Security Management on Arduino-Based Electronic Devices

Arduino has emerged as a very popular electronic board because of its low-cost, open hardware approach, and flexibility with a huge potential for prototyping, small product runs, Internet of Things (IoT), makers or educational electronic projects, among others. However, there is a literature gap concerning wide analysis on different versions and types of Arduino boards, which include software, hardware, and communication vulnerabilities analysis. This work analyzes the software, hardware, and communication vulnerabilities that can be found in different versions of Arduino boards (entry level, enhanced features, IoT-oriented, nonofficial and with Operating System). The results of the analysis show that, in most cases, Arduino boards present hardware and software limitations and security vulnerabilities, probably due to their low-cost requirement design. Some examples are: an easy-to-override firmware, lack of power protection or nonencrypted board communications in the case of Arduino Yun. Also, Arduino does not check bad use of memory stack, so bad memory operations may end up easily on memory corruption and unexpected behavior. All these limitations and vulnerabilities may lead to security breaches on the deployed environment. Therefore, any security management policy must take these weaknesses into account.

Automated summary

Arduino has become popular due to its low cost, open hardware approach, and flexibility for various electronic projects. However, there is a lack of comprehensive analysis on the different versions and types of Arduino boards, including software, hardware, and communication vulnerabilities. This study analyzes the vulnerabilities in different versions of Arduino boards, revealing limitations and security vulnerabilities such as firmware overrides, lack of power protection, and non-encrypted board communications. These weaknesses may lead to security breaches, highlighting the need for considering them in security management policies.