{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:14:20Z","timestamp":1750220060507,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":24,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,4,24]],"date-time":"2023-04-24T00:00:00Z","timestamp":1682294400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Natural Sciences and Engineering Research Council of Canada"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,4,24]]},"DOI":"10.1145\/3577923.3583636","type":"proceedings-article","created":{"date-parts":[[2023,4,20]],"date-time":"2023-04-20T10:57:59Z","timestamp":1681988279000},"page":"245-250","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["All Your IoT Devices Are Belong to Us: Security Weaknesses in IoT Management Platforms"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0506-2641","authenticated-orcid":false,"given":"Bhaskar","family":"Tejaswi","sequence":"first","affiliation":[{"name":"Concordia University, Montreal, PQ, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9630-5858","authenticated-orcid":false,"given":"Mohammad","family":"Mannan","sequence":"additional","affiliation":[{"name":"Concordia University, Montreal, PQ, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4284-8646","authenticated-orcid":false,"given":"Amr","family":"Youssef","sequence":"additional","affiliation":[{"name":"Concordia University, Montreal, PQ, Canada"}]}],"member":"320","published-online":{"date-parts":[[2023,4,24]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"volume-title":"IoT device management: definition and fundamentals. Online article (Aug 28","year":"2020","key":"e_1_3_2_1_2_1","unstructured":"Avsystem.com. 2020. IoT device management: definition and fundamentals. Online article (Aug 28, 2020). https:\/\/www.avsystem.com\/blog\/iot-device-management\/."},{"volume-title":"Critical bug in Kalay IoT protocol threatens millions of devices. Online article (Aug 18","year":"2021","key":"e_1_3_2_1_3_1","unstructured":"Duo.com. 2021. Critical bug in Kalay IoT protocol threatens millions of devices. Online article (Aug 18, 2021). https:\/\/duo.com\/decipher\/critical-bug-in-kalay-iot-protocol-threatens-millions-of-devices."},{"volume-title":"What is a Connectivity Management Platform (CMP)? Online article (Dec 10","year":"2020","key":"e_1_3_2_1_4_1","unstructured":"Emnify.com. 2020. What is a Connectivity Management Platform (CMP)? Online article (Dec 10, 2020). https:\/\/www.emnify.com\/iot-glossary\/connectivity-management-platform."},{"key":"e_1_3_2_1_5_1","first-page":"6","article-title":"IoT Platforms and Security","volume":"22","author":"Fortino G.","year":"2022","unstructured":"G. Fortino, A. Guerrieri, P. Pace, C. Savaglio, and G. Spezzano. 2022. IoT Platforms and Security: An Analysis of the Leading Industrial\/Commercial Solutions. Sensors, Vol. 22, 6 (March 2022).","journal-title":"An Analysis of the Leading Industrial\/Commercial Solutions. Sensors"},{"key":"e_1_3_2_1_6_1","unstructured":"Gibson Craig. 2018. Toll Fraud International Revenue Share Fraud and More: How Criminals Monetise Hacked Cellphones and IoT Devices for Telecom Fraud."},{"key":"e_1_3_2_1_7_1","unstructured":"Github.com. [n. d.]. Auth Analyzer. https:\/\/github.com\/portswigger\/auth-analyzer"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/FIOT.2018.8325598"},{"key":"e_1_3_2_1_9_1","unstructured":"Gartner Inc. [n. d.]. Definition of IoT Platforms. https:\/\/www.gartner.com\/en\/information-technology\/glossary\/iot-platforms."},{"volume-title":"SandTrap: Securing JavaScript-driven Trigger-Action Platforms. In USENIX Security Symposium. Online.","author":"Mohammad","key":"e_1_3_2_1_10_1","unstructured":"Mohammad M. Ahmadpanah and Daniel Hedin and Musard Balliu and Lars Eric Olsson and Andrei Sabelfeld. 2021. SandTrap: Securing JavaScript-driven Trigger-Action Platforms. In USENIX Security Symposium. Online."