{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T00:08:31Z","timestamp":1755907711543,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,12,4]],"date-time":"2023-12-04T00:00:00Z","timestamp":1701648000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"HORIZON EUROPE Digital, Industry and Space","doi-asserted-by":"publisher","award":["769850"],"award-info":[{"award-number":["769850"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Huawei Technologies","doi-asserted-by":"publisher","award":["OpenS3 Lab"],"award-info":[{"award-number":["OpenS3 Lab"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["SFB 1119 ? 236615297"],"award-info":[{"award-number":["SFB 1119 ? 236615297"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,12,4]]},"DOI":"10.1145\/3627106.3627133","type":"proceedings-article","created":{"date-parts":[[2023,12,2]],"date-time":"2023-12-02T18:13:22Z","timestamp":1701540802000},"page":"190-204","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-9444-9293","authenticated-orcid":false,"given":"Philipp","family":"P\u00fctz","sequence":"first","affiliation":[{"name":"Technical University of Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7741-3679","authenticated-orcid":false,"given":"Richard","family":"Mitev","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5861-8829","authenticated-orcid":false,"given":"Markus","family":"Miettinen","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6833-3598","authenticated-orcid":false,"given":"Ahmad-Reza","family":"Sadeghi","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS49300.2020.9116392"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395351.3399421"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"R. Alharbi and D. Aspinall. 2018. An IoT Analysis Framework: An Investigation of IoT Smart Cameras' Vulnerabilities. In Living in the Internet of Things: Cybersecurity of the IoT - 2018. Institution of Engineering and Technology.","DOI":"10.1049\/cp.2018.0047"},{"volume-title":"26th USENIX security symposium (USENIX Security 17). 1093\u20131110.","author":"Antonakakis Manos","key":"e_1_3_2_1_4_1","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J\u00a0Alex Halderman, Luca Invernizzi, Michalis Kallitsis, 2017. Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17). 1093\u20131110."},{"key":"e_1_3_2_1_5_1","volume-title":"23th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Apthorpe Noah","year":"2017","unstructured":"Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2017. POSTER: A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic. In 23th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 01, 2017. The Internet Society."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108040"},{"key":"e_1_3_2_1_7_1","volume-title":"Best Practices for IoT Security: What Does That Even Mean?","author":"Bellman Christopher","year":"2020","unstructured":"Christopher Bellman and Paul\u00a0C. van Oorschot. 2020. Best Practices for IoT Security: What Does That Even Mean? (2020). arXiv:2004.12179\u00a0[cs.CR]"},{"key":"e_1_3_2_1_8_1","unstructured":"Bitdefender. 2019. Ring Video Doorbell Pro Under the Scope. https:\/\/www.bitdefender.com\/files\/News\/CaseStudies\/study\/294\/Bitdefender-WhitePaper-RDoor-CREA3949-en-EN-GenericUse.pdf"},{"volume-title":"3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC\/PiCom\/DataCom\/CyberSciTech)","author":"Bonilla I","key":"e_1_3_2_1_9_1","unstructured":"Rafael\u00a0I Bonilla, Juan\u00a0J Crow, Luigi\u00a0S Basantes, and Luis\u00a0G Cruz. 2017. A metric for measuring IoT devices security levels. In 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC\/PiCom\/DataCom\/CyberSciTech). IEEE, 704\u2013709."},{"key":"e_1_3_2_1_10_1","unstructured":"Arnaud Calmejane and Frederic Basse. 2013. CVE-2013-2560: Directory traversal vulnerability in the web interface on Foscam devices."