Implementing a system for provisioning OTA software updates is part of best practice in a strategy to deal with IoT security threats. The best way is to put in place a Zero trust architecture < https://www.devicechronicle.com/iot-cybersecurity-2/ > . OTA updates can be scheduled to deliver CVE updates automatically and to scale and to anticipate and patch vulnerabilities minimising the threat vectors. What are the threat types that need to be considered and planned for in an IoT device security strategy that incorporates OTA software updates? We go to the peer-reviewed research to find an authoritative summary overview of the main threat vectors in IoT device security.
This is a companion discussion topic for the original entry at https://mender.io/blog/what-are-the-iot-security-threats