{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,30]],"date-time":"2026-06-30T06:43:29Z","timestamp":1782801809894,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":77,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3637671","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"63-79","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Exposed by Default: A Security Analysis of Home Router Default Settings"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-0923-9658","authenticated-orcid":false,"given":"Junjian","family":"Ye","sequence":"first","affiliation":[{"name":"Nanjing University of Posts and Telecommunications, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2664-3963","authenticated-orcid":false,"given":"Xavier De Carn\u00e9","family":"De Carnavalet","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, HongKong, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6376-4062","authenticated-orcid":false,"given":"Lianying","family":"Zhao","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7457-5198","authenticated-orcid":false,"given":"Mengyuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, HongKong, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5457-1923","authenticated-orcid":false,"given":"Lifa","family":"Wu","sequence":"additional","affiliation":[{"name":"Nanjing University of Posts and Telecommunications, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1658-0236","authenticated-orcid":false,"given":"Wei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanjing University of Posts and Telecommunications, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Wi-Fi Alliance. 2020. Wi-Fi Protected Setup Specification v2.0.8. https:\/\/www.wi-fi.org\/downloads-registered-guest\/Wi-Fi_Protected_Setup_Specification_v2.0.8.pdf."},{"key":"e_1_3_2_1_2_1","volume-title":"SoK: Security Evaluation of Home-Based IoT Deployments. In IEEE Symposium on Security and Privacy (S&P'19)","author":"Alrawi Omar","year":"2019","unstructured":"Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose. 2019. SoK: Security Evaluation of Home-Based IoT Deployments. In IEEE Symposium on Security and Privacy (S&P'19). 1362--1380."},{"key":"e_1_3_2_1_3_1","unstructured":"Baran Guru. 2019. New Mozi P2P Botnet Attacks Netgear GPON D-Link and Huawei Routers Using Weak Passwords and Some Known Exploits. https:\/\/gbhackers.com\/new-mozi-botnet\/."},{"key":"e_1_3_2_1_4_1","volume-title":"Banner Blindness: The Irony of Attention Grabbing on The World Wide Web. In Human Factors and Ergonomics Society Annual Meeting (HFES)","volume":"42","author":"Benway Jan Panero","year":"1998","unstructured":"Jan Panero Benway. 1998. Banner Blindness: The Irony of Attention Grabbing on The World Wide Web. In Human Factors and Ergonomics Society Annual Meeting (HFES), Vol. 42. 463--467."},{"key":"e_1_3_2_1_5_1","volume-title":"Firmware Update Attacks and Security for IoT Devices: Survey. In Annual International Conference on Arab Women in Computing (ArabWIC'19)","author":"Bettayeb Meriem","year":"2019","unstructured":"Meriem Bettayeb, Qassim Nasir, and Manar Abu Talib. 2019. Firmware Update Attacks and Security for IoT Devices: Survey. In Annual International Conference on Arab Women in Computing (ArabWIC'19). 1--6."},{"key":"e_1_3_2_1_6_1","volume-title":"Security Flaws in 802.11 Data Link Protocols. Communications of the ACM (CACM'3) 46, 5","author":"Cam-Winget Nancy","year":"2003","unstructured":"Nancy Cam-Winget, Russ Housley, David Wagner, and Jesse Walker. 2003. Security Flaws in 802.11 Data Link Protocols. Communications of the ACM (CACM'3) 46, 5 (2003), 35--39."