6

Let's say I have an arduino Uno connected to a W5100 ethernet shield. The arduino communicates with the ethernet shield using the tx0 and rx0 pins. When I upload a new script to the arduino using USB, it uses the same tx0 and rx0. So that made me think.

What if I run a script on my arduino that fetches some data from a webpage using HTTP requests but someone manages to hack into my server. Is it possible for the hacker to upload some kind of code to my server, which will erase (when fetched by the arduino) the old script and upload a new arduino script, by making the arduino think it's uploading a new script while it's getting data from the ethernet shield (or other communication shields?)

EDIT: Let's expand the question a bit.. How can I add security to my code to prevent this situation from happening?

Orry
  • 163
  • 4

2 Answers2

6

You should be pretty safe, at least as long as your code handles the incoming data properly.

When you upload a new sketch through USB, the USB-to-serial interface uses the Arduino pins TX0, RX0 and RESET. Your Ethernet shield, on the other hand, does not control the RESET pin. Pulling the RESET pin LOW is needed to make the processor enter the bootloader, which in turn is needed in order to upload a new program. For pulling this pin low, the malicious code would need not only to break into the Ethernet shield's firmware, it would also need a hardware hack to access the pin.

Now, if your own code is not safe, it is conceivable that the malicious payload tricks your program into jumping to the bootloader or, as suggesting by Juraj, into triggering a watchdog reset (which ends up being equivalent). Thus you should treat anything coming from the network as potentially malicious.

Edgar Bonet
  • 45,094
  • 4
  • 42
  • 81
2

No it's not possible. Assuming you mean this shield (and if you don't, please clarify):

Arduino communicates with both the W5100 and SD card using the SPI bus (through the ICSP header). This is on digital pins 10, 11, 12, and 13 on the Uno and pins 50, 51, and 52 on the Mega.

Further on it mentions:

The shield contains a number of informational LEDs:

...

RX: flashes when the shield receives data

TX: flashes when the shield sends data

That's Rx and Tx on the shield, not the Arduino. Since it does not connect to the Tx/Rx on the Arduino, and since it cannot reset the Arduino, it therefore cannot reprogram it.

If you are worried, disable the BOOTRST fuse on the Arduino so that the bootloader is not active after a reset.

If you are really worried, disable the SPIEN fuse so that you cannot even reprogram it using SPI. Of course, then you won't be able to reprogram it either.

Personally I would be more worried that a cockatoo would come and peck at the shield.

Community
  • 1
Nick Gammon
  • 38,901
  • 13
  • 69
  • 125