Dipartimento di Automatica e Informatica, Politecnico di Torino, Corso Duca degli Abruzzi 24, 10129 Turin, Italy.
Sensors (Basel). 2023 Mar 2;23(5):2740. doi: 10.3390/s23052740.
Arduino is an open-source electronics platform based on cheap hardware and the easy-to-use software Integrated Development Environment (IDE). Nowadays, because of its open-source nature and its simple and accessible user experience, Arduino is ubiquitous and used among hobbyist and novice programmers for Do It Yourself (DIY) projects, especially in the Internet of Things (IoT) domain. Unfortunately, such diffusion comes with a price. Many developers start working on this platform without having a deep knowledge of the leading security concepts in Information and Communication Technologies (ICT). Their applications, often publicly available on GitHub (or other code-sharing platforms), can be taken as examples by other developers or downloaded and used by non-expert users, spreading these issues in other projects. For these reasons, this paper aims at understanding the current landscape by analyzing a set of open-source DIY IoT projects and looking for potential security issues. Furthermore, the paper classifies those issues according to the proper security category. This study's results offer a deeper understanding of the security concerns in Arduino projects created by hobbyist programmers and the dangers that may be faced by those who use these projects.
Arduino 是一个基于廉价硬件和易于使用的集成开发环境(IDE)的开源电子平台。如今,由于其开源性质及其简单易用的用户体验,Arduino 在 DIY 项目中无处不在,深受业余爱好者和新手程序员的欢迎,尤其是在物联网(IoT)领域。不幸的是,这种普及是有代价的。许多开发人员在没有深入了解信息和通信技术(ICT)中领先安全概念的情况下开始使用该平台。他们的应用程序通常可以在 GitHub(或其他代码共享平台)上公开获取,可能会被其他开发人员借鉴,也可能会被非专业用户下载并使用,从而将这些问题传播到其他项目中。基于此,本文旨在通过分析一组开源 DIY IoT 项目来了解当前的情况,并寻找潜在的安全问题。此外,本文还根据适当的安全类别对这些问题进行分类。这项研究的结果使人们更深入地了解了由业余爱好者程序员创建的 Arduino 项目中的安全问题,以及使用这些项目的人可能面临的危险。