},{"key":"e_1_3_2_1_7_1","volume-title":"Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In Network and Distributed System Security Symposium (NDSS'16)","author":"Chen Daming D.","year":"2016","unstructured":"Daming D. Chen, Manuel Egele, Maverick Woo, and David Brumley. 2016. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In Network and Distributed System Security Symposium (NDSS'16). 1--16."},{"key":"e_1_3_2_1_8_1","volume-title":"Mitmproxy: A Free and Open Source Interactive HTTPS Proxy. https:\/\/mitmproxy.org\/ [Version 9.0].","author":"Cortesi Aldo","year":"2010","unstructured":"Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer, and contributors. 2010. Mitmproxy: A Free and Open Source Interactive HTTPS Proxy. https:\/\/mitmproxy.org\/ [Version 9.0]."},{"key":"e_1_3_2_1_9_1","volume-title":"USENIX Security Symposium (USENIX Security). 95--110","author":"Costin Andrei","year":"2014","unstructured":"Andrei Costin, Jonas Zaddach, Aur\u00e9lien Francillon, and Davide Balzarotti. 2014. A Large-scale Analysis of the Security of Embedded Firmwares. In USENIX Security Symposium (USENIX Security). 95--110."},{"key":"e_1_3_2_1_10_1","volume-title":"When Firmware Modifications Attack: A Case Study of Embedded Exploitation. In Network and Distributed System Security Symposium (NDSS'13)","author":"Cui Ang","year":"2013","unstructured":"Ang Cui, Michael Costello, and Salvatore J Stolfo. 2013. When Firmware Modifications Attack: A Case Study of Embedded Exploitation. In Network and Distributed System Security Symposium (NDSS'13). 1--13."},{"key":"e_1_3_2_1_11_1","volume-title":"Annual Computer Security Applications Conference (ACSAC'10)","author":"Cui Ang","unstructured":"Ang Cui and Salvatore J. Stolfo. 2010. A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-area Scan. In Annual Computer Security Applications Conference (ACSAC'10). 97--106."},{"key":"e_1_3_2_1_12_1","unstructured":"Joseph Davies. 2007. The Cable Guy IPv6 Autoconfiguration in Windows Vista. https:\/\/learn.microsoft.com\/en-us\/previous-versions\/technet-magazine\/cc137983(v=msdn.10)?redirectedfrom=MSDN."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"e_1_3_2_1_14_1","first-page":"148","article-title":"Visual Hierarchy and Mind Motion in Advertising Design","volume":"2","author":"Badawy Eldesouky Doaa Farouk","year":"2013","unstructured":"Doaa Farouk Badawy Eldesouky. 2013. Visual Hierarchy and Mind Motion in Advertising Design. Journal of Arts and Humanities 2, 2 (2013), 148--162.","journal-title":"Journal of Arts and Humanities"},{"key":"e_1_3_2_1_15_1","volume-title":"FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware. In USENIX Security Symposium (USENIX Security). 2379--2396","author":"Elsabagh Mohamed","year":"2020","unstructured":"Mohamed Elsabagh, Ryan Johnson, Angelos Stavrou, Chaoshun Zuo, Qingchuan Zhao, and ZhiqiangLin. 2020. FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware. In USENIX Security Symposium (USENIX Security). 2379--2396."},{"key":"e_1_3_2_1_16_1","volume-title":"International Conference on Advanced Information Networking and Applications Workshops (WAINA'13)","author":"Esnaashari Shadi","year":"2013","unstructured":"Shadi Esnaashari, Ian Welch, and Peter Komisarczuk. 2013. Determining Home Users' Vulnerability to Universal Plug and Play (UPnP) Attacks. In International Conference on Advanced Information Networking and Applications Workshops (WAINA'13). 725--729."},{"key":"e_1_3_2_1_17_1","volume-title":"ACM Asia Conference on Computer and Communications Security (ASIACCS'21)","author":"Fasano Andrew","year":"2021","unstructured":"Andrew Fasano, Tiemoko Ballo, Marius Muench, Tim Leek, Alexander Bulekov, Brendan Dolan-Gavitt, Manuel Egele, Aur\u00e9lien Francillon, Long Lu, Nick Gregory, Davide Balzarotti, and William Robertson. 