Abstract: Presentation of Embedded System (In)Security Workshop: We will present different code injection attacks on wireless sensors networks. We will see in more details how to exploit program vulnerabilities to permanently inject code into the program memory of an Atmel AVR-based sensor (micaz) . AVR microcontrollers use an Harvard based architecture, it was believed that code injection were impossible on such an architecture. We also show that this attack can be used to inject a worm that can propagate through the wireless sensor network and possibly create a sensor botnet. Our attack combines different techniques such as return oriented programming and fake stack injection. We present implementation details and suggest some counter-measures.