{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T01:15:47Z","timestamp":1777598147548,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":114,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["EXC 2092 CASA - 390781972"],"award-info":[{"award-number":["EXC 2092 CASA - 390781972"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","award":["INTERSECT NWA 1160.18.301"],"award-info":[{"award-number":["INTERSECT NWA 1160.18.301"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"publisher"}]},{"name":"\u00d6sterreichische Forschungsf\u00f6rderungsgesellschaft","award":["SBA-K1"],"award-info":[{"award-number":["SBA-K1"]}]},{"name":"Internet Society Foundation","award":["G-202305-11628"],"award-info":[{"award-number":["G-202305-11628"]}]},{"DOI":"10.13039\/501100001821","name":"Vienna Science and Technology Fund","doi-asserted-by":"publisher","award":["ICT19-056"],"award-info":[{"award-number":["ICT19-056"]}],"id":[{"id":"10.13039\/501100001821","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001821","name":"Vienna Science and Technology Fund","doi-asserted-by":"publisher","award":["ICT22-060"],"award-info":[{"award-number":["ICT22-060"]}],"id":[{"id":"10.13039\/501100001821","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678899","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"561-578","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols"],"prefix":"10.1145","author":[{"given":"Carlotta","family":"Tagliaro","sequence":"first","affiliation":[{"name":"TU Wien, Austria"}]},{"given":"Martina","family":"Komsic","sequence":"additional","affiliation":[{"name":"TU Wien, Austria"}]},{"given":"Andrea","family":"Continella","sequence":"additional","affiliation":[{"name":"University of Twente, Netherlands"}]},{"given":"Kevin","family":"Borgolte","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Germany"}]},{"given":"Martina","family":"Lindorfer","sequence":"additional","affiliation":[{"name":"TU Wien, Austria"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3517408"},{"key":"e_1_3_2_1_2_1","volume-title":"Retrieved","year":"2023","unstructured":"[2] Alibaba. Whitelist DTS IP ranges for your user-created database. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/www.alibabacloud.com\/help\/en\/data-transmission-service\/latest\/whitelist-dts-ip-ranges-for-your-user-created-database."},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security). (Aug. 2021","author":"Alrawi O.","year":"2024","unstructured":"[3] O. Alrawi, C. Lever, K. Valakuzhy, R. Court, K. Z. Snow, F. Monrose, and M. Antonakakis. The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle. In Proceedings of the 30th USENIX Security Symposium (USENIX Security). (Aug. 2021). Retrieved July 22, 2024 from."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"key":"e_1_3_2_1_5_1","volume-title":"Retrieved","year":"2023","unstructured":"[5] Amazon. AWS IP ranges. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/ip-ranges.amazonaws.com\/ip-ranges.json."},{"key":"e_1_3_2_1_6_1","volume-title":"aiocoap. (Aug. 31","author":"Ams\u00fcss C.","year":"2023","unstructured":"[6] C. Ams\u00fcss. aiocoap. (Aug. 31, 2023). Retrieved Oct. 14, 2023 from https:\/\/github.com\/chrysn\/aiocoap."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/EECSI.2017.8239179"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.52"},{"key":"e_1_3_2_1_9_1","first-page":"22","author":"Banks A.","year":"2020","unstructured":"[9] A. Banks, E. Briggs, K. Borgendale, and R. Gupta. MQTT Version 5.0. (Mar. 2020). Retrieved Aug. 22, 2022 from https:\/\/docs.oasis-open.org\/mqtt\/mqtt\/v5. 0\/mqtt-v5.0.html.","journal-title":"MQTT Version 5.0."},{"key":"e_1_3_2_1_10_1","first-page":"22","author":"Banks A.","year":"2014","unstructured":"[10] A. Banks and R. Gupta. MQTT Version 3.1.1. (Oct. 2014). Retrieved Aug. 22, 2022 from http:\/\/docs.oasis- open.org\/mqtt\/mqtt\/v3.1.1\/os\/mqtt-v3.1.1- os.html.","journal-title":"MQTT Version 3.1.1."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3427563"},{"key":"e_1_3_2_1_12_1","volume-title":"The Constrained Application Protocol (CoAP). RFC 7252. (June","author":"Bormann C.","year":"2014","unstructured":"[12] C. Bormann, Z. Shelby, and K. Hartke. The Constrained Application Protocol (CoAP). RFC 7252. (June 2014). https:\/\/www.rfc-editor.org\/info\/rfc7252."