST and SOC 2.
- Benefits and Challenges: FOTA improves device security at scale but requires careful handling of compatibility risks and update failure scenarios.
- Apply FOTA at Enterprise Scale: Enterprises use centralized firmware update management to protect fleets of devices across distributed environments.
Firmware over-the-air (FOTA) updates are the technology that delivers and installs firmware updates wirelessly to devices. This article explains firmware, FOTA updates, what they do and how they work, as well as the benefits and challenges they bring to IT teams.
What are firmware over-the-air (FOTA) updates?
Firmware over-the-air updates are a specific kind of over-the-air (OTA) update for delivering firmware to mobile and embedded devices.
To clarify, firmware is the software that operates at the lowest level on a device: it controls the most basic functions (like booting the device) and acts as the foundation for other software (by interacting directly with hardware like screens, batteries, and sensors) that runs on the device.
Firmware also provides the interfaces that your device’s operating system (OS) uses to communicate with the hardware they run on. That said, it’s worth noting that modern devices now use multiple firmware layers—e.g., UEFI/BIOS, bootloader, TPM/secure enclave firmware, peripheral firmware—and that firmware is no longer “below the OS”; rather, it executes before, alongside, and independently of the OS.
As firmware is fundamental to the operation of devices, it must be stable, with as few bugs as possible. This makes the regular and reliable deployment and installation of firmware updates vital.
Delivering these updates over the air means that they can be installed on user devices automatically, without them needing to connect the device to a computer to run special software to perform the update.
OTA vs. FOTA updates comparison
Here’s a table summarizing the differences between OTA vs. FOTA updates:
| Feature | OTA Updates | FOTA Updates |
| Update Target | OS & apps | Device firmware |
| Privilege Level | User/kernel | Pre-boot/hardware |
| Security Impact | High | Critical |
| Failure Risk | Low | High (requires rollback) |
Keep your devices fully up to date with the automated firmware updates.
How do firmware updates work?
OTA updates work much the same way for end users as any other OTA update: you receive a notification that an update is ready, and either it’s automatically installed at a scheduled time, or manually install it.
The FOTA update process itself must be robust due to the key nature firmware plays in a device’s operation. Hardware vendors thoroughly test firmware updates before deploying them, aiming to minimize any possible disruption and eliminate any show-stopping bugs.
Below is a quick technical rundown of the process:
- Cryptographically signed firmware package is published
- Device validates signature and integrity
- Update installs to inactive partition
- Device reboots and self-verifies
- Automatic rollback ensues if validation fails
Benefits of FOTA updates
Firmware OTA updates provide multiple benefits to both users and device vendors:
- User convenience: Users do not have to manually check for updates or connect their devices to their computers and download special software to update them.
- Improved security: Devices that are up to date are more secure, and updates will not be “put off” until a later time, or forgotten about. Improved adherence to compliance requirements (e.g., NIST, SOC 2)
More specifically, improved firmware security as a result of installed FOTA updates leads to the following:- More secure boot chains
- Better vulnerability remediation
- More secure zero-trust architectures
- New features, bug fixes, and better device performance: FOTA ensures that users have the latest bug fixes and features, improving functionality, stability, and performance.
- Better outcomes for manufacturers: Rather than recalling faulty devices, manufacturers can deploy firmware over-the-air updates to fix devices in the field. They can also test these updates on a subset of users who have opted in, to make sure that the updates are reliable before wider deployment, improving reliability and brand perception.
FOTA challenges and considerations
There are, however, some potential drawbacks to watch out for:
- Firmware updates could break compatibility with other devices. While this doesn’t affect tightly integrated phones and tablets from a single vendor, custom devices that have individually updatable components may be affected.
- Some manufacturers may not be as strict about the quality of firmware OTA updates as they should be. This is why it’s important to use devices from reputable companies with a good record for update stability, regularity, and security.
- FOTA updates may not reach long-tail devices that stop receiving firmware support, making it more difficult to update and secure these devices. In this case, the best option may be to retire them completely should they be compromised.
Nonetheless, the benefits of firmware update management far outweigh the downsides. Firmware updates are generally thoroughly tested and not released until they’re considered stable by the manufacturer, so the risk of a malfunctioning device to your data or security is much smaller.
Real-world applications of firmware over-the-air updates
Mobile phones
Your iPhone or Android smartphone receives FOTA updates as part of its update process. This ensures that the code that interacts with the device’s hardware is updated along with the OS to improve stability and support new functionality.
Electric vehicles
Tesla electric vehicles also famously receive automotive firmware updates over the air. These are often done as part of their “product recalls” to address problems that have been identified in their cars, without them having to be physically returned to a Tesla workshop to be updated.
IoT devices
IoT and smart devices also rely on FOTA updates. Smart speakers, lightbulbs, vacuums, locks embedded smart devices that receive FOTA updates can continue to operate seamlessly and with improved functionality due to IoT firmware updates, all without your interaction (or even noticing that an update has happened).
Empower remote device management. Watch What are firmware over-the-air (FOTA)? and enable seamless updates for your devices.
Push out firmware updates and security patches with NinjaOne Patch Management.
Effective firmware update management of enterprise devices at scale
Remote firmware updates are a core part of smooth IT operations and endpoint security posture for organizations of any size. Recalling devices to perform manual updates is impractical at best, so the automated, wireless deployment of both firmware and software updates is a force multiplier for IT teams.
Of course, software patches are only useful if they’re actually installed. NinjaOne’s endpoint management and remote monitoring and management platforms (RMM) ensure that you have full visibility over all of your employee devices and can deploy and enforce updates to make sure they’re stable and secure.