2021. SoK: Enabling Security Analyses of Embedded Systems via Rehosting. In ACM Asia Conference on Computer and Communications Security (ASIACCS'21). 687--701."},{"key":"e_1_3_2_1_18_1","unstructured":"FileZilla. 2023. FileZilla - The Free FTP Solution. https:\/\/filezilla-project.org\/."},{"key":"e_1_3_2_1_19_1","unstructured":"Jason Fitzpatrick. 2022. Use a Wi-Fi Guest Network? Check These Settings. https:\/\/www.howtogeek.com\/832507\/use-a-wi-fi-guest-network-check-these-settings\/."},{"key":"e_1_3_2_1_20_1","volume-title":"Annual International Workshop on Selected Areas in Cryptography (SAC'1). 1--24","author":"Fluhrer Scott R.","year":"2001","unstructured":"Scott R. Fluhrer, Itsik Mantin, and Adi Shamir. 2001. Weaknesses in the Key Scheduling Algorithm of RC4. In Annual International Workshop on Selected Areas in Cryptography (SAC'1). 1--24."},{"key":"e_1_3_2_1_21_1","volume-title":"ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'21)","author":"Giese Dennis","year":"2021","unstructured":"Dennis Giese and Guevara Noubir. 2021. Amazon Echo Dot or the Reverberating Secrets of IoT Devices. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'21). 13--24."},{"key":"e_1_3_2_1_22_1","volume-title":"Toward Secure Embedded Web Interfaces. In USENIX Security Symposium (USENIX Security). 17--32","author":"Gourdin Baptiste","year":"2011","unstructured":"Baptiste Gourdin, Chinmay Soman, Hristo Bojinov, and Elie Bursztein. 2011. Toward Secure Embedded Web Interfaces. In USENIX Security Symposium (USENIX Security). 17--32."},{"key":"e_1_3_2_1_23_1","unstructured":"Hilt Stephen and Merces Fernando. 2021. VPNFilter Two Years Later: Routers Still Compromised. https:\/\/www.trendmicro.com\/en_us\/research\/21\/a\/vpnfilter-two-years-later-routers-still-compromised-.html."},{"key":"e_1_3_2_1_24_1","volume-title":"Improving Users' Security Choices on Home Wireless Networks. In Symposium on Usable Privacy and Security (SOUPS'10)","author":"Ho Justin T.","unstructured":"Justin T. Ho, David Dearman, and Khai N. Truong. 2010. Improving Users' Security Choices on Home Wireless Networks. In Symposium on Usable Privacy and Security (SOUPS'10). 1--12."},{"key":"e_1_3_2_1_25_1","unstructured":"Chris Hoffman. 2013. Wi-Fi Protected Setup (WPS) is Insecure: Here's Why You Should Disable It. https:\/\/www.howtogeek.com\/176124\/wi-fi-protected-setup-wps-is-insecure-heres-why-you-should-disable-it\/."},{"key":"e_1_3_2_1_26_1","unstructured":"Michael Horowitz. 2015. Linksys Smart Wi-Fi Makes A Stupid Guest Network. https:\/\/www.computerworld.com\/article\/2940566\/linksys-smart-wi-fi-makes-a-stupid-guest-network.html."},{"key":"e_1_3_2_1_27_1","unstructured":"Michael Horowitz. 2015. Router Security. https:\/\/www.routersecurity.org\/checklist.php."},{"key":"e_1_3_2_1_28_1","volume-title":"ACM international conference on Measurement and modeling of computer systems (SIGMETRICS'23)","author":"Hsu Amanda","year":"2023","unstructured":"Amanda Hsu, Frank Li, and Paul Pearce. 2023. Fiat Lux: Illuminating IPv6 Apportionment with Different Datasets. In ACM international conference on Measurement and modeling of computer systems (SIGMETRICS'23). 1--24."},{"key":"e_1_3_2_1_29_1","first-page":"11","article-title":"IEEE Standard for Information Technology-Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Networks-Specific Requirements - Part 11","volume":"802","author":"IEEE.","year":"2021","unstructured":"IEEE. 2021. IEEE Standard for Information Technology-Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Networks-Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11-2020 (Revision of IEEE Std 802.11-2016) (2021), 1--4379.","journal-title":"IEEE Std"},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX Security Symposium (USENIX Security). 4473--4490","author":"Jeitner Philipp","year":"2022","unstructured":"Philipp Jeitner, Haya Shulman, Lucas Teichmann, and Michael Waidner. 2022. XDRI Attacks - and - How to Enhance Resilience of Residential Routers. In USENIX Security Symposium (USENIX Security). 4473--4490."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Davino Mauro Junior Luis Melo Harvey Lu Marcelo d'Amorim and Atul Prakash. 2019. Beware of the App! On the Vulnerability Surface of Smart Devices through their Companion Apps. arXiv:1901.10062 [cs.CR]","DOI":"10.1109\/SPW.2019.00042"},{"key":"e_1_3_2_1_32_1","unstructured":"kaklakariada. 2015. UPnP PortMapper. https:\/\/github.com\/kaklakariada\/portmapper."},{"key":"e_1_3_2_1_33_1","volume-title":"FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis. In Annual Computer Security Applications Conference (ACSAC'20)","author":"Kim Mingeun","year":"2020","unstructured":"Mingeun Kim, Dongkwan Kim, Eunsoo Kim, Suryeon Kim, Yeongjin Jang, and Yongdae Kim. 2020. FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis. In Annual Computer Security Applications Conference (ACSAC'20). 733--745."},{"key":"e_1_3_2_1_34_1","volume-title":"Ralph Droms, Tony L. Hain, and Brian E. Carpenter.","author":"Klein Eric","year":"2007","unstructured":"Eric Klein, Gunter Van de Velde, Ralph Droms, Tony L. Hain, and Brian E. Carpenter. 2007. Local Network Protection for IPv6. https:\/\/www.rfc-editor.org\/info\/rfc4864."},{"key":"e_1_3_2_1_35_1","volume-title":"All Things Considered: An Analysis of IoT Devices on Home Networks. In USENIX Security Symposium (USENIX Security). 1169--1185","author":"Kumar Deepak","year":"2019","unstructured":"Deepak Kumar, Kelly Shen, Benton Case, Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, Rajarshi Gupta, and Zakir Durumeric. 2019. All Things Considered: An Analysis of IoT Devices on Home Networks. In USENIX Security Symposium (USENIX Security). 1169--1185."},{"key":"e_1_3_2_1_36_1","volume-title":"How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices. In IEEE Symposium on Security and Privacy (S&P'23)","author":"Liu Peiyu","year":"2023","unstructured":"Peiyu Liu, Shouling Ji, Lirong Fu, Kangjie Lu, Xuhong Zhang, Jingchang Qin, Wenhai Wang, and Wenzhi Chen. 2023. How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices. In IEEE Symposium on Security and Privacy (S&P'23). 1845--1861."},{"key":"e_1_3_2_1_37_1","volume-title":"USENIX Workshop on Offensive Technologies (WOOT'15)","author":"Lorente Eduardo Novella","year":"2015","unstructured":"Eduardo Novella Lorente, Carlo Meijer, and Roel Verdult. 2015. Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers. In USENIX Workshop on Offensive Technologies (WOOT'15). 1--13."},{"key":"e_1_3_2_1_38_1","volume-title":"An Attack Surface Metric","author":"Manadhata Pratyusa K","year":"2010","unstructured":"Pratyusa K Manadhata and Jeannette M Wing. 2010. An Attack Surface Metric. IEEE Transactions on Software Engineering (TSE'10) 37, 3 (2010), 371--386."},{"key":"e_1_3_2_1_39_1","volume-title":"Understanding the Mirai Botnet. In USENIX Security Symposium (USENIX Security). 1093--1110","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In USENIX Security Symposium (USENIX Security). 1093--1110."},{"key":"e_1_3_2_1_40_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS'22)","author":"Markert Philipp","year":"2022","unstructured":"Philipp Markert, Theodor Schnitzler, Maximilian Golla, and Markus D\u00fcrmuth. 