},{"key":"e_1_3_2_1_11_1","volume-title":"Inferring Activity From Smart Home Network Traffic. In 2016 IEEE Security and Privacy Workshops (SPW). IEEE.","author":"Copos Bogdan","year":"2016","unstructured":"Bogdan Copos, Karl Levitt, Matt Bishop, and Jeff Rowe. 2016. Is Anybody Home? Inferring Activity From Smart Home Network Traffic. In 2016 IEEE Security and Privacy Workshops (SPW). IEEE."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5220\/0007583306150622"},{"key":"e_1_3_2_1_13_1","unstructured":"D. Crowley D. Bryan and J. Savage. 2013. Home Invasion 2.0: Attacking Network-Connected Embedded Devices."},{"volume-title":"Advances in Intelligent Systems and Computing","author":"Dange Smita","key":"e_1_3_2_1_14_1","unstructured":"Smita Dange and Madhumita Chatterjee. 2019. IoT Botnet: The Largest Threat to the IoT Network. In Advances in Intelligent Systems and Computing. Springer Singapore, 137\u2013157."},{"key":"e_1_3_2_1_15_1","unstructured":"DataProt. 2022. Internet of Things statistics for 2022 - Taking Things Apart. https:\/\/dataprot.net\/statistics\/iot-statistics\/"},{"key":"e_1_3_2_1_16_1","unstructured":"European Union Agency For Network And Information Security. 2017. Baseline Security Recommendations for IoT."},{"volume-title":"Advances in Intelligent Systems and Computing","author":"Favaretto Margherita","key":"e_1_3_2_1_17_1","unstructured":"Margherita Favaretto, Tu\u00a0Tran Anh, Juxhino Kavaja, Michele\u00a0De Donno, and Nicola Dragoni. 2019. When the Price Is Your Privacy: A Security Analysis of Two Cheap IoT Devices. In Advances in Intelligent Systems and Computing. Springer International Publishing, 55\u201375."},{"key":"e_1_3_2_1_18_1","unstructured":"Forum of Incident Response and Security Teams Inc.2023. Common Vulnerability Scoring System SIG. https:\/\/www.first.org\/cvss\/"},{"volume-title":"Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion","year":"2018","key":"e_1_3_2_1_19_1","unstructured":"Gartner. 2018. Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2018-03-21-gartner-says-worldwide-iot-security-spending-will-reach-1-point-5-billion-in-2018"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Paul\u00a0A Grassi James\u00a0L Fenton Elaine\u00a0M Newton Ray\u00a0A Perlner Andrew\u00a0R Regenscheid William\u00a0E Burr Justin\u00a0P Richer Naomi\u00a0B Lefkovitz Jamie\u00a0M Danker Yee-Yin Choong Kristen\u00a0K Greene and Mary\u00a0F Theofanos. 2017. Digital identity guidelines: authentication and lifecycle management. Technical Report.","DOI":"10.6028\/NIST.SP.800-63b"},{"key":"e_1_3_2_1_21_1","unstructured":"Craig Heffner. 2013. Exploiting Surveillance Cameras Like a Hollywood Hacker. https:\/\/paper.bobylive.com\/Meeting_Papers\/BlackHat\/USA-2013\/US-13-Heffner-Exploiting-Network-Surveillance-Cameras-Like-A-Hollywood-Hacker-WP.pdf"},{"key":"e_1_3_2_1_22_1","unstructured":"Grant Hernandez Orlando Arias Daniel Buentello and Yier Jin. 2014. Smart Nest Thermostat: A Smart Spy in Your Home. (2014). https:\/\/blackhat.com\/docs\/us-14\/materials\/us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home-WP.pdf"},{"key":"e_1_3_2_1_23_1","unstructured":"IEEE Community. 2017. Internet of Things (IoT) Security Best Practices. https:\/\/internetinitiative.ieee.org\/images\/files\/resources\/white_papers\/internet_of_things_feb2017.pdf"},{"key":"e_1_3_2_1_24_1","unstructured":"IoT Security Foundation. 2019. Secure Design Best Practices Guides. https:\/\/www.iotsecurityfoundation.org\/wp-content\/uploads\/2019\/12\/Best-Practice-Guides-Release-2_Digitalv3.pdf"},{"key":"e_1_3_2_1_25_1","first-page":"2020","article-title":"The Internet of Things","author":"Research Juniper","year":"2020","unstructured":"Juniper Research. 2020. The Internet of Things: Consumer, Industrial & Public Services 2020-2024. https:\/\/www.juniperresearch.com\/researchstore\/devices-technology\/internet-of-things-iot-data-research-report\/subscription\/consumer-industrial-public-services","journal-title":"Consumer, Industrial & Public Services"},{"key":"e_1_3_2_1_26_1","unstructured":"Jacob Klasmark and Valter Lundeg\u00e5rdh. 2020. Potential security risks in Google Nest Indoor Camera. http:\/\/www.diva-portal.org\/smash\/get\/diva2:1464437\/FULLTEXT01.pdf"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2007.03.007"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.9"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139937.3139938"},{"key":"e_1_3_2_1_30_1","unstructured":"Market Data Forecast. 