{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T15:11:37Z","timestamp":1773155497495,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":120,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,24]],"date-time":"2023-10-24T00:00:00Z","timestamp":1698105600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union","award":["101021377"],"award-info":[{"award-number":["101021377"]}]},{"name":"NSF","award":["CNS-2219867, SaTC-1955227"],"award-info":[{"award-number":["CNS-2219867, SaTC-1955227"]}]},{"name":"Ministerio de Ciencia e Innovaci\u00f3n","award":["TED2021-132464B-I00, PID2022-142290OB-I00"],"award-info":[{"award-number":["TED2021-132464B-I00, PID2022-142290OB-I00"]}]},{"DOI":"10.13039\/100012818","name":"Comunidad de Madrid","doi-asserted-by":"publisher","award":["2020-T2\/TIC-20184"],"award-info":[{"award-number":["2020-T2\/TIC-20184"]}],"id":[{"id":"10.13039\/100012818","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,24]]},"DOI":"10.1145\/3618257.3624830","type":"proceedings-article","created":{"date-parts":[[2023,10,23]],"date-time":"2023-10-23T00:19:52Z","timestamp":1698020392000},"page":"437-456","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2895-125X","authenticated-orcid":false,"given":"Aniketh","family":"Girish","sequence":"first","affiliation":[{"name":"IMDEA Networks & Universidad Carlos III de Madrid, Madrid, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6642-6281","authenticated-orcid":false,"given":"Tianrui","family":"Hu","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6987-4262","authenticated-orcid":false,"given":"Vijay","family":"Prakash","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8115-898X","authenticated-orcid":false,"given":"Daniel J.","family":"Dubois","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2822-3970","authenticated-orcid":false,"given":"Srdjan","family":"Matic","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute, Madrid, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1794-6105","authenticated-orcid":false,"given":"Danny Yuxing","family":"Huang","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2288-0785","authenticated-orcid":false,"given":"Serge","family":"Egelman","sequence":"additional","affiliation":[{"name":"ICSI \/ University of California, Berkeley, Berkeley, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9702-775X","authenticated-orcid":false,"given":"Joel","family":"Reardon","sequence":"additional","affiliation":[{"name":"University of Calgary & AppCensus, Calgary, AB, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4573-3967","authenticated-orcid":false,"given":"Juan","family":"Tapiador","sequence":"additional","affiliation":[{"name":"Universidad Carlos III de Madrid, Madrid, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7825-7226","authenticated-orcid":false,"given":"David","family":"Choffnes","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5420-6835","authenticated-orcid":false,"given":"Narseo","family":"Vallina-Rodriguez","sequence":"additional","affiliation":[{"name":"IMDEA Networks Institute & AppCensus, Madrid, Spain"}]}],"member":"320","published-online":{"date-parts":[[2023,10,24]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2018. Breaking Smart Speakers We are Listening to You. https:\/\/www.youtube.com\/watch?v=3sLC0XaqvMg. Accessed on May 26 2023."},{"key":"e_1_3_2_2_2_1","unstructured":"2019. CVE-2019--11766. Available from MITRE CVE-ID CVE-2019--11766. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-11766"},{"key":"e_1_3_2_2_3_1","unstructured":"2020. ETSI EN 303 645 V2.1.1. Cyber Security for Consumer Internet of Things: Baseline Requirements. https:\/\/www.etsi.org\/deliver\/etsi_en\/303600_303699\/303645\/02.01.01_60\/en_303645v020101p.pdf."},{"key":"e_1_3_2_2_4_1","unstructured":"2020. Google Issue Tracker: Allow binding privileged ports or creating raw sockets. https:\/\/issuetracker.google.com\/issues\/156966374. Accessed on May 21 2023."