Security management on Arduino-based electronic devices

Recientemente ha sido publicado nuestro artículo » Security management on Arduino-based electronic devices» publicado en la revista indexada en JCR (Q1) «IEEE Consumer Electronics Magazine».

Aquí os dejamos el abstract por si os interesa:

Arduino has emerged as a very popular electronic board because of its low-cost, open hardware approach and flexibility with a huge potential for prototyping, small product runs, Internet of Things, makers or educational electronic projects, among others. However, there is a literature gap concerning wide analysis on different versions and types of Arduino boards, which include software, hardware and communication vulnerabilities analysis. This work analyzes the software, hardware and communication vulnerabilities that can be found in different versions of Arduino boards (entry level, enhanced features, Internet of Things-oriented, non-official and with Operating System). The results of the analysis show that, in most cases, Arduino boards present hardware and software limitations and security vulnerabilities, probably due to their low-cost requirement design. Some examples are: an easy-to override firmware, lack of power protection or non-encrypted board communications in the case of Arduino Yun. Also Arduino does not check bad use of memory stack, so bad memory operations may end up easily on memory corruption and unexpected behavior.

All these limitations and vulnerabilities may lead to security breaches on the deployed environment. Therefore, any security management policy must take these weaknesses into account

Aquí os dejamos el enlace a la referencia por si queréis citarla:

• J. Sainz-Raso, S. Martin, G. Diaz, M. Castro. Security management on Arduino-based electronic devices. IEEE Consumer Electronics Magazine, May 2023, vol. 12, issue 3, pp. 72-84-9. Print ISSN: 2162-2248. On-line ISSN: 2162-2256. Digital Object Identifier: 10.1109/MCE.2022.3184118. IEEE (Institute of Electrical and Electronic Engineers), Print ISSN: 2162-2248. Online ISSN: 2162-2256.

Esta investigación está muy relacionada con otras que llevamos realizando desde hace tiempo, a través por ejemplo de los artículos:

• Sainz-Raso J., Martin, S., Diaz G., and Castro. M. “Security Vulnerabilities in Raspberry Pi–Analysis of the System Weaknesses,” IEEE Consumer Electronics Magazine, vol. 8, no. 6, pp. 47-52, Nov. 2019.
• S. Martin-Gutierrez, P. Martin, G. Diaz-Orueta, and M. Castro-Gil, «Vulnerabilities on embeded systems,» Dyna. Septiembre 2016, pp. 484-484.