2022. \"As soon as it's a risk, I want to require MFA\": How Administrators Configure Risk-based Authentication. In Symposium on Usable Privacy and Security (SOUPS'22). 483--501."},{"key":"e_1_3_2_1_41_1","unstructured":"MarketWatch. 2023. Home Wireless Router Market Size 2023-2030 | Detailed Analysis of Market Size and Growth Rate. https:\/\/www.marketwatch.com\/press-release\/home-wireless-router-market-size-2023-2030-detailed-analysis-of-market-size-and-growth-rate-2023-05-08."},{"key":"e_1_3_2_1_42_1","volume-title":"Conference on Human Factors in Computing Systems (CHI'21)","author":"Mathur Arunesh","year":"2021","unstructured":"Arunesh Mathur, Mihir Kshirsagar, and Jonathan Mayer. 2021. What Makes a Dark Pattern... Dark? Design Attributes, Normative Considerations, and Measurement Methods. In Conference on Human Factors in Computing Systems (CHI'21). 1--18."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.968819"},{"key":"e_1_3_2_1_44_1","volume-title":"Internet Measurement Conference (IMC'17)","author":"Murdock Austin","year":"2017","unstructured":"Austin Murdock, Frank Li, Paul Bramsen, Zakir Durumeric, and Vern Paxson. 2017. Target Generation for Internet-wide IPv6 Scanning. In Internet Measurement Conference (IMC'17). 242--253."},{"key":"e_1_3_2_1_45_1","unstructured":"David Murphy. 2020. You Need to Lock Down Your Router's Remote Management Options. https:\/\/lifehacker.com\/you-need-to-lock-down-your-routers-remote-management-op-1842525275."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3400899.3400901"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Dr. Thomas Narten Richard P. Draves and Suresh Krishnan. 2007. Privacy Extensions for Stateless Address Autoconfiguration in IPv6. https:\/\/www.rfc-editor.org\/info\/rfc4941.","DOI":"10.17487\/rfc4941"},{"key":"e_1_3_2_1_48_1","unstructured":"Marcus Niemietz and Joerg Schwenk. 2015. Owning Your Home Network: Router Security Revisited. arXiv:1506.04112 [cs.CR]"},{"key":"e_1_3_2_1_49_1","unstructured":"Nmap. 2023. Nmap: the Network Mapper - Free Security Scanner. https:\/\/nmap.org\/."},{"key":"e_1_3_2_1_50_1","volume-title":"Rethinking Home Network Security. In European Workshop on Usable Security (EuroUSEC'18)","author":"Nthala Norbert","year":"2018","unstructured":"Norbert Nthala and Ivan Flechais. 2018. Rethinking Home Network Security. In European Workshop on Usable Security (EuroUSEC'18). 1--11."},{"key":"e_1_3_2_1_51_1","first-page":"42","article-title":"Multipurpose Interactive Public Displays in the Wild","volume":"45","author":"Ojala Timo","year":"2012","unstructured":"Timo Ojala, Vassilis Kostakos, Hannu Kukka, Tommi Heikkinen, Tomas Linden, Marko Jurmu, Simo Hosio, Fabio Kruger, and Daniele Zanni. 2012. Multipurpose Interactive Public Displays in the Wild: Three Years Later. Computer 45, 5 (2012), 42--49.","journal-title":"Three Years Later. Computer"},{"key":"e_1_3_2_1_52_1","unstructured":"James O'Flaherty. 2012. Hierarchy - What Do You Want People to See? Where Do You Want Them to Go? https:\/\/www.datadial.net\/blog\/hierarchy-what-do-you-want-people-to-see-where-do-you-want-them-to-go\/."},{"key":"e_1_3_2_1_53_1","volume-title":"Number of Internet and Social Media Users Worldwide as of","year":"2023","unstructured":"Petrosyan, Ani. 2023. Number of Internet and Social Media Users Worldwide as of April 2023. https:\/\/www.statista.com\/statistics\/617136\/digital-population-worldwide\/."},{"key":"e_1_3_2_1_54_1","volume-title":"International Conference on Advanced Visual Interfaces (AVI'22)","author":"Prange Sarah","year":"2022","unstructured":"Sarah Prange, Niklas Thiem, Michael Fr\u00f6hlich, and Florian Alt. 2022. \"Secure Settings Are Quick and Easy!