},{"key":"e_1_3_2_2_5_1","unstructured":"2020. umlaut insightCoreSDK Data Privacy Policy. https:\/\/web.archive.org\/web\/20220514011406\/https:\/\/tacs.c0nnectthed0ts.com\/policy1\/data_privacy.html. Accessed on May 26 2023."},{"key":"e_1_3_2_2_6_1","unstructured":"2021. IRB Approval with Protocol. https:\/\/inspector.engineering.nyu.edu\/irb. Accessed on Sept 11 2023."},{"key":"e_1_3_2_2_7_1","unstructured":"2021. This sneaky malware will cause headaches even after it is deleted from your PC. https:\/\/web.archive.org\/web\/20210126173325\/http:\/\/www.zdnet.com\/article\/this-sneaky-malware-will-cause\\-headaches-evenafter-it-is-deleted-from-your-pc\/. Accessed on May 11 2023."},{"key":"e_1_3_2_2_8_1","unstructured":"2022. EU Cyber Resilience Act. https:\/\/digital-strategy.ec.europa.eu\/en\/library\/cyber-resilience-act. Accessed on Sept 21 2023."},{"key":"e_1_3_2_2_9_1","unstructured":"2023. Frequently Asked Questions. https:\/\/github.com\/nyu-mlab\/iot-inspectorclient\/ wiki\/Frequently-Asked-Questions. Accessed on Sept 11 2023."},{"key":"e_1_3_2_2_10_1","unstructured":"2023. If an app would like to connect to devices on your local network. https:\/\/support.apple.com\/en-us\/HT211870. Accessed on Sept 11 2023."},{"key":"e_1_3_2_2_11_1","unstructured":"2023. USA National Cybersecurity Strategy. https:\/\/www.whitehouse.gov\/wpcontent\/uploads\/2023\/03\/National-Cybersecurity-Strategy-2023.pdf. Accessed on Sept 21 2023."},{"key":"e_1_3_2_2_12_1","unstructured":"[n. d.]. Analytics and attribution system for mobile apps and websites. https:\/\/tracker.my.com. Accessed on May 11 2023."},{"key":"e_1_3_2_2_13_1","unstructured":"[n. d.]. Android API Permission Research. https:\/\/evolving-android.cpsc.ucalgary.ca\/index.html. Accessed on May 11 2023."},{"key":"e_1_3_2_2_14_1","unstructured":"[n. d.]. AppCensus. https:\/\/www.appcensus.io\/. Accessed on May 21 2023."},{"key":"e_1_3_2_2_15_1","unstructured":"[n. d.]. AppDynamics. https:\/\/www.appdynamics.com\/. Accessed on May 11 2023."},{"key":"e_1_3_2_2_16_1","unstructured":"[n. d.]. Frida.re. https:\/\/frida.re. Accessed on May 11 2023."},{"key":"e_1_3_2_2_17_1","unstructured":"[n. d.]. Google Playstore. https:\/\/play.google.com\/store. Accessed on May 11 2023."},{"key":"e_1_3_2_2_18_1","unstructured":"[n. d.]. HomeKit by Apple. https:\/\/www.apple.com\/ios\/home\/. Accessed on May 11 2023."},{"key":"e_1_3_2_2_19_1","unstructured":"[n. d.]. If an app would like to connect to devices on your local network. https:\/\/developer.android.com\/guide\/topics\/connectivity\/wifi-permissions. Accessed on Sept 11 2023."},{"key":"e_1_3_2_2_20_1","unstructured":"[n. d.]. LIFX. https:\/\/www.lifx.com. Accessed on May 21 2023."},{"key":"e_1_3_2_2_21_1","unstructured":"[n. d.]. Lucky Time - Win Rewards Every Day. https:\/\/play.google.com\/store\/apps\/details?id=com.luckyapp.winner. Accessed on May 26 2023."},{"key":"e_1_3_2_2_22_1","unstructured":"[n. d.]. Matter standard. https:\/\/csa-iot.org\/all-solutions\/matter\/. Accessed on May 11 2023."},{"key":"e_1_3_2_2_23_1","unstructured":"[n. d.]. MonIoTr Lab. https:\/\/moniotrlab.khoury.northeastern.edu."},{"key":"e_1_3_2_2_24_1","unstructured":"[n. d.]. Multi-room Music and Alexa Home Theater. https:\/\/www.amazon.com\/alexa-multi-room-audio\/b?ie=UTF8&node=21480962011. Accessed on May 11 2023."},{"key":"e_1_3_2_2_25_1","unstructured":"[n. d.]. Nmap: The network mapper. https:\/\/nmap.org\/. Accessed on May 21 2023."},{"key":"e_1_3_2_2_26_1","unstructured":"[n. d.]. OWASP Mobile Application Security. https:\/\/mas.owasp.org."},{"key":"e_1_3_2_2_27_1","unstructured":"[n. d.]. TinyTuya. https:\/\/pypi.org\/project\/tinytuya\/. Accessed on May 21 2023."},{"key":"e_1_3_2_2_28_1","unstructured":"[n. d.]. TP-Link WiFi SmartPlug Client and Wireshark Dissector. https:\/\/github.com\/softScheck\/tplink-smartplug. Accessed on May 11 2023."