{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T15:35:54Z","timestamp":1770132954967,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,8]],"date-time":"2022-11-08T00:00:00Z","timestamp":1667865600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,11]]},"DOI":"10.1145\/3560835.3564551","type":"proceedings-article","created":{"date-parts":[[2022,11,9]],"date-time":"2022-11-09T02:38:26Z","timestamp":1667961506000},"page":"93-103","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Inferring Software Update Practices on Smart Home IoT Devices Through User Agent Analysis"],"prefix":"10.1145","author":[{"given":"Vijay","family":"Prakash","sequence":"first","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"given":"Sicheng","family":"Xie","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"given":"Danny Yuxing","family":"Huang","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,11,8]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"The 1,200 IoT companies that are creating the connected world of the future -- IoT Startup Landscape","year":"2021","unstructured":"2021. The 1,200 IoT companies that are creating the connected world of the future -- IoT Startup Landscape 2021. https:\/\/iot-analytics.com\/iot-startup-landscape\/"},{"key":"e_1_3_2_1_2_1","unstructured":"2022. Browser detection using the user agent. https:\/\/developer.mozilla.org\/enUS\/docs\/Web\/HTTP\/Browser_detection_using_the_user_agent"},{"key":"e_1_3_2_1_3_1","unstructured":"2022. Fingerprinting OpenSSL libraries on IoT devices. https:\/\/medium.com\/allthings-inspected\/fingerprinting-openssl-libraries-on-iot-devices-1d214b4d643"},{"key":"e_1_3_2_1_4_1","unstructured":"2022. p0f v3 (3.09b). https:\/\/lcamtuf.coredump.cx\/p0f3\/"},{"key":"e_1_3_2_1_5_1","unstructured":"2022. Software Updates for Internet of Things (suit). https:\/\/datatracker.ietf.org\/ wg\/suit\/about\/"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2005.30"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.002"},{"key":"e_1_3_2_1_8_1","volume-title":"Understanding the Mirai Botnet. In USENIX Security Symposium.","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In USENIX Security Symposium."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.889093"},{"key":"e_1_3_2_1_10_1","volume-title":"Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis. In In Third Workshop on the Economics of Information Security.","author":"Arora Ashish","year":"2004","unstructured":"Ashish Arora, Ramayya Krishnan, Rahul Telang, and Yubao Yang. 2004. Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis. In In Third Workshop on the Economics of Information Security."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3333165.3333169"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134022"},{"key":"e_1_3_2_1_13_1","unstructured":"Hasan Cavusoglu Huseyin Cavusoglu and Srinivasan Raghunathan. 2005. Emerging Issues in Responsible Vulnerability Disclosure. In WEIS."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660320"},{"key":"e_1_3_2_1_15_1","unstructured":"\"cURL\". 2022. \"Command line tool and library for transferring data with URLs\". \"https:\/\/curl.se\/\""},{"key":"e_1_3_2_1_16_1","volume-title":"Stefan Savage. 2019 Measuring Security Practices and How They Impact Security. In Proceedings of the Internet Measurement Conference","author":"DeKoven Louis F.","unstructured":"Louis F. DeKoven, Audrey Randall, Ariana Mirian, Gautam Akiwate, Ansel Blume, Lawrence K. Saul, Aaron Schulman, Geoffrey M. Voelker, and Stefan Savage. 2019 Measuring Security Practices and How They Impact Security. In Proceedings of the Internet Measurement Conference (Amsterdam, Netherlands) (IMC '19). Association for Computing Machinery, New York, NY, USA, 36--49. https:\/\/doi. org\/10.1145\/3355369.3355571"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/1880551.1880562"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_19_1","unstructured":"\"Fingerbank\". 2022. \"ACCURATELY IDENTIFY CONNECTED DEVICES PERFORM ANOMALY DETECTION\". \"https:\/\/www.fingerbank.org\/about\/\""},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1496091.1496094"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1151659.1159961"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","unstructured":"Russ Housley. 2005. Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages. RFC 4108. https:\/\/doi.org\/10.17487\/RFC4108","DOI":"10.17487\/RFC4108"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3397333"},{"key":"e_1_3_2_1_24_1","unstructured":"Amazon.com Inc. 2022. Amazon Alexa. https:\/\/en.wikipedia.org\/wiki\/Amazon_ Alexa"},{"key":"e_1_3_2_1_25_1","unstructured":"SmartThings Inc. 2022. Samsung SmartThings. https:\/\/en.wikipedia.org\/wiki\/ SmartThings"},{"key":"e_1_3_2_1_26_1","unstructured":"Wolfgang Kandek. 2009. The Laws of Vulnerabilities 2.0. https:\/\/www.qualys. com\/docs\/laws-of-vulnerabilities-2.0.pdf"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2012.6415869"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2774239"},{"key":"e_1_3_2_1_29_1","volume-title":"28th USENIX security symposium (USENIX Security 19). 1169--1185.","author":"Kumar Deepak","unstructured":"Deepak Kumar, Kelly Shen, Benton Case, Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, Rajarshi Gupta, and Zakir Durumeric. 2019. All Things Considered: An Analysis of {IoT} Devices on Home Networks. In 28th USENIX security symposium (USENIX Security 19). 1169--1185."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2019.00207"},{"key":"e_1_3_2_1_31_1","unstructured":"Ben Laurie. 2008. Debian and OpenSSL: The Aftermath. https:\/\/www.links.org\/ ?p=328"},{"key":"e_1_3_2_1_32_1","unstructured":"Ben Laurie. 2008. Vendors Are Bad For Security. https:\/\/www.links.org\/?p=327"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354198"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00021"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.48"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315311"},{"key":"e_1_3_2_1_37_1","unstructured":"NVD. 2022. National Vulnerability Database. NIST. https:\/\/nvd.nist.gov\/"},{"key":"e_1_3_2_1_38_1","unstructured":"\"OkHttp\". 2022. \"OkHttp HTTP client\". \"https:\/\/square.github.io\/okhttp\/\""},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487830"},{"key":"e_1_3_2_1_40_1","unstructured":"Terry Ramos. 2006. The Laws of Vulnerabilities. https:\/\/www.qualys.com\/docs\/ laws-of-vulnerabilities-presentation.pdf"},{"key":"e_1_3_2_1_41_1","volume-title":"152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users","author":"Reeder Robert W.","year":"2017","unstructured":"Robert W. Reeder, Iulia Ion, and Sunny Consolvo. 2017. 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users. IEEE Security and Privacy (2017)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355577"},{"key":"e_1_3_2_1_43_1","unstructured":"\"Python Requests\". 2022. \"an elegant and simple HTTP library for Python built for human beings\". \"https:\/\/en.wikipedia.org\/wiki\/Requests_(software)\""},{"key":"e_1_3_2_1_44_1","volume-title":"12th USENIX Security Symposium (USENIX Security 03)","author":"Rescorla Eric","year":"2003","unstructured":"Eric Rescorla. 2003. Security Holes . . . Who Cares?. In 12th USENIX Security Symposium (USENIX Security 03). USENIX Association, Washington, D.C. https:\/\/www.usenix.org\/conference\/12th-usenix-security-symposium\/ security-holes-who-cares"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.17"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-54328-4_9"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227141"},{"key":"e_1_3_2_1_48_1","unstructured":"\"Wget\". 2022. \"Retrieve files via HTTP or FTP\". \"https:\/\/en.wikipedia.org\/wiki\/ Wget\""},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644896"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/DESEC.2018.8625164"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2020.102779"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/NVMSA.2016.7547182"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560835.3564551","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3560835.3564551","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:09Z","timestamp":1750182549000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3560835.3564551"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,8]]},"references-count":52,"alternative-id":["10.1145\/3560835.3564551","10.1145\/3560835"],"URL":"https:\/\/doi.org\/10.1145\/3560835.3564551","relation":{},"subject":[],"published":{"date-parts":[[2022,11,8]]},"assertion":[{"value":"2022-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}