Compromising an IoT device based on Harvard architecture microcontroller

Krzysztof Cabaj , Grzegorz Mazur , Mateusz Nosek


The paper describes the concept and implementation of an attack technique, targeting an Internet-connected device based on Arduino family board and modules with an ATmega microcontoller. Due to Harvard-like architecture of the microcontroller, the attack uses return-oriented programming principle, utilizing the pieces of firmware already contained in the memory of target device. We show that the routines present in the device are sufficient to convey a successful attack and change the device operation in the presence of buffer overflow backdoor to the firmware.
Author Krzysztof Cabaj (FEIT / IN)
Krzysztof Cabaj,,
- The Institute of Computer Science
, Grzegorz Mazur (FEIT / IN)
Grzegorz Mazur,,
- The Institute of Computer Science
, Mateusz Nosek (FEIT / ICS)
Mateusz Nosek,,
- The Institute of Computer Science
Publication size in sheets0.5
Book Romaniuk Ryszard, Linczuk Maciej Grzegorz (eds.): Proceedings of SPIE: Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2018, Proceedings of SPIE: The International Society for Optical Engineering, vol. 10808, 2018, SPIE - The International Society for Optics and Photonics, ISBN 9781510622036, 2048 p., DOI:10.1117/12.2504983
Keywords in Englishembedded system, microcontroller, Harvard architecture, AVR architecture, IoT device, buffer overflow attack, return-oriented programming, gadgets
ProjectDevelopment of new algorithms in the areas of software and computer architecture, artificial intelligence and information systems and computer graphics . Project leader: Arabas Jarosław, , Phone: +48 22 234 7432, start date 01-06-2017, end date 31-10-2018, II/2017/DS/1, Completed
WEiTI Działalność statutowa
Languageen angielski
108082G_Cabaj.pdf 1.7 MB
Score (nominal)15
Score sourceconferenceIndex
ScoreMinisterial score = 15.0, 17-06-2020, ChapterFromConference
Publication indicators WoS Citations = 0; Scopus Citations = 1; Scopus SNIP (Source Normalised Impact per Paper) [Not active]: 2018 = 0.394
Citation count*
Share Share

Get link to the record

* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Are you sure?