{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T23:33:37Z","timestamp":1769556817757,"version":"3.49.0"},"reference-count":71,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2025,1,15]],"date-time":"2025-01-15T00:00:00Z","timestamp":1736899200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,15]],"date-time":"2025-01-15T00:00:00Z","timestamp":1736899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,15]],"date-time":"2025-01-15T00:00:00Z","timestamp":1736899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2019YFB2101704"],"award-info":[{"award-number":["2019YFB2101704"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2025,1,15]]},"DOI":"10.1109\/jiot.2024.3502405","type":"journal-article","created":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T18:46:09Z","timestamp":1732041969000},"page":"1182-1199","source":"Crossref","is-referenced-by-count":1,"title":["Exposed by Default: A Security Analysis of Home Router Default Settings and Beyond"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-0923-9658","authenticated-orcid":false,"given":"Junjian","family":"Ye","sequence":"first","affiliation":[{"name":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China"}]},{"given":"Xavier","family":"de Carn\u00e9 de Carnavalet","sequence":"additional","affiliation":[{"name":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong, SAR, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6376-4062","authenticated-orcid":false,"given":"Lianying","family":"Zhao","sequence":"additional","affiliation":[{"name":"School of Computer Science, Carleton University, Ottawa, ON, Canada"}]},{"given":"Mengyuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Computer Systems, Vrije Universiteit Amsterdam, Amsterdam, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5457-1923","authenticated-orcid":false,"given":"Lifa","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1658-0236","authenticated-orcid":false,"given":"Wei","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science, Carleton University, Ottawa, ON, Canada"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Number of Internet and Social Media Users Worldwide as of April 2024","author":"Petrosyan","year":"2024"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"ref3","volume-title":"VPNFilter two years later: Routers still compromised","author":"Hilt","year":"2021"},{"key":"ref4","volume-title":"New Mozi P2P botnet attacks Netgear, GPON, D-link and Huawei routers using weak passwords and some known exploits","author":"Baran","year":"2019"},{"key":"ref5","volume-title":"Brute Forcing Wi-Fi Protected Setup","author":"Viehb\u00f6ck","year":"2011"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243807"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"ref8","first-page":"2379","article-title":"FIRMSCOPE: Automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in android firmware","volume-title":"Proc. USENIX Secur. Symp. (USENIX Secur.)","author":"Elsabagh"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427294"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359826"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45537-X_1"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/769800.769823"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2018.23011"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3637671"},{"key":"ref15","volume-title":"Wenjuanxing homepage","year":"2024"},{"key":"ref16","volume-title":"SurveyMonkey homepage","year":"2024"},{"key":"ref17","volume-title":"Shodan homepage","year":"2024"},{"key":"ref18","volume-title":"Zoomeye homepage","year":"2024"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/1514274.1514286"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"ref21","volume-title":"Hierarchy\u2013what do you want people to see? Where do you want them to go?","author":"O\u2019Flaherty","year":"2012"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ieeestd.2007.373646"},{"key":"ref23","volume-title":"Wi-Fi Protected Setup Specification v2.0.8","year":"2020"},{"key":"ref24","volume-title":"t6x\/reaver-wps-fork-t6x","year":"2015"},{"key":"ref25","volume-title":"An introduction to ARP spoofing","author":"Whalen","year":"2001"},{"key":"ref26","volume-title":"Arpspoof in Dsniff","author":"Song","year":"2017"},{"key":"ref27","volume-title":"Cross Site Request Forgery (CSRF)","author":"Kirsten","year":"2024"},{"key":"ref28","volume-title":"Mitmproxy: A free and open source interactive HTTPS proxy","author":"Cortesi","year":"2010"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/JCSSE.2018.8457340"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3333165.3333169"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.60"},{"key":"ref32","first-page":"1169","article-title":"All things considered: An analysis of IoT devices on home networks","volume-title":"Proc. USENIX Secur. Symp. (USENIX Secur.)","author":"Kumar"},{"key":"ref33","volume-title":"Nmap: The network mapper-free security scanner","year":"2024"},{"key":"ref34","volume-title":"Router security","author":"Horowitz","year":"2015"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.15394\/jdfsl.2017.1444"},{"key":"ref36","volume-title":"You need to lock down your router\u2019s remote management options","author":"Murphy","year":"2020"},{"key":"ref37","first-page":"95","article-title":"A large-scale analysis of the security of embedded firmwares","volume-title":"Proc. USENIX Secur. Symp. (USENIX Secur.)","author":"Costin"},{"key":"ref38","volume-title":"Local network protection for IPv6","author":"Klein","year":"4864"},{"key":"ref39","volume-title":"No-IP homepage","year":"2024"},{"key":"ref40","volume-title":"DynDNS homepage","year":"2024"},{"key":"ref41","volume-title":"Oray homepage","year":"2024"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00042"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/35.968819"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/WAINA.2013.225"},{"key":"ref45","volume-title":"UPnP PortMapper","year":"2015"},{"key":"ref46","volume-title":"FileZilla-the free FTP solution","year":"2024"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3448300.3467820"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179294"},{"key":"ref49","volume-title":"Home Wireless Router Market Size 2023-2030 | Detailed Analysis of Market Size and Growth Rate","year":"2023"},{"key":"ref50","volume-title":"2023 wireless router brand rankings","year":"2023"},{"key":"ref51","first-page":"4473","article-title":"XDRI attacks-and-how to enhance resilience of residential routers","volume-title":"Proc. USENIX Secur. Symp. (USENIX Secur.)","author":"Jeitner"},{"key":"ref52","volume-title":"The cable guy IPv6 autoconfiguration in windows vista","author":"Davies","year":"2007"},{"key":"ref53","volume-title":"Privacy extensions for stateless address autoconfiguration in IPv6","author":"Narten","year":"4941"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134027"},{"key":"ref55","volume-title":"Understanding and Configuring Dynamic ARP Inspection","year":"2007"},{"key":"ref56","first-page":"1","article-title":"Your firmware has arrived: A study of firmware update vulnerabilities","volume-title":"Proc. USENIX Secur. Symp. (USENIX Secur.)","author":"Wu"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2022.103190"},{"key":"ref58","volume-title":"wget: Implement TLS verification with ENABLE_FEATURE_WGET_OPENSSL","author":"Ledkov","year":"2020"},{"key":"ref59","volume-title":"Binwalk devttys0","year":"2014"},{"key":"ref60","volume-title":"Google domains","year":"2024"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3678890.3678914"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-23483-7_284"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM52122.2024.10621138"},{"key":"ref64","first-page":"555","article-title":"Where\u2019s Crypto?: Automated identification and classification of proprietary cryptographic primitives in binary code","volume-title":"Proc. Annu. Comput. Security Appl. Conf. (ACSAC)","author":"Meijer"},{"key":"ref65","first-page":"151","article-title":"CRYPTOREX: Large-scale analysis of cryptographic misuse in IoT devices","volume-title":"Proc. Int. Symp. Res. Attacks, Intrusions Defenses (RAID)","author":"Zhang"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3334017"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.3037908"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920276"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"key":"ref70","first-page":"1","article-title":"Owning your home network: Router security revisited","volume-title":"Proc. Web 2.0 Secur. Privacy (W2SP)","author":"Niemietz"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487830"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6488907\/10836656\/10758308.pdf?arnumber=10758308","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,11]],"date-time":"2025-01-11T10:33:29Z","timestamp":1736591609000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10758308\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,15]]},"references-count":71,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2024.3502405","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,15]]}}}