IEEE Consumer Electronics Magazine - May/June 2023 - 79

FIGURE 4. Communication between ATmega
microcontroller and Linino using the Bridge library.
Firmware Analysis Regarding software vulnerabilities,
communication between both modules-Arduino
and Linux-is done using the
Bridge library, which can also be exploited. An
attacker can take advantage of buffer vulnerabilities
on any of the parts while using the Bridge
library.30 Thus, an attack coming from the Arduino
microcontroller can impact on the Linux side
and vice versa.
Some old Yun boards are delivered with the
old Linino Linux version, which contains too
many security issues to move it to a production
system.40 Some issues that a user may experiment
with this old version may include: liability
of bridge library, Wi-Fi stability, undeveloped
functions (like fileio), and stability when reading
big files. Reported issues were fixed on the
OpenWrt version.
At the time of writing this article, included
Python version is 2.7, which end of life date was
April 2020.43 This means that current version of
OpenWrt contains an almost outdated version of
Python that must be updated shortly. Developers
should foresee this update and code accordingly
to this situation.
OpenWrt has security breaches, including
passwords in plain text, unpatched daemons, vulnerable
kernel or lack of integrity checks on critical
files.30 Keeping default configuration for
production devicesmay imply security issues too.
Default configuration is a common vulnerability
existing in devices with OS, which also
applies to the Arduino YUN. Part of this default
configuration involves default password and
nonsecure HTTP requests. Moreover, this vulnerability
may even impact uploaded sketches.
As an example, the default root password,
which is used to connect to web-CLI, (a web-based
Command Line Interface) or through ssh, is
FIGURE 5. Response time of ping command while
performing a DoS attack in an Arduino YUN.
" Arduino. " This password can be changed through
CLI but as it is served using the nonsecured connection,
any attempt to change the password may
be sniffed. HTTP API requests are done, on default
configuration of Arduino, using a nonsecure channel.
As previously mentioned, the HTTP server
used in the analysis is uhttpd, and its configuration
file can be found in /etc/httpd.conf.44
An attacker knowing the Arduino Yun Linux
password, and with access to the same network of
the device, will be able to upload any sketch. Arduino
software-online or local-detects if an Arduino
Yun is connected to the same network and
allowsthe user to upload the sketch through Linux
using the network. Arduino password will be
requested. Thus, this passwordmust be kept safe.
Unlike the Arduino unit, the Linux part can run
applications with stack protections. Existing stack
vulnerabilities on applications running on
OpenWRT can be minimized on production systems
using protection techniques. These protection
techniques, like ASLR or Stack Canaries, will
force the application to stop if the expected flow is
not followed. The booting process in the two Arduino
Yun sides are completely independent and
with no synchronization. On one side, the AVR
ATmega32U4 microcontroller runs an uploaded
sketch as any other Arduino board. On the other
side, the MIPS Atheros AR9331 microprocessor
boots theOpenWrt-Yun Linux distribution.
The two Arduino Yun modules can be also
reset independently using the corresponding reset
buttons. This means that if the microcontroller is
reset, the Linux system keeps running. It also
works the other way around: if the microprocessor
is reset, only Linux will reboot and the microcontroller
sketch continues running.
