research-article

Security analysis and exploitation of arduino devices in the internet of things

Authors:

Carlos Alberca,

Sergio Pastrana,

Guillermo Suarez-Tangil,

Paolo PalmieriAuthors Info & Claims

CF '16: Proceedings of the ACM International Conference on Computing Frontiers

Pages 437 - 442

https://doi.org/10.1145/2903150.2911708

Published: 16 May 2016 Publication History

Get Access

Abstract

The pervasive presence of interconnected objects enables new communication paradigms where devices can easily reach each other while interacting within their environment. The so-called Internet of Things (IoT) represents the integration of several computing and communications systems aiming at facilitating the interaction between these devices. Arduino is one of the most popular platforms used to prototype new IoT devices due to its open, flexible and easy-to-use architecture. Ardunio Yun is a dual board microcontroller that supports a Linux distribution and it is currently one of the most versatile and powerful Arduino systems. This feature positions Arduino Yun as a popular platform for developers, but it also introduces unique infection vectors from the security viewpoint. In this work, we present a security analysis of Arduino Yun. We show that Arduino Yun is vulnerable to a number of attacks and we implement a proof of concept capable of exploiting some of them.

References

[1]

M. Banzi, D. Cuartielles, T. Igoe, G. Martino, and D. Mellis. Arduino official. http://www.arduino.cc.

Google Scholar

[2]

A. Baratloo, N. Singh, T. K. Tsai, et al. Transparent run-time defense against stack-smashing attacks. In USENIX, pages 251--262, 2000.

Digital Library

Google Scholar

[3]

S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In USENIX Security, pages 105--120, 2003.

Digital Library

Google Scholar

[4]

C. Doukas. Building Internet of Things with the Arduino. CreateSpace Independent Publishing Platform, USA, 2012.

Digital Library

Google Scholar

[5]

A. Francillon and C. Castelluccia. Code injection attacks on harvard-architecture devices. In ACM CCS 2008, pages 15--26. ACM, 2008.

Digital Library

Google Scholar

[6]

S. Gaitan, L. Calderoni, P. Palmieri, M.-C. Ten Veldhuis, D. Maio, and M. van Riemsdijk. From sensing to action: Quick and reliable access to information in cities vulnerable to heavy rain. Sensors Journal, IEEE, 14(12):4175--4184, Dec 2014.

Crossref

Google Scholar

[7]

N. Gershenfeld, R. Krikorian, and D. Cohen. The internet of things. Scientific American, 291(4):46--51, 2004.

Crossref

Google Scholar

[8]

J. Habibi, A. Gupta, S. Carlsony, A. Panicker, and E. Bertino. Mavr: Code reuse stealthy attacks and mitigation on unmanned aerial vehicles. In IEEE ICDCS 2015, pages 642--652. IEEE, 2015.

Crossref

Google Scholar

Cited By

View all

Hossain MKayas GHasan RSkjellum ANoor SIslam S(2024)A Holistic Analysis of Internet of Things (IoT) Security: Principles, Practices, and New PerspectivesFuture Internet10.3390/fi1602004016:2(40)Online publication date: 24-Jan-2024
https://doi.org/10.3390/fi16020040
Corno FMannella L(2023)Security Evaluation of Arduino Projects Developed by Hobbyist IoT ProgrammersSensors10.3390/s2305274023:5(2740)Online publication date: 2-Mar-2023
https://doi.org/10.3390/s23052740
Sainz-Raso JMartin SDiaz GCastro M(2023)Security Management on Arduino-Based Electronic DevicesIEEE Consumer Electronics Magazine10.1109/MCE.2022.318411812:3(72-84)Online publication date: 1-May-2023
https://doi.org/10.1109/MCE.2022.3184118
Show More Cited By

Security analysis and exploitation of arduino devices in the internet of things
1. Security and privacy
  1. Systems security

Recommendations

Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT ...
Arduino: The ultimate guide to Arduino, including projects, programming tips & tricks, and much more!
Building Internet of Things with the Arduino