},{"key":"e_1_3_2_2_29_1","unstructured":"[n. d.]. WIGLE. https:\/\/www.wigle.net\/. Accessed on May 21 2023."},{"key":"e_1_3_2_2_30_1","unstructured":"[n. d.]. The world's most popular network protocol analyzer. https:\/\/www.wireshark.org. Accessed on May 21 2023."},{"key":"e_1_3_2_2_31_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS).","author":"Abbas Razaghpanah","year":"2018","unstructured":"Razaghpanah Abbas, Nithyanand Rishab, Vallina-Rodriguez Narseo, Sundaresan Srikanth, Allman Mark, Kreibich Christian, and Gill Phillipa. 2018. Apps, Trackers, Privacy, and Regulators A Global Study of the Mobile Tracking Ecosystem. Proceedings of the Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_2_32_1","unstructured":"Shivaun Albright Paul J. Leach Ye Gu Yaron Y. Goland and Ting Cai. 1999. Simple Service Discovery Protocol\/1.0. Internet-Draft draft-cai-ssdp-v1-03. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-cai-ssdp-v1\/03\/ Work in Progress."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"key":"e_1_3_2_2_35_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et al. 2017. Understanding the mirai botnet. In 26th USENIX Security Symposium (USENIX Security 17)."},{"key":"e_1_3_2_2_36_1","unstructured":"Apple Inc. [n. d.]. com.apple.developer.networking.multicast. Developer Documentation. https:\/\/developer.apple.com\/documentation\/bundleresources\/information_property_list\/nslocalnetworkusagedescription."},{"key":"e_1_3_2_2_37_1","unstructured":"Apple Inc. 2021. Get the name of the Wi-Fi network to which the device is currently associated. Developer Forums. https:\/\/developer.apple.com\/forums\/thread\/679038."},{"key":"e_1_3_2_2_38_1","unstructured":"Apple Inc. Accessed on Sept 21 2023. com.apple.developer.networking.multicast. Developer Documentation. https:\/\/developer.apple.com\/documentation\/bundleresources\/entitlements\/com_apple_developer_networking_multicast."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0040"},{"key":"e_1_3_2_2_40_1","volume-title":"Proceedings on Privacy Enhancing Technologies (PoPETs).","author":"Babun Leonardo","unstructured":"Leonardo Babun, Z. Berkay Celik, Patrick D. McDaniel, and A. Selcuk Uluagac. 2021. Real-time Analysis of Privacy-(un)aware IoT Applications. Proceedings on Privacy Enhancing Technologies (PoPETs)."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2017-0020"},{"key":"e_1_3_2_2_42_1","volume-title":"IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In Network and Distributed System Security Symposium.","author":"Chen Jiongyi","year":"2018","unstructured":"Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, Xiaofeng Wang, W. Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In Network and Distributed System Security Symposium."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","unstructured":"Stuart Cheshire and Marc Krochmal. 2013. Multicast DNS. RFC 6762. https:\/\/doi.org\/10.17487\/RFC6762","DOI":"10.17487\/RFC6762"},{"key":"e_1_3_2_2_44_1","unstructured":"CNN. [n. d.]. CNN Breaking US & World News. https:\/\/play.google.com\/store\/apps\/details?id=com.cnn.mobile.android.phone. Accessed on May 11 2023."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","unstructured":"Michelle Cotton Leo Vegoda Ron Bonica and Brian Haberman. 2013. Special-Purpose IP Address Registries. RFC 6890. https:\/\/doi.org\/10.17487\/RFC6890","DOI":"10.17487\/RFC6890"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/WoWMoM.2012.6263700"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"crossref","unstructured":"Luca Deri Maurizio Martinelli Tomasz Bujlow and Alfredo Cardigliano. 2014. nDPI: Open-source high-speed deep packet inspection. In IWCMC.","DOI":"10.1109\/IWCMC.2014.6906427"},{"key":"e_1_3_2_2_48_1","unstructured":"Android Developers. [n. d.]. UI\/Application Exerciser Monkey. https:\/\/developer. android.com\/studio\/test\/other-testing-tools\/monkey. Accessed on May 11 2023."