OTA updates deliver firmware/software wirelessly to devices. Security requirements: code signing (verify authenticity), TLS (protect in transit), version verification (prevent rollback), failure handling.
Unsigned OTA updates are a critical vulnerability — attackers intercept and replace with malicious firmware. Secure OTA requires: digital signature verification, TLS delivery, rollback prevention, update authenticity check before installation.