Comments

Information & Contributors

Information

Published In

CF '16: Proceedings of the ACM International Conference on Computing Frontiers

May 2016

487 pages

ISBN:9781450341288

DOI:10.1145/2903150

General Chairs:
Gianluca Palermo
Politecnico di Milano, IT
,
John Feo
Pacific Northwest National Laboratory and Northwest Institute for Advanced Computing
,
Program Chairs:
Antonino Tumeo
Pacific Northwest National Laboratory, USA
,
Hubertus Franke
New York University and IBM Research, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Consejería de Educación, Cultura y Deporte de la Comunidad de Madrid, Spain
Ministerio de Economía y Competitividad (MINECO), Spain

Conference

CF'16

Sponsor:

Micron Foundation
ACM
Politecnico di Milano
SIGMICRO
IBM

CF'16: Computing Frontiers Conference

May 16 - 19, 2016

Como, Italy

Acceptance Rates

CF '16 Paper Acceptance Rate 30 of 94 submissions, 32%;

Overall Acceptance Rate 273 of 785 submissions, 35%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
397
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)4

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hossain MKayas GHasan RSkjellum ANoor SIslam S(2024)A Holistic Analysis of Internet of Things (IoT) Security: Principles, Practices, and New PerspectivesFuture Internet10.3390/fi1602004016:2(40)Online publication date: 24-Jan-2024
https://doi.org/10.3390/fi16020040
Corno FMannella L(2023)Security Evaluation of Arduino Projects Developed by Hobbyist IoT ProgrammersSensors10.3390/s2305274023:5(2740)Online publication date: 2-Mar-2023
https://doi.org/10.3390/s23052740
Sainz-Raso JMartin SDiaz GCastro M(2023)Security Management on Arduino-Based Electronic DevicesIEEE Consumer Electronics Magazine10.1109/MCE.2022.318411812:3(72-84)Online publication date: 1-May-2023
https://doi.org/10.1109/MCE.2022.3184118
Dalal NOren YDorfan YGiron JPuzis R(2023)The Attack Surface of Wet Lab AutomationCyberbiosecurity10.1007/978-3-031-26034-6_15(279-304)Online publication date: 10-May-2023
https://doi.org/10.1007/978-3-031-26034-6_15
Levshun DChechulin AKotenko I(2022)Security and Privacy Analysis of Smartphone-Based Driver Monitoring Systems from the Developer’s Point of ViewSensors10.3390/s2213506322:13(5063)Online publication date: 5-Jul-2022
https://doi.org/10.3390/s22135063
Al-Maani MFrisbie GShippy FTiseo MDarwish OAbualkibash M(2022)A Classifier to Detect Number of Machines Performing DoS Attack Against Arduino Oplà Device in IoT Environment2022 5th International Conference on Advanced Communication Technologies and Networking (CommNet)10.1109/CommNet56067.2022.9993816(1-9)Online publication date: 12-Dec-2022
https://doi.org/10.1109/CommNet56067.2022.9993816
Ooi SBeuran RTan Y(2021)Secure IoT Development: A Maker’s Perspective2021 IEEE International Conference on Omni-Layer Intelligent Systems (COINS)10.1109/COINS51742.2021.9524205(1-6)Online publication date: 23-Aug-2021
https://doi.org/10.1109/COINS51742.2021.9524205
Pucher MKudera CMerzdovnik GVolkamer MWressnegger C(2020)AVRSProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3407065(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3407065
Zagi LAziz B(2020)Privacy Attack On IoT: a Systematic Literature Review2020 International Conference on ICT for Smart Society (ICISS)10.1109/ICISS50791.2020.9307568(1-8)Online publication date: 19-Nov-2020
https://doi.org/10.1109/ICISS50791.2020.9307568
Raghuprasad APadmanabhan SArjun Babu MBinu P(2020)Security Analysis and Prevention of Attacks on IoT Devices2020 International Conference on Communication and Signal Processing (ICCSP)10.1109/ICCSP48568.2020.9182055(0876-0880)Online publication date: Jul-2020
https://doi.org/10.1109/ICCSP48568.2020.9182055
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Internet of Things security

Arduino: The ultimate guide to Arduino, including projects, programming tips & tricks, and much more!

Building Internet of Things with the Arduino

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Funding Sources

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Recommendations

Internet of Things security

Arduino: The ultimate guide to Arduino, including projects, programming tips & tricks, and much more!

Building Internet of Things with the Arduino

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations