{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:40:02Z","timestamp":1767339602591,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":85,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,25]],"date-time":"2021-10-25T00:00:00Z","timestamp":1635120000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1750953, CNS-1815636, CNS-1814551, and CNS-2112471"],"award-info":[{"award-number":["CNS-1750953, CNS-1815636, CNS-1814551, and CNS-2112471"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology, Taiwan","doi-asserted-by":"publisher","award":["109-2628-E-009-001-MY3, 110-2221-E-A49-031-MY3, and 110-2218-E-A49-011-MBK"],"award-info":[{"award-number":["109-2628-E-009-001-MY3, 110-2221-E-A49-031-MY3, and 110-2218-E-A49-011-MBK"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,10,25]]},"DOI":"10.1145\/3447993.3483239","type":"proceedings-article","created":{"date-parts":[[2021,10,26]],"date-time":"2021-10-26T09:00:31Z","timestamp":1635238831000},"page":"437-450","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Insecurity of operational cellular IoT service"],"prefix":"10.1145","author":[{"given":"Sihan","family":"Wang","sequence":"first","affiliation":[{"name":"Michigan State University"}]},{"given":"Guan-Hua","family":"Tu","sequence":"additional","affiliation":[{"name":"Michigan State University"}]},{"given":"Xinyu","family":"Lei","sequence":"additional","affiliation":[{"name":"Michigan State University and Michigan Technological University"}]},{"given":"Tian","family":"Xie","sequence":"additional","affiliation":[{"name":"Michigan State University"}]},{"given":"Chi-Yu","family":"Li","sequence":"additional","affiliation":[{"name":"National Yang Ming Chiao Tung University"}]},{"given":"Po-Yi","family":"Chou","sequence":"additional","affiliation":[{"name":"National Yang Ming Chiao Tung University"}]},{"given":"Fucheng","family":"Hsieh","sequence":"additional","affiliation":[{"name":"National Yang Ming Chiao Tung University"}]},{"given":"Yiwen","family":"Hu","sequence":"additional","affiliation":[{"name":"Michigan State University"}]},{"given":"Li","family":"Xiao","sequence":"additional","affiliation":[{"name":"Michigan State University"}]},{"given":"Chunyi","family":"Peng","sequence":"additional","affiliation":[{"name":"Purdue University"}]}],"member":"320","published-online":{"date-parts":[[2021,10,25]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Cellular iot market. https:\/\/www.marketdataforecast.com\/market-reports\/cellular-iot-market.  Cellular iot market. https:\/\/www.marketdataforecast.com\/market-reports\/cellular-iot-market."},{"key":"e_1_3_2_1_2_1","unstructured":"Free carrier lookup service. https:\/\/www.freecarrierlookup.com\/.  Free carrier lookup service. https:\/\/www.freecarrierlookup.com\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Graphical network simulator-3. https:\/\/www.gns3.com\/.  Graphical network simulator-3. https:\/\/www.gns3.com\/."},{"key":"e_1_3_2_1_4_1","unstructured":"mangoh yellow testbed. https:\/\/mangoh.io\/mangoh-yellow.  mangoh yellow testbed. https:\/\/mangoh.io\/mangoh-yellow."},{"key":"e_1_3_2_1_5_1","unstructured":"Mqtt (message queuing telemetry transport). https:\/\/mqtt.org\/.  Mqtt (message queuing telemetry transport). https:\/\/mqtt.org\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Open ims core: an open source implementation of ims call session control functions. http:\/\/openimscore.sourceforge.net\/.  Open ims core: an open source implementation of ims call session control functions. http:\/\/openimscore.sourceforge.net\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Pycom fipy testbed. https:\/\/pycom.io\/product\/fipy\/.  Pycom fipy testbed. https:\/\/pycom.io\/product\/fipy\/."},{"key":"e_1_3_2_1_8_1","unstructured":"Scapy. https:\/\/github.com\/secdev\/scapy\/.  Scapy. https:\/\/github.com\/secdev\/scapy\/."},{"key":"e_1_3_2_1_9_1","unstructured":"Shodan search engine. https:\/\/www.shodan.io\/.  Shodan search engine. https:\/\/www.shodan.io\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Tcpdump. https:\/\/www.tcpdump.org\/.  Tcpdump. https:\/\/www.tcpdump.org\/."},{"key":"e_1_3_2_1_11_1","unstructured":"The trusted source for ip address data. https:\/\/ipinfo.io\/.  The trusted source for ip address data. https:\/\/ipinfo.io\/."},{"key":"e_1_3_2_1_12_1","unstructured":"Twinkle: a softphone for voip and instant messaging communications using the sip protocol. https:\/\/mfnboer.home.xs4all.nl\/twinkle\/.  Twinkle: a softphone for voip and instant messaging communications using the sip protocol. https:\/\/mfnboer.home.xs4all.nl\/twinkle\/."},{"key":"e_1_3_2_1_13_1","unstructured":"Understanding physical internet infrastructure vulnerabilities. https:\/\/cip.gmu.edu\/2016\/10\/26\/understanding-physical-internet-infrastructure-vulnerabilities\/.  Understanding physical internet infrastructure vulnerabilities. https:\/\/cip.gmu.edu\/2016\/10\/26\/understanding-physical-internet-infrastructure-vulnerabilities\/."},{"key":"e_1_3_2_1_14_1","unstructured":"What is an internet exchange point (ixp)? https:\/\/blog.stackpath.com\/internet-exchange-point\/.  What is an internet exchange point (ixp)? https:\/\/blog.stackpath.com\/internet-exchange-point\/."},{"key":"e_1_3_2_1_15_1","unstructured":"Wio lte cat m1\/nb-iot tracker. https:\/\/wiki.seeedstudio.com\/Wio_LTE_Cat_M1_NB-IoT_Tracker\/.  Wio lte cat m1\/nb-iot tracker. https:\/\/wiki.seeedstudio.com\/Wio_LTE_Cat_M1_NB-IoT_Tracker\/."},{"key":"e_1_3_2_1_16_1","unstructured":"Transmission Control Protocol. RFC 793 Sept. 1981.  Transmission Control Protocol. RFC 793 Sept. 1981."},{"key":"e_1_3_2_1_17_1","volume-title":"https:\/\/www.etsi.org\/deliver\/etsi_gts\/04\/0411\/05.01.00_60\/gsmts_0411v050100p.pdf","author":"Digital","year":"1996","unstructured":"Digital cellular telecommunication system (phase 2); point-to-point (pp) short message service (sms) support on mobile radio interface (gsm 04.11). https:\/\/www.etsi.org\/deliver\/etsi_gts\/04\/0411\/05.01.00_60\/gsmts_0411v050100p.pdf , 1996 . Digital cellular telecommunication system (phase 2); point-to-point (pp) short message service (sms) support on mobile radio interface (gsm 04.11). https:\/\/www.etsi.org\/deliver\/etsi_gts\/04\/0411\/05.01.00_60\/gsmts_0411v050100p.pdf, 1996."},{"key":"e_1_3_2_1_18_1","volume-title":"https:\/\/www.menog.org\/presentations\/menog-6-7-8-9\/Value-Of-Peering.pdf","author":"The","year":"2010","unstructured":"The value of peering. https:\/\/www.menog.org\/presentations\/menog-6-7-8-9\/Value-Of-Peering.pdf , 2010 . The value of peering. https:\/\/www.menog.org\/presentations\/menog-6-7-8-9\/Value-Of-Peering.pdf, 2010."},{"volume-title":"https:\/\/iot.eclipse.org\/community\/resources\/iot-surveys\/assets\/iot-developer-survey-2020.pdf","year":"2020","key":"e_1_3_2_1_19_1","unstructured":"2020 iot developer survey key findings. https:\/\/iot.eclipse.org\/community\/resources\/iot-surveys\/assets\/iot-developer-survey-2020.pdf , 2020 . 2020 iot developer survey key findings. https:\/\/iot.eclipse.org\/community\/resources\/iot-surveys\/assets\/iot-developer-survey-2020.pdf, 2020."},{"volume-title":"The international public telecommunication numbering plan. https:\/\/www.itu.int\/rec\/T-REC-E.164\/","year":"2020","key":"e_1_3_2_1_20_1","unstructured":"E.164 : The international public telecommunication numbering plan. https:\/\/www.itu.int\/rec\/T-REC-E.164\/ , 2020 . E.164: The international public telecommunication numbering plan. https:\/\/www.itu.int\/rec\/T-REC-E.164\/, 2020."},{"key":"e_1_3_2_1_21_1","volume-title":"https:\/\/www.veracode.com\/security\/arp-spoofing","author":"Arp","year":"2021","unstructured":"Arp spoofing. https:\/\/www.veracode.com\/security\/arp-spoofing , 2021 . Arp spoofing. https:\/\/www.veracode.com\/security\/arp-spoofing, 2021."},{"key":"e_1_3_2_1_22_1","volume-title":"https:\/\/en.wikipedia.org\/wiki\/Autonomous_system_(Internet)","author":"Autonomous","year":"2021","unstructured":"Autonomous system. https:\/\/en.wikipedia.org\/wiki\/Autonomous_system_(Internet) , 2021 . Autonomous system. https:\/\/en.wikipedia.org\/wiki\/Autonomous_system_(Internet), 2021."},{"key":"e_1_3_2_1_23_1","unstructured":"Can i get unlimited data? https:\/\/www.xfinity.com\/support\/articles\/expunlimited-data 2021.  Can i get unlimited data? https:\/\/www.xfinity.com\/support\/articles\/expunlimited-data 2021."},{"key":"e_1_3_2_1_24_1","volume-title":"https:\/\/www.charlesproxy.com\/documentation\/tools\/dns-spoofing\/","author":"Dns","year":"2021","unstructured":"Dns spoofing tool. https:\/\/www.charlesproxy.com\/documentation\/tools\/dns-spoofing\/ , 2021 . Dns spoofing tool. https:\/\/www.charlesproxy.com\/documentation\/tools\/dns-spoofing\/, 2021."},{"key":"e_1_3_2_1_25_1","volume-title":"3rd Generation Partnership Project (3GPP), 04","author":"GPP.","year":"2014","unstructured":"3 GPP. IP Multimedia Subsystem. Technical Specification (TS) 23.228 , 3rd Generation Partnership Project (3GPP), 04 2014 . Version 12.4.0. 3GPP. IP Multimedia Subsystem. Technical Specification (TS) 23.228, 3rd Generation Partnership Project (3GPP), 04 2014. Version 12.4.0."},{"volume-title":"Technical Specification Group Services and System Aspects","year":"2020","key":"e_1_3_2_1_26_1","unstructured":"3GPP. TS 23.203 : Technical Specification Group Services and System Aspects ; Policy and charging control architecture, 2020 . 3GPP. TS 23.203: Technical Specification Group Services and System Aspects; Policy and charging control architecture, 2020."},{"volume-title":"Universal Mobile Telecommunications System (UMTS)","year":"2020","key":"e_1_3_2_1_27_1","unstructured":"3GPP. TS 23.272 : Universal Mobile Telecommunications System (UMTS) ; LTE; Circuit Switched (CS) fallback in Evolved Packet System (EPS); Stage 2, 2020 . 3GPP. TS 23.272: Universal Mobile Telecommunications System (UMTS); LTE; Circuit Switched (CS) fallback in Evolved Packet System (EPS); Stage 2, 2020."},{"volume-title":"General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access","year":"2020","key":"e_1_3_2_1_28_1","unstructured":"3GPP. TS 23.401 : General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access , 2020 . 3GPP. TS 23.401: General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access, 2020."},{"volume-title":"Technical Specification Group Core Network and Terminals","year":"2020","key":"e_1_3_2_1_29_1","unstructured":"3GPP. TS 24.011 : Technical Specification Group Core Network and Terminals ; Point-to-Point (PP) Short Message Service (SMS) support on mobile radio interface, 2020 . 3GPP. TS 24.011: Technical Specification Group Core Network and Terminals; Point-to-Point (PP) Short Message Service (SMS) support on mobile radio interface, 2020."},{"volume-title":"Technical Specification Group Core Network and Terminals","year":"2020","key":"e_1_3_2_1_30_1","unstructured":"3GPP. TS 24.301 : Technical Specification Group Core Network and Terminals ; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 2, 2020 . 3GPP. TS 24.301: Technical Specification Group Core Network and Terminals; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 2, 2020."},{"volume-title":"Technical Specification Group Services and System Aspects","year":"2020","key":"e_1_3_2_1_31_1","unstructured":"3GPP. TS 32.240 : Technical Specification Group Services and System Aspects ; Telecommunication management; Charging management; Charging architecture and principles, 2020 . 3GPP. TS 32.240: Technical Specification Group Services and System Aspects; Telecommunication management; Charging management; Charging architecture and principles, 2020."},{"volume-title":"Technical Specification Group Services and System Aspects","year":"2020","key":"e_1_3_2_1_32_1","unstructured":"3GPP. TS 32.260 : Technical Specification Group Services and System Aspects ; Telecommunication management; Charging management; IP Multimedia Subsystem (IMS) charging, 2020 . 3GPP. TS 32.260: Technical Specification Group Services and System Aspects; Telecommunication management; Charging management; IP Multimedia Subsystem (IMS) charging, 2020."},{"volume-title":"Telecommunication management","year":"2020","key":"e_1_3_2_1_33_1","unstructured":"3GPP. TS 32.298 : Telecommunication management ; Charging management; Charging Data Record (CDR) parameter description, 2020 . 3GPP. TS 32.298: Telecommunication management; Charging management; Charging Data Record (CDR) parameter description, 2020."},{"volume-title":"Technical Specification Group Radio Access Network","year":"2020","key":"e_1_3_2_1_34_1","unstructured":"3GPP. TS 36.331 : Technical Specification Group Radio Access Network ; Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification, 2020 . 3GPP. TS 36.331: Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification, 2020."},{"volume-title":"IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP)","year":"2021","key":"e_1_3_2_1_35_1","unstructured":"3GPP. TS 24.229 : IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP) ; Stage 3, 2021 . 3GPP. TS 24.229: IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage 3, 2021."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3007690"},{"key":"e_1_3_2_1_37_1","volume-title":"Program analysis of commodity iot applications for security and privacy: Challenges and opportunities. ACM Computing Surveys (CSUR) 52, 4","author":"Celik Z. B.","year":"2019","unstructured":"Celik , Z. B. , Fernandes , E. , Pauley , E. , Tan , G. , and McDaniel , P. Program analysis of commodity iot applications for security and privacy: Challenges and opportunities. ACM Computing Surveys (CSUR) 52, 4 ( 2019 ), 1--30. Celik, Z. B., Fernandes, E., Pauley, E., Tan, G., and McDaniel, P. Program analysis of commodity iot applications for security and privacy: Challenges and opportunities. ACM Computing Surveys (CSUR) 52, 4 (2019), 1--30."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2018.8422832"},{"key":"e_1_3_2_1_39_1","volume-title":"Cellular iot alphabet soup. https:\/\/www.ericsson.com\/en\/blog\/2016\/2\/cellular-iot-alphabet-soup","author":"Ericsson","year":"2016","unstructured":"Ericsson . Cellular iot alphabet soup. https:\/\/www.ericsson.com\/en\/blog\/2016\/2\/cellular-iot-alphabet-soup , 2016 . Ericsson. Cellular iot alphabet soup. https:\/\/www.ericsson.com\/en\/blog\/2016\/2\/cellular-iot-alphabet-soup, 2016."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2616"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23118"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2980159.2980163"},{"key":"e_1_3_2_1_43_1","volume-title":"https:\/\/www.gsma.com\/futurenetworks\/wp-content\/uploads\/2014\/05\/FCM.01-v1.1.pdf","author":"Volte","year":"2014","unstructured":"GSMA. Volte service description and implementation guidelines. https:\/\/www.gsma.com\/futurenetworks\/wp-content\/uploads\/2014\/05\/FCM.01-v1.1.pdf , 2014 . GSMA. Volte service description and implementation guidelines. https:\/\/www.gsma.com\/futurenetworks\/wp-content\/uploads\/2014\/05\/FCM.01-v1.1.pdf, 2014."},{"key":"e_1_3_2_1_44_1","volume-title":"version 13.0. https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/\/IR.92-v13.0-2-1.pdf","author":"Ims","year":"2019","unstructured":"GSMA. Ims profile for voice and sms. version 13.0. https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/\/IR.92-v13.0-2-1.pdf , 2019 . GSMA. Ims profile for voice and sms. version 13.0. https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/\/IR.92-v13.0-2-1.pdf, 2019."},{"key":"e_1_3_2_1_45_1","volume-title":"https:\/\/www.gsma.com\/iot\/wp-content\/uploads\/2019\/08\/201906-GSMA-LTE-M-Deployment-Guide-v3.pdf","author":"Lte","year":"2019","unstructured":"GSMA. Lte -m deployment guide to basic feature set requirements. https:\/\/www.gsma.com\/iot\/wp-content\/uploads\/2019\/08\/201906-GSMA-LTE-M-Deployment-Guide-v3.pdf , 2019 . GSMA. Lte-m deployment guide to basic feature set requirements. https:\/\/www.gsma.com\/iot\/wp-content\/uploads\/2019\/08\/201906-GSMA-LTE-M-Deployment-Guide-v3.pdf, 2019."},{"key":"e_1_3_2_1_46_1","volume-title":"https:\/\/www.gsma.com\/iot\/wp-content\/uploads\/2019\/07\/201906-GSMA-NB-IoT-Deployment-Guide-v3.pdf","author":"Nb","year":"2019","unstructured":"GSMA. Nb -iot deployment guide to basic feature set requirements. https:\/\/www.gsma.com\/iot\/wp-content\/uploads\/2019\/07\/201906-GSMA-NB-IoT-Deployment-Guide-v3.pdf , 2019 . GSMA. Nb-iot deployment guide to basic feature set requirements. https:\/\/www.gsma.com\/iot\/wp-content\/uploads\/2019\/07\/201906-GSMA-NB-IoT-Deployment-Guide-v3.pdf, 2019."},{"key":"e_1_3_2_1_47_1","volume-title":"https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/CLP.28v1.0.pdf","author":"Nb","year":"2019","unstructured":"GSMA. Nb -iot deployment guide to basic feature set requirements. https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/CLP.28v1.0.pdf , 2019 . GSMA. Nb-iot deployment guide to basic feature set requirements. https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/CLP.28v1.0.pdf, 2019."},{"key":"e_1_3_2_1_48_1","volume-title":"video and sms over untrusted wi-fi access","author":"Ims","year":"2020","unstructured":"GSMA. Ims profile for voice , video and sms over untrusted wi-fi access ; version 8.0. https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/\/IR.51-v8.0.pdf, 2020 . GSMA. Ims profile for voice, video and sms over untrusted wi-fi access; version 8.0. https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/\/IR.51-v8.0.pdf, 2020."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1002\/9780470512531"},{"key":"e_1_3_2_1_50_1","volume-title":"https:\/\/www.itu.int\/en\/ITU-T\/extcoop\/figisymposium\/Documents\/ITU_SIT_WG_Technical%20report%20on%20the%20SS7%20vulnerabilities%20and%20their%20impact%20on%20DFS%20transactions_f.pdf","author":"Technical","year":"2017","unstructured":"ITU. Technical report on ss7 vulnerabilities and mitigation measures for digital financial services transactions. https:\/\/www.itu.int\/en\/ITU-T\/extcoop\/figisymposium\/Documents\/ITU_SIT_WG_Technical%20report%20on%20the%20SS7%20vulnerabilities%20and%20their%20impact%20on%20DFS%20transactions_f.pdf , 2017 . ITU. Technical report on ss7 vulnerabilities and mitigation measures for digital financial services transactions. https:\/\/www.itu.int\/en\/ITU-T\/extcoop\/figisymposium\/Documents\/ITU_SIT_WG_Technical%20report%20on%20the%20SS7%20vulnerabilities%20and%20their%20impact%20on%20DFS%20transactions_f.pdf, 2017."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813718"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307334.3326082"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3212480.3212508"},{"key":"e_1_3_2_1_54_1","first-page":"316","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2015), CCS '15, Association for Computing Machinery","author":"Li C.-Y.","unstructured":"Li , C.-Y. , Tu , G.-H. , Peng , C. , Yuan , Z. , Li , Y. , Lu , S. , and Wang , X . Insecurity of voice solution volte in lte mobile networks . In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2015), CCS '15, Association for Computing Machinery , p. 316 -- 327 . Li, C.-Y., Tu, G.-H., Peng, C., Yuan, Z., Li, Y., Lu, S., and Wang, X. Insecurity of voice solution volte in lte mobile networks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2015), CCS '15, Association for Computing Machinery, p. 316--327."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3341302.3342074"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2873587.2873599"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372224.3380885"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3019612.3019878"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2017.283"},{"key":"e_1_3_2_1_60_1","first-page":"195","volume-title":"Proceedings of the 2012 ACM Conference on Computer and Communications Security (New York, NY, USA, 2012), CCS '12, Association for Computing Machinery","author":"Peng C.","unstructured":"Peng , C. , Li , C.-y. , Tu , G.-H. , Lu , S. , and Zhang , L . Mobile data charging: New attacks and countermeasures . In Proceedings of the 2012 ACM Conference on Computer and Communications Security (New York, NY, USA, 2012), CCS '12, Association for Computing Machinery , p. 195 -- 204 . Peng, C., Li, C.-y., Tu, G.-H., Lu, S., and Zhang, L. Mobile data charging: New attacks and countermeasures. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (New York, NY, USA, 2012), CCS '12, Association for Computing Machinery, p. 195--204."},{"key":"e_1_3_2_1_61_1","first-page":"727","volume-title":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2014), CCS '14, Association for Computing Machinery","author":"Peng C.","unstructured":"Peng , C. , Li , C.-Y. , Wang , H. , Tu , G.-H. , and Lu , S . Real threats to your data bills: Security loopholes and defenses in mobile data charging . In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2014), CCS '14, Association for Computing Machinery , p. 727 -- 738 . Peng, C., Li, C.-Y., Wang, H., Tu, G.-H., and Lu, S. Real threats to your data bills: Security loopholes and defenses in mobile data charging. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2014), CCS '14, Association for Computing Machinery, p. 727--738."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2348543.2348560"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4271"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2846040"},{"key":"e_1_3_2_1_65_1","first-page":"547","volume-title":"15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18)","author":"Roy N.","year":"2018","unstructured":"Roy , N. , Shen , S. , Hassanieh , H. , and Choudhury , R. R . Inaudible voice commands: The long-range attack and defense . In 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18) ( 2018 ), pp. 547 -- 560 . Roy, N., Shen, S., Hassanieh, H., and Choudhury, R. R. Inaudible voice commands: The long-range attack and defense. In 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18) (2018), pp. 547--560."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00006"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24283"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423650"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2013.2256431"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622243"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3212480.3212497"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3084041.3084061"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660274"},{"key":"e_1_3_2_1_74_1","first-page":"8","article-title":"Classifying iot devices in smart environments using network traffic characteristics","volume":"18","author":"Sivanathan A.","year":"2018","unstructured":"Sivanathan , A. , Gharakheili , H. H. , Loi , F. , Radford , A. , Wijenayake , C. , Vishwanath , A. , and Sivaraman , V . Classifying iot devices in smart environments using network traffic characteristics . IEEE Transactions on Mobile Computing 18 , 8 ( 2018 ), 1745--1759. Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. Classifying iot devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing 18, 8 (2018), 1745--1759.","journal-title":"IEEE Transactions on Mobile Computing"},{"key":"e_1_3_2_1_75_1","volume-title":"30th {USENIX} Security Symposium ({USENIX} Security 21)","author":"Stute M.","year":"2021","unstructured":"Stute , M. , Heinrich , A. , Lorenz , J. , and Hollick , M . Disrupting continuity of apple's wireless ecosystem security: New tracking, dos, and mitm attacks on ios and macos through bluetooth low energy, {AWDL}, and wi-fi . In 30th {USENIX} Security Symposium ({USENIX} Security 21) ( 2021 ). Stute, M., Heinrich, A., Lorenz, J., and Hollick, M. Disrupting continuity of apple's wireless ecosystem security: New tracking, dos, and mitm attacks on ios and macos through bluetooth low energy, {AWDL}, and wi-fi. In 30th {USENIX} Security Symposium ({USENIX} Security 21) (2021)."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3384419.3430727"},{"key":"e_1_3_2_1_77_1","first-page":"1118","volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2016), CCS '16, ACM","author":"Tu G.-H.","unstructured":"Tu , G.-H. , Li , C.-Y. , Peng , C. , Li , Y. , and Lu , S . New security threats caused by ims-based sms service in 4g lte networks . In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2016), CCS '16, ACM , pp. 1118 -- 1130 . Tu, G.-H., Li, C.-Y., Peng, C., Li, Y., and Lu, S. New security threats caused by ims-based sms service in 4g lte networks. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2016), CCS '16, ACM, pp. 1118--1130."},{"key":"e_1_3_2_1_78_1","first-page":"225","volume-title":"Proceedings of the 2015 Internet Measurement Conference (New York, NY, USA, 2015), IMC '15, Association for Computing Machinery","author":"Wang H.","unstructured":"Wang , H. , Xu , F. , Li , Y. , Zhang , P. , and Jin , D . Understanding mobile traffic patterns of large scale cellular towers in urban environment . In Proceedings of the 2015 Internet Measurement Conference (New York, NY, USA, 2015), IMC '15, Association for Computing Machinery , p. 225 -- 238 . Wang, H., Xu, F., Li, Y., Zhang, P., and Jin, D. Understanding mobile traffic patterns of large scale cellular towers in urban environment. In Proceedings of the 2015 Internet Measurement Conference (New York, NY, USA, 2015), IMC '15, Association for Computing Machinery, p. 225--238."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2018.8422191"},{"key":"e_1_3_2_1_80_1","first-page":"1","article-title":"The untold secrets of wifi-calling services: Vulnerabilities, attacks, and countermeasures","author":"Xie T.","year":"2020","unstructured":"Xie , T. , Tu , G. , Yin , B. , Li , C. , Peng , C. , Zhang , M. , Liu , H. , and Liu , X . The untold secrets of wifi-calling services: Vulnerabilities, attacks, and countermeasures . IEEE Transactions on Mobile Computing ( 2020 ), 1 -- 1 . Xie, T., Tu, G., Yin, B., Li, C., Peng, C., Zhang, M., Liu, H., and Liu, X. The untold secrets of wifi-calling services: Vulnerabilities, attacks, and countermeasures. IEEE Transactions on Mobile Computing (2020), 1--1.","journal-title":"IEEE Transactions on Mobile Computing ("},{"key":"e_1_3_2_1_81_1","article-title":"How can iot services pose new security threats in operational cellular networks?","author":"Xie T.","year":"2020","unstructured":"Xie , T. , Tu , G.-H. , Li , C.-Y. , and Peng , C . How can iot services pose new security threats in operational cellular networks? IEEE Transactions on Mobile Computing ( 2020 ). Xie, T., Tu, G.-H., Li, C.-Y., and Peng, C. How can iot services pose new security threats in operational cellular networks? IEEE Transactions on Mobile Computing (2020).","journal-title":"IEEE Transactions on Mobile Computing ("},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993744.1993777"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372224.3419212"},{"key":"e_1_3_2_1_84_1","first-page":"55","volume-title":"28th {USENIX} Security Symposium ({USENIX} Security 19)","author":"Yang H.","year":"2019","unstructured":"Yang , H. , Bae , S. , Son , M. , Kim , H. , Kim , S. M. , and Kim , Y . Hiding in plain signal: Physical signal overshadowing attack on {LTE} . In 28th {USENIX} Security Symposium ({USENIX} Security 19) ( 2019 ), pp. 55 -- 72 . Yang, H., Bae, S., Son, M., Kim, H., Kim, S. M., and Kim, Y. Hiding in plain signal: Physical signal overshadowing attack on {LTE}. In 28th {USENIX} Security Symposium ({USENIX} Security 19) (2019), pp. 55--72."},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533069"}],"event":{"name":"ACM MobiCom '21: The 27th Annual International Conference on Mobile Computing and Networking","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing"],"location":"New Orleans Louisiana","acronym":"ACM MobiCom '21"},"container-title":["Proceedings of the 27th Annual International Conference on Mobile Computing and Networking"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3447993.3483239","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3447993.3483239","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3447993.3483239","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:49:11Z","timestamp":1750193351000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3447993.3483239"}},"subtitle":["new vulnerabilities, attacks, and countermeasures"],"short-title":[],"issued":{"date-parts":[[2021,10,25]]},"references-count":85,"alternative-id":["10.1145\/3447993.3483239","10.1145\/3447993"],"URL":"https:\/\/doi.org\/10.1145\/3447993.3483239","relation":{},"subject":[],"published":{"date-parts":[[2021,10,25]]},"assertion":[{"value":"2021-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}