Compromising an IoT device based on Harvard architecture microcontroller
The paper describes the concept and implementation of an attack technique, targeting an Internet-connected device based
on Arduino family board and modules with an ATmega microcontoller. Due to Harvard-like architecture of the
microcontroller, the attack uses return-oriented programming principle, utilizing the pieces of firmware already
contained in the memory of target device. We show that the routines present in the device are sufficient to convey a
successful attack and change the device operation in the presence of buffer overflow backdoor to the firmware.