2021. Internet of Things (IoT) market. https:\/\/www.marketdataforecast.com\/market-reports\/internet-of-things-iot-market"},{"volume-title":"Quality of protection","author":"McQueen A","key":"e_1_3_2_1_31_1","unstructured":"Miles\u00a0A McQueen, Wayne\u00a0F Boyer, Mark\u00a0A Flynn, and George\u00a0A Beitel. 2006. Time-to-compromise model for cyber risk reduction estimation. In Quality of protection. Springer, 49\u201364."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC.2014.6866594"},{"key":"e_1_3_2_1_33_1","volume-title":"Mirai: NJCCIC Threat Profile. https:\/\/www.cyber.nj.gov\/threat-center\/threat-profiles\/botnet-variants\/mirai-botnet","author":"Cybersecurity New Jersey","year":"2016","unstructured":"New Jersey Cybersecurity and Communications Integration Cell. 2016. Mirai: NJCCIC Threat Profile. https:\/\/www.cyber.nj.gov\/threat-center\/threat-profiles\/botnet-variants\/mirai-botnet"},{"key":"e_1_3_2_1_34_1","unstructured":"Roberto Paleari. 2011. Multiple vulnerabilities in several IP camera products. https:\/\/vulners.com\/securityvulns\/SECURITYVULNS:DOC:26496"},{"volume-title":"Securing the Internet of Things: Best Practices for Deploying IoT Devices","author":"Payne R.","key":"e_1_3_2_1_35_1","unstructured":"Bryson\u00a0R. Payne and Tamirat\u00a0T. Abegaz. 2017. Securing the Internet of Things: Best Practices for Deploying IoT Devices. Springer International Publishing."},{"key":"e_1_3_2_1_36_1","unstructured":"Rapid7. 2023. Man in the Middle (MITM) Attacks. https:\/\/www.rapid7.com\/fundamentals\/man-in-the-middle-attacks\/"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2021.102728"},{"key":"e_1_3_2_1_38_1","unstructured":"Pushkar Sharma and Nicloas Schieli. 2019. Security best practices for the Internet of Things with Google Cloud. https:\/\/www.youtube.com\/watch?v=q6-wwVohnIU"},{"key":"e_1_3_2_1_39_1","volume-title":"Turning your surveillance camera against you. HITB Amsterdam","author":"Shekyan Sergey","year":"2013","unstructured":"Sergey Shekyan and Artem Harutyunyan. 2013. To Watch Or To Be Watched. Turning your surveillance camera against you. HITB Amsterdam (2013)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2021.3064507"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2015.7288421"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/MASS.2016.051"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.138"},{"key":"e_1_3_2_1_44_1","volume-title":"Media & Sport","author":"UK Department for Digital, Culture","year":"2018","unstructured":"UK Department for Digital, Culture, Media & Sport. 2018. Code of Practice for Consumer IoT Security."},{"key":"e_1_3_2_1_45_1","volume-title":"Defcon 22 Hacking Conference. https:\/\/syn.ac\/defc0n22","author":"Wardle Patrick","year":"2014","unstructured":"Patrick Wardle and C Moore. 2014. Optical Surgery: Implanting a Dropcam. In Synack Labs, Defcon 22 Hacking Conference. https:\/\/syn.ac\/defc0n22"}],"event":{"name":"ACSAC '23: Annual Computer Security Applications Conference","acronym":"ACSAC '23","location":"Austin TX USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627106.3627133","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3627106.3627133","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T17:39:23Z","timestamp":1755884363000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627106.3627133"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,4]]},"references-count":45,"alternative-id":["10.1145\/3627106.3627133","10.1145\/3627106"],"URL":"https:\/\/doi.org\/10.1145\/3627106.3627133","relation":{},"subject":[],"published":{"date-parts":[[2023,12,4]]},"assertion":[{"value":"2023-12-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}