Open hardware, and specifically one of its main exponents, Arduino boards, allows anyone interested in the subject to investigate, create their own boards and contribute to their improvements, since all kinds of information regarding their design (circuits, components , distribution, etc.). In addition, being practically simple to use devices, they are used in a large number of home automation, digital art, entertainment applications, etc. However, despite its advantages, they do not make it reliable for use in critical infrastructures due to its said freedoms and it is seen in the Arduino vulnerability that happened a while ago.

Vulnerability that appeared in Arduino

On the one hand, we have a first vulnerability that exclusively affects Volkswagen group vehicles, including brands such as Audi or Škoda. Owners do not receive any type of warning when the security of their vehicles is breached, and once an attack has been executed on it, they only need to press the start button of the car to start it and drive it.

All that is required is to obtain two specific encryption keys. One of them is unique for each vehicle, and the other is shared. By combining them, attackers can clone the owners key fob signal to gain access to the car. To obtain the distinctive key for each car, it would be worth being less than 91 meters from it, and using the Arduino board with a radio receiver to obtain the signal emitted by the key rings each time they are used.

Like this vulnerability, it is not known or have not been made known that other vulnerabilities exist but it is evident that if this is possible then who knows what else could happen and thus make known and be able to raise awareness that it is necessary to strengthen the Security of these Softwares.


2 comentarios en «Arduino Vulnerability that appeared over time»

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *