Compromising an IoT device based on Harvard architecture microcontroller

Krzysztof Cabaj , Grzegorz Mazur , Mateusz Nosek

Abstract

The paper describes the concept and implementation of an attack technique, targeting an Internet-connected device based on Arduino family board and modules with an ATmega microcontoller. Due to Harvard-like architecture of the microcontroller, the attack uses return-oriented programming principle, utilizing the pieces of firmware already contained in the memory of target device. We show that the routines present in the device are sufficient to convey a successful attack and change the device operation in the presence of buffer overflow backdoor to the firmware.
Author Krzysztof Cabaj (FEIT / IN)
Krzysztof Cabaj,,
- The Institute of Computer Science
, Grzegorz Mazur (FEIT / IN)
Grzegorz Mazur,,
- The Institute of Computer Science
, Mateusz Nosek (FEIT / ICS)
Mateusz Nosek,,
- The Institute of Computer Science
Pages108082G-1-108082G-10
Publication size in sheets0.5
Book Romaniuk Ryszard, Linczuk Maciej Grzegorz (eds.): Proceedings of SPIE: Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2018, Proceedings of SPIE: The International Society for Optical Engineering, vol. 10808, 2018, SPIE - the International Society for Optics and Photonics, ISBN 9781510622036, 2048 p., DOI:10.1117/12.2504983
Keywords in Englishembedded system, microcontroller, Harvard architecture, AVR architecture, IoT device, buffer overflow attack, return-oriented programming, gadgets
DOIDOI:10.1117/12.2501580
URL https://www.spiedigitallibrary.org/conference-proceedings-of-spie/10808/108082G/Compromising-an-IoT-device-based-on-Harvard-architecture-microcontroller/10.1117/12.2501580.full?SSO=1
projectDevelopment of new algorithms in the areas of software and computer architecture, artificial intelligence and information systems and computer graphics . Project leader: Arabas Jarosław, , Phone: +48 22 234 7432, start date 01-06-2017, end date 31-10-2018, II/2017/DS/1, Completed
WEiTI Działalność statutowa
Languageen angielski
File
108082G_Cabaj.pdf 1.7 MB
Score (nominal)15
ScoreMinisterial score = 15.0, 11-09-2019, BookChapterSeriesAndMatConfByConferenceseries
Ministerial score (2013-2016) = 15.0, 11-09-2019, BookChapterSeriesAndMatConfByConferenceseries
Publication indicators WoS Citations = 0; Scopus Citations = 0
Citation count*
Cite
Share Share

Get link to the record


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back