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2953364"},{"key":"e_1_3_2_1_14_1","unstructured":"[14] California Privacy Rights Act (CPRA). Retrieved Dec. 2 2023 from https:\/\/cppa.ca.gov\/regulations\/."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW61312.2024.00039"},{"key":"e_1_3_2_1_17_1","unstructured":"[17] Cloudflare. IP Ranges. (Jan. 23 2023). Retrieved Jan. 23 2023 from https:\/\/www.cloudflare.com\/ips\/."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274736"},{"key":"e_1_3_2_1_19_1","volume-title":"coap-rs. (Sept. 30","year":"2023","unstructured":"[19] Covertness. coap-rs. (Sept. 30, 2023). Retrieved Oct. 14, 2023 from https:\/\/github.com\/Covertness\/coap-rs."},{"key":"e_1_3_2_1_20_1","unstructured":"[20] K. Cullen. FreeCoAP. (July 1 2021). Retrieved Oct. 14 2023 from https:\/\/github.com\/keith-cullen\/FreeCoAP."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3497762"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3644992"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00042"},{"key":"e_1_3_2_1_24_1","volume-title":"Retrieved","author":"Ocean Digital","year":"2023","unstructured":"[24] Digital Ocean. Digital Ocean Cloud IP ranges. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/digitalocean.com\/geo\/google.csv."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2022-0057"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SIoT.2016.012"},{"key":"e_1_3_2_1_27_1","volume-title":"Retrieved","author":"Foundation Eclipse","year":"2021","unstructured":"[27] Eclipse Foundation. IoT Developer Survey 2020. (Oct. 2020). Retrieved Nov. 15, 2021 from https:\/\/outreach.eclipse.foundation\/eclipse-iot-developer-survey-2020."},{"key":"e_1_3_2_1_28_1","unstructured":"[28] ETSI. Consumer IoT security. Retrieved Feb. 1 2023 from https:\/\/www.etsi.org\/technologies\/consumer-iot-security."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.04.002"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2022.105860"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3165809"},{"key":"e_1_3_2_1_32_1","volume-title":"Retrieved","year":"2023","unstructured":"[32] Google. Google Cloud IP ranges. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/www.gstatic.com\/ipranges\/cloud.json."},{"key":"e_1_3_2_1_33_1","volume-title":"Retrieved","author":"Greig J.","year":"2023","unstructured":"[33] J. Greig. Microsoft attributes alleged Chinese attack on Indian power grid to \u2018Boa\u2019 IoT vulnerability. (Nov. 25, 2022). Retrieved Nov. 20, 2023 from https:\/\/therecord.media\/microsof t-attributes-alleged-chinese-attack-on-indian-power-grid-to-boa-iot-vulnerability."},{"key":"e_1_3_2_1_34_1","first-page":"14","author":"Gultsch D.","year":"2023","unstructured":"[34] D. Gultsch and R. Raj. XMPP Compliance Tester. (July 22, 2023). Retrieved Oct. 14, 2023 from https:\/\/web.archive.org\/web\/20230417083716\/https:\/\/github.com\/iNPUTmice\/caas.","journal-title":"XMPP Compliance Tester."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380139"},{"key":"e_1_3_2_1_36_1","volume-title":"Retrieved","author":"Huggler J.","year":"2023","unstructured":"[36] J. Huggler. Germany bans internet-connected dolls over fears hackers could target children. (Feb. 17, 2017). Retrieved Nov. 20, 2023 from https:\/\/www.telegraph.co.uk\/news\/2017\/02\/17\/germany-bans-internet-connected-dollsfears-hackers-could-target."},{"key":"e_1_3_2_1_37_1","volume-title":"Retrieved","author":"Hunt T.","year":"2023","unstructured":"[37] T. Hunt. When children are breached \u2013 inside the massive VTech hack. (Nov. 18, 2015). Retrieved Nov. 20, 2023 from https:\/\/www.troyhunt.com\/when-children-are-breached-inside\/."},{"key":"e_1_3_2_1_38_1","volume-title":"Retrieved","author":"Hunt T.","year":"2023","unstructured":"[38] T. Hunt. Data from connected CloudPets teddy bears leaked and ransomed, exposing kids\u2019 voice messages. (Feb. 28, 2017). Retrieved Nov. 20, 2023 from https:\/\/www.troyhunt.com\/data-from-connected-cloudpets-teddy-bearsleaked-and-ransomed-exposing-kids-voice-messages\/."},{"key":"e_1_3_2_1_39_1","volume-title":"CRAM-MD5 and DIGEST-MD5 authentication. Retrieved","author":"IBM.","year":"2023","unstructured":"[39] IBM. CRAM-MD5 and DIGEST-MD5 authentication. Retrieved Jan. 23, 2023 from https:\/\/www.ibm.com\/docs\/en\/zos\/2.1.0?topic=use-cram-md5-digestmd5-authentication."