{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:17:34Z","timestamp":1776889054910,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Jiangsu Provincial Key R&D Programs","award":["BE2021729, BE2022680, and BE2022065-5"],"award-info":[{"award-number":["BE2021729, BE2022680, and BE2022065-5"]}]},{"name":"Jiangsu Provincial Key Laboratory of Network and Information Security","award":["BM2003201"],"award-info":[{"award-number":["BM2003201"]}]},{"name":"US National Science Foundation (NSF)","award":["1931871 and 2325451"],"award-info":[{"award-number":["1931871 and 2325451"]}]},{"name":"National Natural Science Foundation of China","award":["62072103 and 62232004"],"award-info":[{"award-number":["62072103 and 62232004"]}]},{"name":"Key Laboratory of Computer Network and Information Integration of Ministry of Education of China","award":["93K-9"],"award-info":[{"award-number":["93K-9"]}]},{"name":"Collaborative Innovation Center of Novel Software Technology and Industrialization"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670342","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"2341-2354","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["<scp>RIoTFuzzer:<\/scp>\n            Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1721-7508","authenticated-orcid":false,"given":"Kaizheng","family":"Liu","sequence":"first","affiliation":[{"name":"Southeast University, Nanjing, Jiangsu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8209-1000","authenticated-orcid":false,"given":"Ming","family":"Yang","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, Jiangsu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9691-8702","authenticated-orcid":false,"given":"Zhen","family":"Ling","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, Jiangsu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7786-0231","authenticated-orcid":false,"given":"Yue","family":"Zhang","sequence":"additional","affiliation":[{"name":"Drexel University, Philadelphia, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4737-9732","authenticated-orcid":false,"given":"Chongqing","family":"Lei","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, Jiangsu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7518-4367","authenticated-orcid":false,"given":"Junzhou","family":"Luo","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, Jiangsu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2391-7789","authenticated-orcid":false,"given":"Xinwen","family":"Fu","sequence":"additional","affiliation":[{"name":"University of Massachusetts Lowell, Lowell, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"key":"e_1_3_2_1_2_1","unstructured":"Anthony Desnos. 2012--2024. Androguard. https:\/\/github.com\/androguard\/androguard."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST46399.2020.00046"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_5_1","unstructured":"Tumbleson Connor. 2024. ApkTool. https:\/\/ibotpeaches.github.io\/Apktool."},{"key":"e_1_3_2_1_6_1","unstructured":"Aldo Cortesi Maximilian Hils Thomas Kriechbaumer and contributors. 2010--. mitmproxy: A free and open source interactive HTTPS proxy. https:\/\/mitmproxy.org\/. Version 7.0."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the 22th USENIX Security Symposium (USENIX Security'13)","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast Internet-wide Scanning and Its Security Applications. In Proceedings of the 22th USENIX Security Symposium (USENIX Security'13). Washington, DC, USA, 605--620."},{"key":"e_1_3_2_1_8_1","volume-title":"Muench","author":"Sesterhenn Eric","year":"2015","unstructured":"Eric Sesterhenn and Martin J. Muench. 2015. Bruteforce Exploit Detector. https:\/\/github.com\/wireghoul\/doona."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484543"},{"key":"e_1_3_2_1_10_1","unstructured":"Fortune Business Insights. June 06 2024. Smart Home Market Size Share & COVID-19 Impact Analysis By Device Type (Safety and Security Devices Energy and Water Control Climate Control Lighting Control Consumer Electronics) By Housing Type (Multifamily Dwelling Single Family Dwelling) and Regional Forecast 2023--2030. https:\/\/www.fortunebusinessinsights.com\/industry-reports\/smart-home-market-101900."},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 35th International Conference on Software Engineering (ICSE'13)","author":"Gomez Lorenzo","unstructured":"Lorenzo Gomez, Iulian Neamtiu, Tanzirul Azim, and Todd D. Millstein. 2013. RERAN: timing- and touch-sensitive record and replay for Android. In Proceedings of the 35th International Conference on Software Engineering (ICSE'13). San Francisco, CA, USA, 72--81."},{"key":"e_1_3_2_1_12_1","unstructured":"GRACE MACEJ. 2016. DDoS attack on Dyn took down the bulk of the internet on Friday. https:\/\/blog.avast.com\/ddos-attack-on-dyn-took-down-the-bulk-ofthe-internet-on-friday"},{"key":"e_1_3_2_1_13_1","unstructured":"HUAWEI Inc. 2019. Huawei HiLink Ignites IoT Development. https:\/\/consumer.huawei.com\/en\/press\/news\/2019\/huawei-hilink-ignites-iot-development\/."},{"key":"e_1_3_2_1_14_1","unstructured":"Google Inc. 2024. monkeyrunner. https:\/\/developer.android.com\/studio\/test\/monkeyrunner\/index.html."},{"key":"e_1_3_2_1_15_1","unstructured":"iputils. 2024. iputils. https:\/\/github.com\/iputils\/iputils."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00051"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2017.8170867"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2707465"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3036232"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417255"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3581791.3596857"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00039"},{"key":"e_1_3_2_1_23_1","unstructured":"oleavr. 2020. Dynamic instrumentation toolkit for developers reverse-engineers and security researchers. https:\/\/frida.re\/."