Security Management on Arduino-Based Electronic Devices

Abstract

Arduino has emerged as a very popular electronic board because of its low-cost, open hardware approach and flexibility with a huge potential for prototyping, small product runs, Internet of Things, makers or educational electronic projects, among others. However, there is a literature gap concerning wide analysis on different versions and types of Arduino boards, which include software, hardware and communication vulnerabilities analysis. This work analyzes the software, hardware and communication vulnerabilities that can be found in different versions of Arduino boards (entry level, enhanced features, Internet of Things-oriented, non-official and with Operating System). The results of the analysis show that, in most cases, Arduino boards present hardware and software limitations and security vulnerabilities, probably due to their low-cost requirement design. Some examples are: an easy-to-override firmware, lack of power protection or non-encrypted board communications in the case of Arduino Yun. Also Arduino does not check bad use of memory stack, so bad memory operations may end up easily on memory corruption and unexpected behavior. All these limitations and vulnerabilities may lead to security breaches on the deployed environment. Therefore, any security management policy must take these weaknesses into account.