},{"key":"e_1_3_2_1_40_1","volume-title":"Retrieved","author":"IBM.","year":"2023","unstructured":"[40] IBM. IBM Cloud IP ranges. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/cloud.ibm.com\/docs\/cloud-infrastructure?topic=cloud-infrastructure-ibm-cloud-ip-ranges."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP"},{"key":"e_1_3_2_1_42_1","volume-title":"Retrieved","author":"Internet Engineering Task Force (IETF).","year":"2023","unstructured":"[42] Internet Engineering Task Force (IETF). Authentication and Authorization for Constrained Environments (ACE). Retrieved Oct. 21, 2023 from https:\/\/datatracker.ietf.org\/wg\/ace\/about\/."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00051"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560640"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560680"},{"key":"e_1_3_2_1_46_1","volume-title":"Azure and Google together account for 66% of cloud market. (Oct. 31","author":"John A. S.","year":"2022","unstructured":"[46] A. S. John. AWS, Azure and Google together account for 66% of cloud market. (Oct. 31, 2022). Retrieved Feb. 2, 2023 from https:\/\/wire19.com\/amazon-microsof t-and-google-cloud-infrastructure-market\/."},{"key":"e_1_3_2_1_47_1","volume-title":"Retrieved","author":"Kijewski P.","year":"2023","unstructured":"[47] P. Kijewski. Threat Activity and Vulnerabilities in Indonesia, Malaysia, Philippines, and Thailand. (June 15, 2023). Retrieved Nov. 15, 2023 from https:\/\/blog.apnic.net\/2023\/06\/15\/threat- activity-and-vulnerabilities-in-indonesia-malaysia-philippines-and-thailand\/."},{"key":"e_1_3_2_1_48_1","volume-title":"xmpp-info. Retrieved","author":"Kulikov V.","year":"2022","unstructured":"[48] V. Kulikov. xmpp-info. Retrieved Apr. 20, 2022 from https:\/\/nmap.org\/nsedoc\/scripts\/xmpp-info.html."},{"key":"e_1_3_2_1_49_1","first-page":"2312","author":"Laurer M.","year":"2023","unstructured":"[49] M. Laurer, W. van Atteveldt, A. Casas, and K. Welbers. Building Efficient Universal Classifiers with Natural Language Inference. (Dec. 29, 2023). arXiv: 2312.17543 [cs.CL].","journal-title":"Building Efficient Universal Classifiers with Natural Language Inference."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8520"},{"key":"e_1_3_2_1_51_1","volume-title":"v1.6.1. (Oct. 21","author":"Light R.","year":"2021","unstructured":"[51] R. Light. Paho MQTT. v1.6.1. (Oct. 21, 2021). Retrieved Oct. 14, 2023 from https:\/\/pypi.org\/project\/paho-mqtt\/."},{"key":"e_1_3_2_1_52_1","unstructured":"[52] R. Light. mosquitto. Retrieved Jan. 7 2023 from https:\/\/mosquitto.org\/."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.techsoc.2020.101382"},{"key":"e_1_3_2_1_54_1","volume-title":"Retrieved","author":"Maggi F.","year":"2021","unstructured":"[54] F. Maggi, R. Vossler, and D. Quarta. The Fragility of Industrial IoT\u2019s Data Backbone. Security and Privacy Issues in MQTT and CoAP Protocols. (Dec. 4, 2018). Retrieved Aug. 21, 2021 from https:\/\/documents.trendmicro.com\/assets\/white_papers\/wp-the-fragility-of-industrial-IoTs-data-backbone.pdf."},{"key":"e_1_3_2_1_55_1","first-page":"20","author":"Meers W.","year":"2015","unstructured":"[55] W. Meers. Hello Barbie, Goodbye Privacy? Hacker Raises Security Concerns. (Nov. 30, 2015). Retrieved Nov. 20, 2023 from https:\/\/www.huffpost.com\/entry\/hello-barbie-security-concerns_n_565c4921e4b072e9d1c24d22.","journal-title":"Hacker Raises Security Concerns."},{"key":"e_1_3_2_1_56_1","volume-title":"Retrieved","year":"2023","unstructured":"[56] Micrsoft. Azure IP Ranges and Service Tags \u2013 Public Cloud. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=56519."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2017"},{"key":"e_1_3_2_1_58_1","volume-title":"Retrieved","author":"Mimoso M.","year":"2023","unstructured":"[58] M. Mimoso. Children\u2019s Voice Messages Leaked in CloudPets Database Breach. (Feb. 8, 2017). Retrieved Nov. 20, 2023 from https:\/\/threatpost.com\/childrensvoice-messages-leaked-in-cloudpets-database-breach\/123956\/."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3564644"},{"key":"e_1_3_2_1_60_1","volume-title":"Proceedings of the 32nd USENIX Security Symposium (USENIX Security). (Aug. 2023","author":"Nan Y.","year":"2024","unstructured":"[60] Y. Nan, X. Wang, L. Xing, X. Liao, R. Wu, J. Wu, Y. Zhang, and X. Wang. Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security). (Aug. 2023). Retrieved July 22, 2024 from."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-10684-2_10"},{"key":"e_1_3_2_1_63_1","unstructured":"[63] NIST. CVE-2011-3389. (Sept. 6 2011). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2011-3389."},{"key":"e_1_3_2_1_64_1","unstructured":"[64] NIST. CVE-2015-4000. (May 26 2015). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-4000."},{"key":"e_1_3_2_1_65_1","unstructured":"[65] NIST. CVE-2015-6409. (Dec. 26 2015). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-6409."},{"key":"e_1_3_2_1_66_1","unstructured":"[66] NIST. CVE-2016-2183. (Aug. 31 2016). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-2183."},{"key":"e_1_3_2_1_67_1","unstructured":"[67] NIST. CVE-2018-19417. (Nov. 21 2018). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-19417."},{"key":"e_1_3_2_1_68_1","unstructured":"[68] NIST. CVE-2017-7655. (Mar. 27 2019). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-7655."},{"key":"e_1_3_2_1_69_1","unstructured":"[69] NIST. CVE-2018-12550. (Mar. 27 2019). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-12550."},{"key":"e_1_3_2_1_70_1","unstructured":"[70] NIST. CVE-2018-12551. (Mar. 27 2019). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-12551."},{"key":"e_1_3_2_1_71_1","unstructured":"[71] NIST. CVE-2018-12679. (Apr. 2 2019). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-12679."},{"key":"e_1_3_2_1_72_1","unstructured":"[72] NIST. CVE-2019-9749. (Mar. 13 2019). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-9749."},{"key":"e_1_3_2_1_73_1","unstructured":"[73] NIST. CVE-2019-9750. (Mar. 13 2019). Retrieved Jan. 5 2023 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-9750."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317549.3323409"},{"key":"e_1_3_2_1_75_1","volume-title":"Retrieved","year":"2023","unstructured":"[75] Oracle. Oracle Cloud Infrastructe Documentation \u2013 IP Address Ranges. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/General\/Concepts\/addressranges.htm."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERVICES.2019.00023"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","unstructured":"[78] C. Partridge and M. Allman. Ethical Considerations in Network Measurement Papers. Communications of the ACM 59 10. doi: 10.1145\/2896816.","DOI":"10.1145\/2896816"},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.14722\/ethics.2023"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00037"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485367"},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00066"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.14722\/ethics.2023.237352"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355577"},{"key":"e_1_3_2_1_85_1","volume-title":"Retrieved","author":"Sabetan S.","year":"2023","unstructured":"[85] S. Sabetan. The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets. (Apr. 4, 2023). Retrieved Nov. 20, 2023 from https:\/\/medium.com\/@samsabetan\/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc."},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561431"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6122"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6122"},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6122"},{"key":"e_1_3_2_1_90_1","unstructured":"[90] P. Saint-Andre. In-Band Registration. XEP 0077. Version 2.4. XMPP Standards Foundation. https:\/\/xmpp.org\/extensions\/xep-0077.html."},{"key":"e_1_3_2_1_91_1","first-page":"0237","volume-title":"Roster Versioning. XEP 0237. Version 1.3","author":"Saint-Andre P.","unstructured":"[91] P. Saint-Andre and D. Cridland. Roster Versioning. XEP 0237. Version 1.3. XMPP Standards Foundation. https:\/\/xmpp.org\/extensions\/xep-0237.html."},{"key":"e_1_3_2_1_92_1","volume-title":"Retrieved","year":"2023","unstructured":"[92] Salesforce. Salesforce Core Services \u2013 IP Addresses and Domains to Allow. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/help.salesforce.com\/s\/ articleView?id=000384438&type=1."