\" - Motivating End-Users to Choose Secure Smart Home Configurations. In International Conference on Advanced Visual Interfaces (AVI'22). 1--9."},{"key":"e_1_3_2_1_55_1","volume-title":"International Conference on Security and Cryptography (SECRYPT'13)","author":"Cliffe Schreuders Z.","unstructured":"Z. Cliffe Schreuders and Adil M. Bhat. 2013. Not all ISPs equally secure home users: An empirical study comparing Wi-Fi security provided by UK ISPs. In International Conference on Security and Cryptography (SECRYPT'13). 1--6."},{"key":"e_1_3_2_1_56_1","unstructured":"Ax Sharma. 2020. D-Link Blunder: Firmware Encryption Key Exposed in Unencrypted Image. https:\/\/www.bleepingcomputer.com\/news\/security\/d-link-blunder-firmware-encryption-key-exposed-in-unencrypted-image\/."},{"key":"e_1_3_2_1_57_1","unstructured":"Shodan. 2023. Shodan. https:\/\/www.shodan.io\/."},{"key":"e_1_3_2_1_58_1","volume-title":"Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In Network and Distributed System Security Symposium (NDSS'15)","author":"Shoshitaishvili Yan","year":"2015","unstructured":"Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2015. Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. In Network and Distributed System Security Symposium (NDSS'15). 1--15."},{"key":"e_1_3_2_1_59_1","volume-title":"European Symposium on Research in Computer Security (ESORICS'18)","author":"McMahon Stone Chris","year":"2018","unstructured":"Chris McMahon Stone, Tom Chothia, and Joeri de Ruiter. 2018. Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. In European Symposium on Research in Computer Security (ESORICS'18). 325--345."},{"key":"e_1_3_2_1_60_1","volume-title":"Broadband Router Security: History, Challenges and Future Implications. Journal of Digital Forensics, Security and Law (JDFSL'17) 12, 4","author":"Szewczyk Patryk","year":"2017","unstructured":"Patryk Szewczyk and Rose Macdonald. 2017. Broadband Router Security: History, Challenges and Future Implications. Journal of Digital Forensics, Security and Law (JDFSL'17) 12, 4 (2017), 55--74."},{"key":"e_1_3_2_1_61_1","unstructured":"t6x. 2015. reaver-wps-fork-t6x. https:\/\/github.com\/t6x\/reaver-wps-fork-t6x."},{"key":"e_1_3_2_1_62_1","volume-title":"Households with Internet Access Worldwide","year":"2019","unstructured":"Taylor, Petroc. 2023. Households with Internet Access Worldwide 2019, by Region. https:\/\/www.statista.com\/statistics\/249830\/households-with-internet-access-worldwide-by-region\/."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/1514274.1514286"},{"key":"e_1_3_2_1_64_1","volume-title":"Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation. In USENIX Security Symposium (USENIX Security). 161--178","author":"Vanhoef Mathy","year":"2021","unstructured":"Mathy Vanhoef. 2021. Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation. In USENIX Security Symposium (USENIX Security). 161--178."},{"key":"e_1_3_2_1_65_1","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS'17)","author":"Vanhoef Mathy","year":"2017","unstructured":"Mathy Vanhoef and Frank Piessens. 2017. Key reinstallation attacks: Forcing nonce Reuse in WPA2. In ACM SIGSAC Conference on Computer and Communications Security (CCS'17). 1313--1328."},{"key":"e_1_3_2_1_66_1","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS'18)","author":"Vanhoef Mathy","year":"2018","unstructured":"Mathy Vanhoef and Frank Piessens. 2018. Release The Kraken: New Kracks in the 802.11 Standard. In ACM SIGSAC Conference on Computer and Communications Security (CCS'18). 299--314."