Go Down

Topic: Could an Arduino virus ever be created? (Read 10358 times) previous topic - next topic

avandalen

Yes, SAMD21 Arduino bootloader virus, see here:
http://www.avdweb.nl/arduino/samd21/virus.html

stupid-questions

But the amount of people who actually use Arduino (or even KNOW what an Arduino is) is very small compared to the number of people who use Windows computers, without anything to do with Arduino.

Why would a malware writer do this, if he could spread his virus through some other system. Some other system that will affect ALOT more people than our small community of Arduino-nerds (I use "nerds" as a compliment here)

If I was a virus maker (which I'm not... hey who's at the door? The CIA? Really? Gotta get outta here!) I would target alot more people than just Arduino people.
No friends, just Arduino.

westfw

Quote
SAMD21 Arduino bootloader virus
It's not a virus.  No propagation; just a sketch that can brick your D21 so that you can't upload a new sketch.
(Maybe.  Some SAMD21 have a "doubletap reset" feature for recovering from "similar" situations; I never got a response whether it works with this particular sketch.)

jlsilicon

#18
Oct 12, 2016, 11:29 pm Last Edit: Oct 12, 2016, 11:35 pm by jlsilicon
I think it is unlikely and would not be supportable.

I think it would be hard to miss.
Would need to be squeezed in as its own bootloader.
Easy to recognize and fix.  Just re-flash the Bootloader.

Or, maybe a one stage Virus from the Compiler or Uploader to the Arduino - but would not spread.

Seems unlikely and futile.

I used to do AntiVirus work.  Took apart & Debugged & published about 10 Viruses per week - sent the info and signatures off to Nortons, etc.

ChrisTenone

... hey who's at the door? The CIA? Really? Gotta get outta here!
...
I don't think they knock.
What, I need to say something else too?

pert

As the Leonardo can emulate a keyboard/mouse could you get it to pump out the required keyboard key sequences to open a CLI, connect to and download a payload from your server that it then executes?
Or maybe just open notepad (assumes Windows), write an entire batch program, save it and execute it?
Arduinos have definitely been used for this sort of "USB drive-by" attack. In that case it's the attacker slipping an Arduino into a USB port on someone's computer to send the mouse/keyboard stuff but it would certainly be possible for someone to hide some code that does that in a sketch or library.

Slightly off topic, but another security vulnerability is Boards Manager. Someone could easily put together a hardware package that includes a harmful executable file that will be run when the user compiles or uploads with that board selected. Strangely, the IDE will only run the "post install script" you can include with the package to run after the install, which seems a pointless precaution considering. Hopefully nobody would do something like that but there certainly are a lot of scumbags in the world. It's a pretty small number of potential victims, and would not lend itself well to reuse once it became known that particular package was malicious since there are a limited number of possible hardware packages that anyone would be interested in.

Not a virus, but since the original post mentions malware, which doesn't necessarily mean replicating software, you might also consider code that's harmful to the Arduino. I actually think that's a more interesting discussion since this doesn't necessarily have to be done with evil intent, it could be accidental.
  • Wearing out the EEPROM through repeated writes.
  • Watchdog reset will soft brick any Arduino using the crappy bootloader with the endless watchdog reset bug, such as Nano, Pro Mini, etc.
  • Repeated keyboard or mouse output that starts immediately since it makes it somewhat difficult to upload a new sketch.
  • Shorting pins.

Can anyone think of other potentially harmful code, that could damage the hardware or cause difficult to recover from software situations?

rogertee

some people do more damage to their own computers deleting things or reformatting the hard drive or a machine language wanna be programmer sending computer to outer spaces

pert


Metonymy

A virus for Arduino itself or a virus that uses Arduino to infect the PC?

I guess if you really wanted you could modify avr-gcc to inject some extra code that does evil things like... act as a logic bomb?

If you want to use Arduino to infect a PC you could use Leonardo, Pro Mini or Due and abuse the Keyboard and Mouse classes but I think the victim needs to install drivers or trust the device, at least on some platforms.

Riva

If you want to use Arduino to infect a PC you could use Leonardo, Pro Mini or Due and abuse the Keyboard and Mouse classes but I think the victim needs to install drivers or trust the device, at least on some platforms.
On a stock install of Windows 7 there is no need for HID drivers to be installed or trusted so plugging in a Leonardo setup as a mouse/keyboard will auto install the HID drivers and then it can send keyboard & mouse commands.
Don't PM me for help as I will ignore it.

Isaac96

For example-open a terminal and destroy stuff :)
Or open a browser and look up you-know-what...
Do not PM me for help. I will delete immediately.
CONNECT THE GROUNDS!

After Tuesday, even the calendar goes W T F

pYro_65

Forum Mod anyone?
https://arduino.land/Moduino/

Go Up