May/June 2023
79

IEEE Consumer Electronics Magazine - May/June 2023

Table of Contents for the Digital Edition of IEEE Consumer Electronics Magazine - May/June 2023

Contents
IEEE Consumer Electronics Magazine - May/June 2023 - Cover1
IEEE Consumer Electronics Magazine - May/June 2023 - Cover2
IEEE Consumer Electronics Magazine - May/June 2023 - Contents
IEEE Consumer Electronics Magazine - May/June 2023 - 2
IEEE Consumer Electronics Magazine - May/June 2023 - 3
IEEE Consumer Electronics Magazine - May/June 2023 - 4
IEEE Consumer Electronics Magazine - May/June 2023 - 5
IEEE Consumer Electronics Magazine - May/June 2023 - 6
IEEE Consumer Electronics Magazine - May/June 2023 - 7
IEEE Consumer Electronics Magazine - May/June 2023 - 8
IEEE Consumer Electronics Magazine - May/June 2023 - 9
IEEE Consumer Electronics Magazine - May/June 2023 - 10
IEEE Consumer Electronics Magazine - May/June 2023 - 11
IEEE Consumer Electronics Magazine - May/June 2023 - 12
IEEE Consumer Electronics Magazine - May/June 2023 - 13
IEEE Consumer Electronics Magazine - May/June 2023 - 14
IEEE Consumer Electronics Magazine - May/June 2023 - 15
IEEE Consumer Electronics Magazine - May/June 2023 - 16
IEEE Consumer Electronics Magazine - May/June 2023 - 17
IEEE Consumer Electronics Magazine - May/June 2023 - 18
IEEE Consumer Electronics Magazine - May/June 2023 - 19
IEEE Consumer Electronics Magazine - May/June 2023 - 20
IEEE Consumer Electronics Magazine - May/June 2023 - 21
IEEE Consumer Electronics Magazine - May/June 2023 - 22
IEEE Consumer Electronics Magazine - May/June 2023 - 23
IEEE Consumer Electronics Magazine - May/June 2023 - 24
IEEE Consumer Electronics Magazine - May/June 2023 - 25
IEEE Consumer Electronics Magazine - May/June 2023 - 26
IEEE Consumer Electronics Magazine - May/June 2023 - 27
IEEE Consumer Electronics Magazine - May/June 2023 - 28
IEEE Consumer Electronics Magazine - May/June 2023 - 29
IEEE Consumer Electronics Magazine - May/June 2023 - 30
IEEE Consumer Electronics Magazine - May/June 2023 - 31
IEEE Consumer Electronics Magazine - May/June 2023 - 32
IEEE Consumer Electronics Magazine - May/June 2023 - 33
IEEE Consumer Electronics Magazine - May/June 2023 - 34
IEEE Consumer Electronics Magazine - May/June 2023 - 35
IEEE Consumer Electronics Magazine - May/June 2023 - 36
IEEE Consumer Electronics Magazine - May/June 2023 - 37
IEEE Consumer Electronics Magazine - May/June 2023 - 38
IEEE Consumer Electronics Magazine - May/June 2023 - 39
IEEE Consumer Electronics Magazine - May/June 2023 - 40
IEEE Consumer Electronics Magazine - May/June 2023 - 41
IEEE Consumer Electronics Magazine - May/June 2023 - 42
IEEE Consumer Electronics Magazine - May/June 2023 - 43
IEEE Consumer Electronics Magazine - May/June 2023 - 44
IEEE Consumer Electronics Magazine - May/June 2023 - 45
IEEE Consumer Electronics Magazine - May/June 2023 - 46
IEEE Consumer Electronics Magazine - May/June 2023 - 47
IEEE Consumer Electronics Magazine - May/June 2023 - 48
IEEE Consumer Electronics Magazine - May/June 2023 - 49
IEEE Consumer Electronics Magazine - May/June 2023 - 50
IEEE Consumer Electronics Magazine - May/June 2023 - 51
IEEE Consumer Electronics Magazine - May/June 2023 - 52
IEEE Consumer Electronics Magazine - May/June 2023 - 53
IEEE Consumer Electronics Magazine - May/June 2023 - 54
IEEE Consumer Electronics Magazine - May/June 2023 - 55
IEEE Consumer Electronics Magazine - May/June 2023 - 56
IEEE Consumer Electronics Magazine - May/June 2023 - 57
IEEE Consumer Electronics Magazine - May/June 2023 - 58
IEEE Consumer Electronics Magazine - May/June 2023 - 59
IEEE Consumer Electronics Magazine - May/June 2023 - 60
IEEE Consumer Electronics Magazine - May/June 2023 - 61
IEEE Consumer Electronics Magazine - May/June 2023 - 62
IEEE Consumer Electronics Magazine - May/June 2023 - 63
IEEE Consumer Electronics Magazine - May/June 2023 - 64
IEEE Consumer Electronics Magazine - May/June 2023 - 65
IEEE Consumer Electronics Magazine - May/June 2023 - 66
IEEE Consumer Electronics Magazine - May/June 2023 - 67
IEEE Consumer Electronics Magazine - May/June 2023 - 68
IEEE Consumer Electronics Magazine - May/June 2023 - 69
IEEE Consumer Electronics Magazine - May/June 2023 - 70
IEEE Consumer Electronics Magazine - May/June 2023 - 71
IEEE Consumer Electronics Magazine - May/June 2023 - 72
IEEE Consumer Electronics Magazine - May/June 2023 - 73
IEEE Consumer Electronics Magazine - May/June 2023 - 74
IEEE Consumer Electronics Magazine - May/June 2023 - 75
IEEE Consumer Electronics Magazine - May/June 2023 - 76
IEEE Consumer Electronics Magazine - May/June 2023 - 77
IEEE Consumer Electronics Magazine - May/June 2023 - 78
IEEE Consumer Electronics Magazine - May/June 2023 - 79
IEEE Consumer Electronics Magazine - May/June 2023 - 80
IEEE Consumer Electronics Magazine - May/June 2023 - 81
IEEE Consumer Electronics Magazine - May/June 2023 - 82
IEEE Consumer Electronics Magazine - May/June 2023 - 83
IEEE Consumer Electronics Magazine - May/June 2023 - 84
IEEE Consumer Electronics Magazine - May/June 2023 - 85
IEEE Consumer Electronics Magazine - May/June 2023 - 86
IEEE Consumer Electronics Magazine - May/June 2023 - 87
IEEE Consumer Electronics Magazine - May/June 2023 - 88
IEEE Consumer Electronics Magazine - May/June 2023 - 89
IEEE Consumer Electronics Magazine - May/June 2023 - 90
IEEE Consumer Electronics Magazine - May/June 2023 - 91
IEEE Consumer Electronics Magazine - May/June 2023 - 92
IEEE Consumer Electronics Magazine - May/June 2023 - 93
IEEE Consumer Electronics Magazine - May/June 2023 - 94
IEEE Consumer Electronics Magazine - May/June 2023 - 95
IEEE Consumer Electronics Magazine - May/June 2023 - 96
IEEE Consumer Electronics Magazine - May/June 2023 - 97
IEEE Consumer Electronics Magazine - May/June 2023 - 98
IEEE Consumer Electronics Magazine - May/June 2023 - 99
IEEE Consumer Electronics Magazine - May/June 2023 - 100
IEEE Consumer Electronics Magazine - May/June 2023 - 101
IEEE Consumer Electronics Magazine - May/June 2023 - 102
IEEE Consumer Electronics Magazine - May/June 2023 - 103
IEEE Consumer Electronics Magazine - May/June 2023 - 104
IEEE Consumer Electronics Magazine - May/June 2023 - 105
IEEE Consumer Electronics Magazine - May/June 2023 - 106
IEEE Consumer Electronics Magazine - May/June 2023 - 107
IEEE Consumer Electronics Magazine - May/June 2023 - 108
IEEE Consumer Electronics Magazine - May/June 2023 - 109
IEEE Consumer Electronics Magazine - May/June 2023 - 110
IEEE Consumer Electronics Magazine - May/June 2023 - 111
IEEE Consumer Electronics Magazine - May/June 2023 - 112
IEEE Consumer Electronics Magazine - May/June 2023 - 113
IEEE Consumer Electronics Magazine - May/June 2023 - 114
IEEE Consumer Electronics Magazine - May/June 2023 - 115
IEEE Consumer Electronics Magazine - May/June 2023 - 116
IEEE Consumer Electronics Magazine - May/June 2023 - Cover3
IEEE Consumer Electronics Magazine - May/June 2023 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20240102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20231112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20221112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20211112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202010
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202009
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202007
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202004
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202003
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202001
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201909
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201907
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201905
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201903
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201901
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201811
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201809
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201807
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201805
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201803
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2015
https://www.nxtbookmedia.com