},{"key":"e_1_3_2_1_24_1","unstructured":"OWASP. 2021. Web services fuzzing tool for http and soap. https:\/\/sourceforge.net\/projects\/wsfuzzer\/files\/."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00066"},{"key":"e_1_3_2_1_26_1","unstructured":"RIoTFuzzer. 2024. https:\/\/github.com\/kzLiu2017\/RIoTFuzzer.git."},{"key":"e_1_3_2_1_27_1","unstructured":"Satyajit Sinha. May 24 2023. State of IoT 2023: Number of connected IoT devices growing 16% to 16.7 billion globally. https:\/\/iot-analytics.com\/number-connected-iot-devices\/."},{"key":"e_1_3_2_1_28_1","unstructured":"sensepost. 2021. objection - runtime mobile exploration. https:\/\/github.com\/sensepost\/objection?tab=readme-ov-file."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_30_1","unstructured":"StatCounter Inc. 2024. Mobile Operating System Market Share Worldwide. https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 32nd USENIX Security Symposium (USENIX Security'23)","author":"Tay Hui Jun","year":"2023","unstructured":"Hui Jun Tay, Kyle Zeng, Jayakrishna Menon Vadayath, Arvind S. Raj, Audrey Dutcher, Tejesh Reddy, Wil Gibbs, Zion Leonahenahe Basque, Fangzhou Dong, Zack Smith, Adam Doup\u00e9, Tiffany Bao, Yan Shoshitaishvili, and Ruoyu Wang. 2023. Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security'23). Anaheim, CA, USA, 5791--5808."},{"key":"e_1_3_2_1_32_1","unstructured":"Tuya Inc. April 12 2024. Tuya IoT Development Platform. https:\/\/developer.tuya.com\/en\/docs\/iot\/introduction-of-tuya?id=K914joffendwh."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00086"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 32nd USENIX Security Symposium (USENIX Security'23)","author":"Wang Chao","year":"2023","unstructured":"Chao Wang, Yue Zhang, and Zhiqiang Lin. 2023. One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security'23). Anaheim, CA, USA, 6629--6646."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616676"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.26"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security'19)","author":"Wang Xueqiang","year":"2019","unstructured":"Xueqiang Wang, Yuqiong Sun, Susanta Nanda, and XiaoFeng Wang. 2019. Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps. In Proceedings of the 28th USENIX Security Symposium (USENIX Security'19). Santa Clara, CA, 1151--1167."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 29th USENIX Security Symposium, (USENIX Security'20)","author":"Wen Haohuang","year":"2020","unstructured":"Haohuang Wen, Qi Alfred Chen, and Zhiqiang Lin. 2020. Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT. In Proceedings of the 29th USENIX Security Symposium, (USENIX Security'20). Virtual Event, 949--965."},{"key":"e_1_3_2_1_39_1","unstructured":"Xiaomi Inc. --. Xiaomi Miot Spec. https:\/\/home.miot-spec.com\/."},{"key":"e_1_3_2_1_40_1","unstructured":"Xiaomi Inc. 2023. Xiaomi 2023 Q2 Adjusted Net Profit Surges 147% to RMB5.1 Billion. https:\/\/www.mi.com\/global\/discover\/article?id=3008."},{"key":"e_1_3_2_1_41_1","volume-title":"SoK: Decoding the Super App Enigma: The Security Mechanisms, Threats, and Trade-offs in OS-alike Apps. arXiv preprint arXiv:2306.07495","author":"Yang Yuqing","year":"2023","unstructured":"Yuqing Yang, Chao Wang, Yue Zhang, and Zhiqiang Lin. 2023. SoK: Decoding the Super App Enigma: The Security Mechanisms, Threats, and Trade-offs in OS-alike Apps. arXiv preprint arXiv:2306.07495 (2023)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560597"},{"key":"e_1_3_2_1_43_1","volume-title":"A survey on large language model (llm) security and privacy: The good, the bad, and the ugly. High-Confidence Computing","author":"Yao Yifan","year":"2024","unstructured":"Yifan Yao, Jinhao Duan, Kaidi Xu, Yuanfang Cai, Zhibo Sun, and Yue Zhang. 2024. A survey on large language model (llm) security and privacy: The good, the bad, and the ugly. High-Confidence Computing (2024), 100211."},{"key":"e_1_3_2_1_44_1","unstructured":"Yuchuan Wang. 2019. JD?s IoT Smart Housing Solution Brings the Future of Living to Hundreds of Residential Compounds Across China. https:\/\/jdcorporateblog.com\/jds-iot-smart-housing-solution-brings-the-future-of-living-to-hundreds-of-residential-compounds-across-china\/."},{"key":"e_1_3_2_1_45_1","volume-title":"Chaoshun Zuo, and Zhiqiang Lin.","author":"Zhang Yue","year":"2021","unstructured":"Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, and Zhiqiang Lin. 2021. A Measurement Study of Wechat Mini-Apps. ACM on Measurement and Analysis of Computing Systems 5, 2 (2021), 14:1--14:25."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616591"},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security'19)","author":"Zheng Yaowen","year":"2019","unstructured":"Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun. 2019. FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation. In Proceedings of the 28th USENIX Security Symposium (USENIX Security'19). Santa Clara, CA, USA, 1099--1114."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534414"},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security'19)","author":"Zhou Wei","year":"2019","unstructured":"Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, and Yuqing Zhang. 2019. Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. In Proceedings of the 28th USENIX Security Symposium (USENIX Security'19). Santa Clara, CA, USA, 1133--1150."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354240"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670342","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670342","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:57:56Z","timestamp":1755842276000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670342"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":50,"alternative-id":["10.1145\/3658644.3670342","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670342","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}