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","unstructured":"Ralph Droms. 1997. Dynamic Host Configuration Protocol. RFC 2131. https:\/\/doi.org\/10.17487\/RFC2131","DOI":"10.17487\/RFC2131"},{"key":"e_1_3_2_2_50_1","unstructured":"Jide S Edu Xavier Ferrer-Aran Jose M Such and Guillermo Suarez-Tangi. 2021. SkillVet: Automated Traceability Analysis of Amazon Alexa Skills. http:\/\/arxiv.org\/abs\/2103.02637"},{"key":"e_1_3_2_2_51_1","unstructured":"EFF. [n. d.]. Cover your Tracks. https:\/\/coveryourtracks.eff.org\/. Accessed on May 22 2023."},{"key":"e_1_3_2_2_52_1","volume-title":"Bellovin","author":"Farrell Stephen","year":"2023","unstructured":"Stephen Farrell, Farzaneh Badiei, Bruce Schneier, and Steven M. Bellovin. 2023. Reflections on Ten Years Past The Snowden Revelations. Internet-Draft draftfarrell-tenyearsafter-00. Internet Engineering Task Force. https:\/\/datatracker. ietf.org\/doc\/draft-farrell-tenyearsafter\/00\/ Work in Progress."},{"key":"e_1_3_2_2_53_1","volume-title":"Data Protection and Privacy","volume":"13","author":"Gamba Julien","year":"2021","unstructured":"AFeal, Julien Gamba, Juan Tapiador, Primal Wijesekera, Joel Reardon, Serge Egelman, and Narseo Vallina-Rodriguez. 2021. Don't accept candy from strangers: An analysis of third-party mobile sdks. Data Protection and Privacy, Volume 13: Data Protection and Artificial Intelligence 13 (2021), 1."},{"key":"e_1_3_2_2_54_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Securisty analysis of emerging smart home application. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"crossref","unstructured":"Earlence Fernandes Jaeyeon Jung and Atul Prakash. 2016. Security analysis of emerging smart home application.","DOI":"10.1109\/SP.2016.44"},{"key":"e_1_3_2_2_56_1","volume-title":"FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In 25th USENIX Security Symposium (USENIX Security 16)","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In 25th USENIX Security Symposium (USENIX Security 16)."},{"key":"e_1_3_2_2_57_1","volume-title":"Security Implications of Permission Models in Smart-Home Application Frameworks. In IEEE Symposium on Security and Privacy (S&P).","author":"Fernandes Earlence","year":"2017","unstructured":"Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, and Atul Prakash. 2017. Security Implications of Permission Models in Smart-Home Application Frameworks. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.23919\/MIPRO.2017.7973622"},{"key":"e_1_3_2_2_59_1","unstructured":"Google. 2005. Using a test query to determine whether a network device suffers from a software bug or design flaw. https:\/\/patents.google.com\/patent\/EP1867141B1\/en. Accessed on Sept 11 2023."},{"key":"e_1_3_2_2_60_1","unstructured":"Google. 2006. Best practices for unique identifiers. https:\/\/developer.android.com\/training\/articles\/user-data-ids."},{"key":"e_1_3_2_2_61_1","unstructured":"Google. 2022. NsdManager. Android Developers. https:\/\/developer.android.com\/reference\/android\/net\/nsd\/NsdManager."},{"key":"e_1_3_2_2_62_1","unstructured":"Google. 2022. Runtime Permissions. Android Developers. https:\/\/source.android.com\/docs\/core\/permissions\/runtime_perms."},{"key":"e_1_3_2_2_63_1","unstructured":"Google. 2023. WifiInfo. Android Developers. https:\/\/developer.android.com\/reference\/android\/net\/wifi\/WifiInfo."},{"key":"e_1_3_2_2_64_1","unstructured":"Google. [n. d.]. Matter. Comissionable and Operational Discovery. https:\/\/developers.home.google.com\/matter\/primer\/commissionable-andoperational-discovery. Accessed on May 26 2023."},{"key":"e_1_3_2_2_65_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Guo Zhixiu","year":"2020","unstructured":"Zhixiu Guo, Zijin Lin, Pan Li, and Kai Chen. 2020. SkillExplorer: Understanding the Behavior of Skills in Large Scale. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_2_66_1","volume-title":"U-PoT: A Honeypot Framework for UPnP-Based IoT Devices. In 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC).","author":"Hakim Muhammad A.","year":"2018","unstructured":"Muhammad A. Hakim, Hidayet Aksu, A. Selcuk Uluagac, and Kemal Akkaya. 2018. U-PoT: A Honeypot Framework for UPnP-Based IoT Devices. In 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC)."},{"key":"e_1_3_2_2_67_1","doi-asserted-by":"crossref","unstructured":"Andrew Halterman. 2019. Storming the Kasa? Security analysis of TP-Link Kasa smart home devices. (2019).","DOI":"10.31274\/cc-20240624-1335"},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3618257.3624829"},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3397333"},{"key":"e_1_3_2_2_70_1","unstructured":"Philips Hue. [n. d.]. How to develop for Hue? https:\/\/developers.meethue.com\/develop\/get-started-2\/. Accessed on Sept 11 2023."},{"key":"e_1_3_2_2_71_1","unstructured":"Etrality Internet Speed Test. [n. d.]. Simple Speedcheck. https:\/\/play.google.com\/store\/apps\/details?id=org.speedspot.speedspotspeedtest. Accessed on May 11 2023."},{"key":"e_1_3_2_2_72_1","unstructured":"IoTivity. [n. d.]. IoTivity. http:\/\/iotivity.org. Accessed on May 26 2023."},{"key":"e_1_3_2_2_73_1","unstructured":"ioXt. [n. d.]. The ioXt Security Pledge. https:\/\/www.ioxtalliance.org\/the-pledge. Accessed on May 11 2023."},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3618257.3624803"},{"key":"e_1_3_2_2_75_1","volume-title":"Electronics and Mobile Communication Conference (IEMCON).","author":"Kayas Golam","unstructured":"Golam Kayas, Mahmud Hossain, Jamie Payton, and S. M. Riazul Islam. 2020. An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions. In 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)."},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176313"},{"key":"e_1_3_2_2_77_1","volume-title":"USENIX Security Symposium. 1169--1185","author":"Kumar Deepak","year":"2019","unstructured":"Deepak Kumar, Kelly Shen, Benton Case, Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, Rajarshi Gupta, and Zakir Durumeric. 2019. All Things Considered: An Analysis of IoT Devices on Home Networks.. In USENIX Security Symposium. 1169--1185."},{"key":"e_1_3_2_2_78_1","volume-title":"Device Names in the Wild: Investigating Privacy Risks of Zero Configuration Networking. In 2013 IEEE 14th International Conference on Mobile Data Management.","author":"K\u00f6nings Bastian","year":"2013","unstructured":"Bastian K\u00f6nings, Christoph Bachmaier, Florian Schaub, and Michael Weber. 2013. Device Names in the Wild: Investigating Privacy Risks of Zero Configuration Networking. In 2013 IEEE 14th International Conference on Mobile Data Management."},{"key":"e_1_3_2_2_79_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC4122"},{"key":"e_1_3_2_2_80_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2021-0075"},{"key":"e_1_3_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179282"},{"key":"e_1_3_2_2_82_1","unstructured":"Iljitsch van Beijnum Marcelo Bagnulo Philip Matthews. 2011. Stateful NAT64: Network address and protocol translation from IPv6 clients to IPv4 servers. https:\/\/www.rfc-editor.org\/rfc\/rfc6146."},{"key":"e_1_3_2_2_83_1","unstructured":"Joseph Menn. 2022. Mysterious company with government ties plays key internet role. The Washington Post. https:\/\/www.washingtonpost.com\/technology\/2022\/11\/08\/trustcor-internet-addresses-government-connections\/."},{"key":"e_1_3_2_2_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/3229598.3229604"},{"key":"e_1_3_2_2_85_1","unstructured":"MITRE. 2016. CVE-2016-2183 Detail - NVD. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-2183. Accessed on May 11 2023."},{"key":"e_1_3_2_2_86_1","unstructured":"MITRE. 2020. CVE-2020-0454. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-20200454. Accessed on May 11 2023."},{"key":"e_1_3_2_2_87_1","unstructured":"MITRE. 2020. CVE-2020-11022 Detail - NVD. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-202011022. Accessed on May 11 2023."},{"key":"e_1_3_2_2_88_1","unstructured":"MITRE. 2021. CVE-2021--11023 Detail - NVD. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-11023. Accessed on May 11 2023."},{"key":"e_1_3_2_2_89_1","volume-title":"Conference on Computer and Communications Security (CCS).","author":"Moghaddam Hooman Mohajeri","year":"2019","unstructured":"Hooman Mohajeri Moghaddam, Gunes Acar, Ben Burgess, Arunesh Mathur, Danny Yuxing Huang, Nick Feamster, Edward W. Felten, Prateek Mittal, and Arvind Narayanan. 2019.Watching YouWatch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices. In Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_2_90_1","volume-title":"Ruoyu Wu Xiaojing Liao, Yifan Zhang Jianliang Wu, and XiaoFeng Wang.","author":"Nan Yuhong","year":"2023","unstructured":"Yuhong Nan, Luyi Xing Xueqiang Wang, Ruoyu Wu Xiaojing Liao, Yifan Zhang Jianliang Wu, and XiaoFeng Wang. 2023. Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps. In USENIX Security."},{"key":"e_1_3_2_2_91_1","doi-asserted-by":"publisher","unstructured":"Dr. Thomas Narten Tatsuya Jinmei and Dr. Susan Thomson. 2007. IPv6 Stateless Address Autoconfiguration. RFC 4862. https:\/\/doi.org\/10.17487\/RFC4862","DOI":"10.17487\/RFC4862"},{"key":"e_1_3_2_2_92_1","unstructured":"Nessus. 2003. SheerDNS 1.0.1 Multiple Vulnerabilities. https:\/\/www.tenable.com\/plugins\/nessus\/11535. Accessed on May 26 2023."},{"key":"e_1_3_2_2_93_1","unstructured":"Nessus. 2004. DNS Server Cache Snooping Remote Information Disclosure. https:\/\/www.tenable.com\/plugins\/nessus\/12217. Accessed on May 26 2023."},{"key":"e_1_3_2_2_94_1","unstructured":"Nessus. 2005. Exposure Management Meets Tenable Security Center. https:\/\/www.tenable.com. Accessed on May 26 2023."},{"key":"e_1_3_2_2_95_1","volume-title":"Through the Spyglass: Towards IoT Companion App Man-in-the-Middle Attacks. In Cyber Security Experimentation and Test Workshop (CSET).","author":"Connor TJ","year":"2021","unstructured":"TJ OConnor, Dylan Jessee, and Daniel Campos. 2021. Through the Spyglass: Towards IoT Companion App Man-in-the-Middle Attacks. In Cyber Security Experimentation and Test Workshop (CSET)."},{"key":"e_1_3_2_2_96_1","unstructured":"National Institute of Standards and Technology (NIST). 2021. DRAFT Baseline Security Criteria for Consumer IoT Devices. https:\/\/www.nist.gov\/system\/files\/documents\/2021\/08\/31\/IoT%20White%20Paper%20-%20Final%202021-08-31.pdf. Accessed on May 11 2023."},{"key":"e_1_3_2_2_97_1","volume-title":"Accessed on","author":"A LIGHTBULB","year":"2023","unstructured":"O'Flynn. 2016. A LIGHTBULB WORM? https:\/\/www.blackhat.com\/docs\/us-16\/materials\/us-16-OFlynn-A-Lightbulb-Worm-wp.pdf. Accessed on May 11, 2023."},{"key":"e_1_3_2_2_98_1","unstructured":"ONVIF. [n. d.]. Home - ONVIF. https:\/\/www.onvif.org\/. Accessed on May 11 2023."},{"key":"e_1_3_2_2_99_1","unstructured":"Zolt\u00e1n Pallagi. [n. d.]. Network Scanner Device Finder. https:\/\/play.google.com\/ store\/apps\/details?id=com.pzolee.networkscanner&hl=en&gl=US. Accessed on May 11 2023."},{"key":"e_1_3_2_2_100_1","volume-title":"Proceedings of the Internet Measurement Conference (IMC).","author":"Paracha Muhammad Talha","unstructured":"Muhammad Talha Paracha, Daniel J. Dubois, Narseo Vallina-Rodriguez, and David R. Choffnes. 2021. IoTLS: Understanding TLS Usage in Consumer IoT Devices. In Proceedings of the Internet Measurement Conference (IMC)."},{"key":"e_1_3_2_2_101_1","doi-asserted-by":"publisher","unstructured":"Vesa Pehkonen and Juha Koivisto. 2010. Secure Universal Plug and Play network. (2010). https:\/\/doi.org\/10.1109\/ISIAS.2010.5604189","DOI":"10.1109\/ISIAS.2010.5604189"},{"key":"e_1_3_2_2_102_1","unstructured":"Joel Reardon. 2022. The Curious Case of Coulus Coelib. The AppCensus Blog. https:\/\/blog.appcensus.io\/2022\/04\/06\/the-curious-case-of-coulus-coelib\/."},{"key":"e_1_3_2_2_103_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Reardon Joel","year":"2019","unstructured":"Joel Reardon, \u00c1lvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, and Serge Egelman. 2019. 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System. Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_2_104_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00066"},{"key":"e_1_3_2_2_105_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355577"},{"key":"e_1_3_2_2_106_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0021"},{"key":"e_1_3_2_2_107_1","unstructured":"First Row. [n. d.]. Network Scanner. https:\/\/play.google.com\/store\/apps\/details? id=com.myprog.netscan&hl=en&gl=US. Accessed on May 11 2023."},{"key":"e_1_3_2_2_108_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423650"},{"key":"e_1_3_2_2_109_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC3550"},{"key":"e_1_3_2_2_110_1","doi-asserted-by":"publisher","unstructured":"Zach Shelby Klaus Hartke and Carsten Bormann. 2014. The Constrained Application Protocol (CoAP). RFC 7252. https:\/\/doi.org\/10.17487\/RFC7252","DOI":"10.17487\/RFC7252"},{"key":"e_1_3_2_2_111_1","unstructured":"W. A. Simpson Dr. Thomas Narten Erik Nordmark and Hesham Soliman. 2007. Neighbor Discovery for IP version 6 (IPv6). https:\/\/datatracker.ietf.org\/doc\/rfc4861\/. Accessed on May 11 2023."},{"key":"e_1_3_2_2_112_1","unstructured":"Spotify. [n. d.]. ZeroConf API. https:\/\/developer.spotify.com\/documentation\/commercial-hardware\/implementation\/guides\/zeroconf. Accessed on May 21 2023."},{"key":"e_1_3_2_2_113_1","unstructured":"Statista. 2022. Smart Home - United States: Statista Market Forecast. https:\/\/www.statista.com\/outlook\/dmo\/smart-home\/united-states. Accessed on May 11 2023."},{"key":"e_1_3_2_2_114_1","doi-asserted-by":"publisher","DOI":"10.1145\/3241539.3241566"},{"key":"e_1_3_2_2_115_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24097"},{"key":"e_1_3_2_2_116_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0021"},{"key":"e_1_3_2_2_117_1","unstructured":"Wall Street Journal. 2022. Google Bans Apps With Hidden Data-Harvesting Software. https:\/\/www.wsj.com\/articles\/apps-with-hidden-data-harvestingsoftware-are-banned-by-google-11649261181. Accessed on May 11 2023."},{"key":"e_1_3_2_2_118_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Wang Xueqiang","year":"2019","unstructured":"Xueqiang Wang, Yuqiong Sum, Susanta Nada, and XiaoFeng Wang. 2019. Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_2_119_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Zhou Wei","year":"2019","unstructured":"Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, and Yuqing Zhang. 2019. Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_2_120_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Zhou Wei","year":"2019","unstructured":"Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, and Yuqing Zhang. 2019. Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. In 28th USENIX Security Symposium (USENIX Security 19)."}],"event":{"name":"IMC '23: ACM Internet Measurement Conference","location":"Montreal QC Canada","acronym":"IMC '23","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2023 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624830","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624830","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T13:18:13Z","timestamp":1755868693000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624830"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,24]]},"references-count":120,"alternative-id":["10.1145\/3618257.3624830","10.1145\/3618257"],"URL":"https:\/\/doi.org\/10.1145\/3618257.3624830","relation":{},"subject":[],"published":{"date-parts":[[2023,10,24]]},"assertion":[{"value":"2023-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}