The paper is an interesting discussion, but the example attacks seem rather contrived. I find it interesting that he had to resort to adding a Bluetooth interface to the AVR processor side of the Yun, and use that Bluetooth interface to attack the sketch and then use that as a vector to get to Linux. For this paper, he added the Bluetooth interface to counter the inability to reach the Linux side "in cases when direct connections to those interfaces are impossible due to firewall configuration or other reasons."
His example program, that he used for his attack victim, appears to be carefully crafted to make it particularly vulnerable: he set it up so it accepts commands from Bluetooth, he made short command and argument buffers, and he explicitly does not check for buffer overrruns.
And what extra steps can we take to prevent any Yún-based IoT from being attacked and joining the ranks of the botnet gangs and armies out there?
Reading between the lines of his paper, it reinforces my initial thoughts on security:
- First step: don't connect your Yun directly to the Internet! Put it behind a good firewall, and don't set up a port forward directly from the Internet to your Yun.
- Secondly, use good programming practices in both your sketch and Linux processes: check input data before acting on it to make sure it is valid and not harmful, and always check for and prevent buffer overruns. (Never assume you will actually get the data you are expecting.)
Step one of exploiting any type of vulnerability is to gain access to the system. If you don't make it publicly visible to the Internet, and you don't add a communications method that allows access, then you have gone a long way toward protecting your creation. However, it's not enough to only focus on incoming connections, you have to consider what outgoing connections your system may make: are they reaching the right destination, and can the data you are sending be intercepted or compromised? Is it downloading any data, perhaps reading tweets or similar data "from the wild"? If so, you've got to carefully check that incoming data to make sure it's safe (as the paper's author mentions his code looks for '&' or '`' as a security method), but you've also got to check to make sure you don't overrun any buffer space and execute unintended code/data (as the paper's author explicitly created such an overrun vulnerability.)
I don't mean to minimize the authors work: it is an important topic to be discussed. It's true that the Arduino universe is not focused on security - for the most part, that's not an issue when you have a simple hobbyist stand-alone project that doesn't do anything critical, and isn't communicating with anything. But when you start to bring Internet connectivity into the equation, like the Yun, you do have to start thinking about these issues.