Security analysis and exploitation of arduino devices in the internet of things

Alberca, Carlos; Pastrana, Sergio; Suarez-Tangil, Guillermo; Palmieri, Paolo

Security analysis and exploitation of arduino devices in the internet of things

Files

Alberca_Pastrana_Suarez-Tangil_Palmieri_Mal-IoT_CF2016.pdf(384.55 KB)

Accepted version

Date

2016-05

Authors

Alberca, Carlos

Pastrana, Sergio

Suarez-Tangil, Guillermo

Palmieri, Paolo

Publisher

Association for Computing Machinery (ACM)

Published Version

10.1145/2903150.2911708

Abstract

The pervasive presence of interconnected objects enables new communication paradigms where devices can easily reach each other while interacting within their environment. The so-called Internet of Things (IoT) represents the integration of several computing and communications systems aiming at facilitating the interaction between these devices. Arduino is one of the most popular platforms used to prototype new IoT devices due to its open, flexible and easy-to-use architecture. Ardunio Yun is a dual board microcontroller that supports a Linux distribution and it is currently one of the most versatile and powerful Arduino systems. This feature positions Arduino Yun as a popular platform for developers, but it also introduces unique infection vectors from the security viewpoint. In this work, we present a security analysis of Arduino Yun. We show that Arduino Yun is vulnerable to a number of attacks and we implement a proof of concept capable of exploiting some of them.

Keywords

Internet of Things (IoT) , Communication paradigm , Communications systems , Linux distributions , Popular platform , Proof of concept , Security analysis , Computer operating systems , Internet , Security systems

Citation

Alberca, C., Pastrana, S., Suarez-Tangil, G. and Palmieri, P. 'Security analysis and exploitation of arduino devices in the internet of things', Proceedings of the ACM International Conference on Computing Frontiers, Como, Italy. 2911708: ACM, 437-442. doi:10.1145/2903150.2911708

URI

http://hdl.handle.net/10468/4778

Collections

Computer Science - Conference Items

Copyright

© 2016 ACM. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CF '16 Proceedings of the ACM International Conference on Computing Frontiers, http://doi.org/10.1145/2903150.2911708

Full item page