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SysEng.2017.8088251"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"J. Obermaier and M. Hutle. 2016. Analyzing the security and privacy of cloud-based video surveillance systems. In ACM IoTPTS'16. Xi'an China.","DOI":"10.1145\/2899007.2899008"},{"key":"e_1_3_2_1_13_1","unstructured":"Owasp.org. [n. d.]. OWASP Internet of Things Project. https:\/\/wiki.owasp.org\/index.php\/OWASP_Internet_of_Things_Project#tab=IoT_Top_10."},{"key":"e_1_3_2_1_14_1","unstructured":"Victor Le Pochat Tom Van Goethem Samaneh Tajalizadehkhoob Maciej Korczy'ski and Wouter Joosen. [n. d.]. Tranco. https:\/\/tranco-list.eu."},{"key":"e_1_3_2_1_15_1","unstructured":"Portswigger.net. [n. d.]. Burp Suite. https:\/\/portswigger.net\/burp."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"L. Rondon L. Babun A. Aris K. Akkaya and A. Uluagac. 2021. LightningStrike: (in)secure practices of E-IoT systems in the wild. In ACM WiSec'21. Abu Dhabi United Arab Emirates.","DOI":"10.1145\/3448300.3467830"},{"key":"e_1_3_2_1_17_1","unstructured":"Altaf Shaik and Shinjo Park. 2022. Attacks from a New Front Door in 4G & 5G mobile networks. https:\/\/i.blackhat.com\/USA-22\/Wednesday\/US-22-Shaik-Attacks-From-a-New-Front-Door-in-4G-5G-Mobile-Networks.pdf."},{"key":"e_1_3_2_1_18_1","volume-title":"Hacking IoT: A case study on baby monitor exposures and vulnerabilities. (2015). Online article (Sept","author":"Stanislav Mark","year":"2015","unstructured":"Mark Stanislav and Tod Beardsley. 2015. Hacking IoT: A case study on baby monitor exposures and vulnerabilities. (2015). Online article (Sept, 2015). https:\/\/www.rapid7.com\/globalassets\/external\/docs\/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf."},{"key":"e_1_3_2_1_19_1","unstructured":"TheThings.io. [n. d.]. Cloud Code Sandbox. https:\/\/developers.thethings.io\/docs\/cloud-code-sandbox."},{"key":"e_1_3_2_1_20_1","volume-title":"USENIX Security Symposium","author":"Wang Xueqiang","year":"2019","unstructured":"Xueqiang Wang, Yuqiong Sun, Susanta Nanda, and XiaoFeng Wang. 2019. Looking from the mirror: Evaluating IoT device security through mobile companion apps. In USENIX Security Symposium. Santa Clara, CA, USA."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2020.2984192"},{"volume-title":"International Conference on Platform Technology and Service","author":"Yu J.","key":"e_1_3_2_1_22_1","unstructured":"J. Yu and Y. Kim. 2019. Analysis of IoT platform security: A survey. In International Conference on Platform Technology and Service. Jeju, South Korea."},{"volume-title":"International Conference on Information Society and Techology","author":"Zdravkovi\u0107 M.","key":"e_1_3_2_1_23_1","unstructured":"M. Zdravkovi\u0107, M. Trajanovi\u0107, J. Sarraipa, R. Jardim-Goncc alves, M. Lezoche, A. Aubry, and H. Panetto. 2016. Survey of Internet-of-Things platforms. In International Conference on Information Society and Techology. Barcelona, Spain."},{"volume-title":"ACM CCS'17","author":"Zuo C.","key":"e_1_3_2_1_24_1","unstructured":"C. Zuo, Q. Zhao, and Z. Lin. 2017. Authscope: Towards automatic discovery of vulnerable authorizations in online services. In ACM CCS'17. Dallas, TX, USA. io"}],"event":{"name":"CODASPY '23: Thirteenth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Charlotte NC USA","acronym":"CODASPY '23"},"container-title":["Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3577923.3583636","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3577923.3583636","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:41Z","timestamp":1750183721000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3577923.3583636"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,24]]},"references-count":24,"alternative-id":["10.1145\/3577923.3583636","10.1145\/3577923"],"URL":"https:\/\/doi.org\/10.1145\/3577923.3583636","relation":{},"subject":[],"published":{"date-parts":[[2023,4,24]]},"assertion":[{"value":"2023-04-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}