},{"key":"e_1_3_2_1_93_1","volume-title":"v1.7.0. (Aug. 5","year":"2021","unstructured":"[93] Samsung. Cotopaxi. v1.7.0. (Aug. 5, 2021). Retrieved Aug. 22, 2022 from https: \/\/github.com\/Samsung\/cotopaxi."},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623211"},{"key":"e_1_3_2_1_95_1","unstructured":"[95] T. Seals. Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa. (Feb. 11 2022). Retrieved Nov. 20 2023 from https:\/\/threatpost.com\/ critical-mqtt-bugs-industrial-rce-moxa\/178399\/."},{"key":"e_1_3_2_1_96_1","volume-title":"Retrieved","author":"Foundation Shadowserver","year":"2023","unstructured":"[96] Shadowserver Foundation. Accessible CoAP Report \u2013 Exposed Constrained Application Protocol Services on the Internet. (June 24, 2020). Retrieved Nov. 15, 2023 from https:\/\/www.shadowserver.org\/news\/accessible-coapreport- scanning-for-exposed-constrained-application-protocol-services\/."},{"key":"e_1_3_2_1_97_1","volume-title":"Honeyscore - Honeypot Or Not? Retrieved","year":"2023","unstructured":"[97] Shodan. Honeyscore - Honeypot Or Not? Retrieved Oct. 21, 2023 from https: \/\/honeyscore.shodan.io\/."},{"key":"e_1_3_2_1_98_1","volume-title":"Retrieved","author":"Search Shodan","year":"2023","unstructured":"[98] Shodan. Shodan \u2013 Search Engine for the Internet of Everything. Retrieved Oct. 14, 2023 from https:\/\/www.shodan.io."},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2866249"},{"key":"e_1_3_2_1_100_1","volume-title":"Secure IoT. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security). (Aug. 2023","author":"Sombatruang N.","year":"2024","unstructured":"[100] N. Sombatruang, T. Caulfield, I. Becker, A. Fujita, T. Kasama, K. Nakao, and D. Inoue. Internet Service Providers\u2019 and Individuals\u2019 Attitudes, Barriers, and Incentives to Secure IoT. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security). (Aug. 2023). Retrieved July 22, 2024 from."},{"key":"e_1_3_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.52"},{"key":"e_1_3_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552"},{"key":"e_1_3_2_1_103_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-88428-4"},{"key":"e_1_3_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-28486-1_10"},{"key":"e_1_3_2_1_105_1","volume-title":"Retrieved","author":"Vailshery L. Sujay","year":"2023","unstructured":"[105] L. Sujay Vailshery. Number of Internet of Things (IoT) connected devices worldwide from 2019 to 2021, with forecasts from 2022 to 2030. (July 27, 2023). Retrieved Oct. 13, 2023 from https:\/\/www.statista.com\/statistics\/1183457\/iotconnected- devices-worldwide\/."},{"key":"e_1_3_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24102"},{"key":"e_1_3_2_1_107_1","doi-asserted-by":"publisher","DOI":"10.14722\/laser-ndss.2023.24102"},{"key":"e_1_3_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24097"},{"key":"e_1_3_2_1_109_1","volume-title":"testssl. v3.2rc2. Retrieved","year":"2023","unstructured":"[109] Wetter, Dirk. testssl. v3.2rc2. Retrieved Jan. 23, 2023 from https:\/\/github.com\/ drwetter\/testssl.sh."},{"key":"e_1_3_2_1_110_1","first-page":"0387","volume-title":"XMPP Compliance Suites. XEP 0387. Version 1.0.0","author":"Whited S.","unstructured":"[110] S. Whited and J. Sch\u00e4fer. XMPP Compliance Suites. XEP 0387. Version 1.0.0. XMPP Standards Foundation. https:\/\/xmpp.org\/extensions\/xep-0387.html."},{"key":"e_1_3_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00019"},{"key":"e_1_3_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.23919\/TMA62044.2024.10558996"},{"key":"e_1_3_2_1_113_1","volume-title":"Retrieved","year":"2023","unstructured":"[113] Yandex. Public IP address ranges for Yandex Cloud. (Jan. 23, 2023). Retrieved Jan. 23, 2023 from https:\/\/cloud.yandex.com\/en\/docs\/vpc\/concepts\/ips."},{"key":"e_1_3_2_1_114_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICATE.2016.7754665"}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Padua Italy","acronym":"RAID '24"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678899","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678899","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678899"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":114,"alternative-id":["10.1145\/3678890.3678899","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678899","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}