The ability to install new software on IoT devices is essential. Software updates are used to add new features, fix bugs, and resolve known security weaknesses. Although important, users still find them to be inconvenient, disruptive, and annoying. Therefore, vendors of IoT devices have worked on highly automated software update processes to reduce customer interaction and minimize downtime of devices and their connected systems.
 
From a security perspective, these automated processes represent possible entry points for attackers. If they are not properly protected, devices maybe open to manipulation, typically through the installation of malicious code on a device. 
 
This paper describes the architecture behind secured software update processes and what needs to be taken into account when implementing an appropriate architecture.