Security Management on Arduino-Based Electronic Devices

Arduino has emerged as a very popular electronic board because of its low-cost, open hardware approach, and flexibility with a huge potential for prototyping, small product runs, Internet of Things (IoT), makers or educational electronic projects, among others. However, there is a literature gap concerning wide analysis on different versions and types of Arduino boards, which include software, hardware, and communication vulnerabilities analysis. This work analyzes the software, hardware, and communication vulnerabilities that can be found in different versions of Arduino boards (entry level, enhanced features, IoT-oriented, nonofficial and with Operating System). The results of the analysis show that, in most cases, Arduino boards present hardware and software limitations and security vulnerabilities, probably due to their low-cost requirement design. Some examples are: an easy-to-override firmware, lack of power protection or nonencrypted board communications in the case of Arduino Yun. Also, Arduino does not check bad use of memory stack, so bad memory operations may end up easily on memory corruption and unexpected behavior. All these limitations and vulnerabilities may lead to security breaches on the deployed environment. Therefore, any security management policy must take these weaknesses into account.