},{"key":"e_1_3_2_1_67_1","volume-title":"IEEE Symposium on Security and Privacy (S&P'20)","author":"Vanhoef Mathy","year":"2020","unstructured":"Mathy Vanhoef and Eyal Ronen. 2020. Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd. In IEEE Symposium on Security and Privacy (S&P'20). 517--533."},{"key":"e_1_3_2_1_68_1","volume-title":"A Large-scale Analysis of Wi-Fi Passwords. Journal of Information Security and Applications (JISA'22) 67","author":"Veroni Eleni","year":"2022","unstructured":"Eleni Veroni, Christoforos Ntantogian, and Christos Xenakis. 2022. A Large-scale Analysis of Wi-Fi Passwords. Journal of Information Security and Applications (JISA'22) 67 (2022), 103190."},{"key":"e_1_3_2_1_69_1","unstructured":"Stefan Viehb\u00f6ck. 2011. Brute Forcing Wi-Fi Protected Setup. https:\/\/www.cs.cmu.edu\/~rdriley\/330\/papers\/viehboeck_wps.pdf."},{"key":"e_1_3_2_1_70_1","volume-title":"Firmaster: Analysis Tool for Home Router Firmware. In International Joint Conference on Computer Science and Software Engineering (JCSSE'18)","author":"Visoottiviseth Vasaka","year":"2018","unstructured":"Vasaka Visoottiviseth, Pongnapat Jutadhammakorn, Natthamon Pongchanchai, and Pongjarun Kosolyudhthasarn. 2018. Firmaster: Analysis Tool for Home Router Firmware. In International Joint Conference on Computer Science and Software Engineering (JCSSE'18). 1--6."},{"key":"e_1_3_2_1_71_1","unstructured":"Dingding Wang Muhui Jiang Rui Chang Yajin Zhou Baolei Hou Xiapu Luo Lei Wu and Kui Ren. 2021. A Measurement Study on the (In)security of End-of-Life (EoL) Embedded Devices. arXiv:2105.14298 [cs.CR]"},{"key":"e_1_3_2_1_72_1","unstructured":"Sean Whalen Sophie Engle and Dominic Romeo. 2001. An Introduction to ARP Spoofing. https:\/\/api.semanticscholar.org\/CorpusID:59638215."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"crossref","unstructured":"James Woodyatt. 2011. Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service. https:\/\/www.rfc-editor.org\/info\/rfc6092.","DOI":"10.17487\/rfc6092"},{"key":"e_1_3_2_1_74_1","volume-title":"Annual Computer Security Applications Conference (ACSAC'19)","author":"Zhang Yu","year":"2019","unstructured":"Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Longquan Liu, Yanyan Zou, Chao Zhang, and Baoxu Liu. 2019. SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities. In Annual Computer Security Applications Conference (ACSAC'19). 544--556."},{"key":"e_1_3_2_1_75_1","volume-title":"A Large-Scale Empirical Study on the Vulnerability of Deployed IoT Devices","author":"Zhao Binbin","year":"2022","unstructured":"Binbin Zhao, Shouling Ji, Wei-Han Lee, Changting Lin, Haiqin Weng, Jingzheng Wu, Pan Zhou, Liming Fang, and Raheem Beyah. 2022. A Large-Scale Empirical Study on the Vulnerability of Deployed IoT Devices. IEEE Transactions on Dependable and Secure Computing (TDSC'22) 19, 3 (2022), 1826--1840."},{"key":"e_1_3_2_1_76_1","unstructured":"ZOL. 2023. 2023 Wireless Router Brand Rankings. (in Chinese) https:\/\/top.zol.com.cn\/compositor\/227\/manu_attention.html."},{"key":"e_1_3_2_1_77_1","unstructured":"Zoomeye. 2023. Zoomeye. https:\/\/zoomeye.org\/."}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","location":"Singapore Singapore","acronym":"ASIA CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637671","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:06Z","timestamp":1750290246000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637671"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":77,"alternative-id":["10.1145\/3634737.3637671","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3637671","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}