{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:14:57Z","timestamp":1766441697521,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T00:00:00Z","timestamp":1763769600000},"content-version":"vor","delay-in-days":3,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2204785, CNS-2205868, 2409212, IIS-2014552, DGE-1565570"],"award-info":[{"award-number":["CNS-2204785, CNS-2205868, 2409212, IIS-2014552, DGE-1565570"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"The Ripple University Blockchain Research Initiative"},{"name":"University of North Carolina System Research Opportunities Initiative"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3744847","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:32:38Z","timestamp":1763854358000},"page":"1649-1663","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Discovering and Exploiting IoT Device Hidden Attributes: A New Vulnerability in Smart Homes"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-2072-3005","authenticated-orcid":false,"given":"Xuening","family":"Xu","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Stevens Institute of Technology, Hoboken, NJ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6555-9858","authenticated-orcid":false,"given":"Chenglong","family":"Fu","sequence":"additional","affiliation":[{"name":"Department of Software and Information Systems, The University of North Carolina at Charlotte, Charlotte, NC, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4235-9671","authenticated-orcid":false,"given":"Xiaojiang","family":"Du","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Stevens Institute of Technology, Hoboken, NJ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8196-2436","authenticated-orcid":false,"given":"Bo","family":"Luo","sequence":"additional","affiliation":[{"name":"EECS\/I2S, The University of Kansas, Lawrence, KS, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2023. achingbrain-ssdp. https:\/\/github.com\/achingbrain\/ssdp. (Accessed on 01\/24\/2024)."},{"key":"e_1_3_2_1_2_1","unstructured":"2023. Addressing. https:\/\/www.digi.com\/resources\/documentation\/Digidocs\/90002002\/Concepts\/c_zb_addressing.htm. (Accessed on 02\/03\/2023)."},{"key":"e_1_3_2_1_3_1","unstructured":"2023. Beyond Security - ZigBee. https:\/\/www.beyondsecurity.com\/dynamicfuzzing-testing-zigbee?cn-reloaded=1. (Accessed on 02\/06\/2023)."},{"key":"e_1_3_2_1_4_1","unstructured":"2023. codingjoe-ssdp. https:\/\/github.com\/codingjoe\/ssdp. (Accessed on 01\/24\/2024)."},{"key":"e_1_3_2_1_5_1","unstructured":"2023. Frient Smart Siren. https:\/\/frient.com\/products\/smart-siren\/. (Accessed on 10\/15\/2023)."},{"key":"e_1_3_2_1_6_1","unstructured":"2023. Kwikset 914 Smart Lock. https:\/\/www.amazon.com\/Kwikset-SmartCode-Electronic-Featuring-Technology\/dp\/B08XNYSNT7?th=1. (Accessed on 10\/15\/2023)."},{"key":"e_1_3_2_1_7_1","unstructured":"2023. Manufacturer-specific attribute. https:\/\/github.com\/Koenkk\/zigbeeherdsmanconverters\/blob\/master\/devices\/philips.js#L1919. (Accessed on 01\/26\/2023)."},{"key":"e_1_3_2_1_8_1","unstructured":"2023. New SmartThings Advanced Web App. https:\/\/my.smartthings.com\/. (Accessed on 01\/05\/2024)."},{"key":"e_1_3_2_1_9_1","unstructured":"2023. PAN ID. https:\/\/www.digi.com\/resources\/documentation\/Digidocs\/90002002\/Concepts\/c_zb_pan_id.htm. (Accessed on 02\/03\/2023)."},{"key":"e_1_3_2_1_10_1","unstructured":"2023. Philips Hue Motion Sensor. (Accessed on 10\/15\/2023)."},{"key":"e_1_3_2_1_11_1","unstructured":"2023. SmartThings Arrival Sensor. https:\/\/www.amazon.com\/Samsung-SmartThings-F-ARR-US-2-Arrival-Sensor\/dp\/B00GM7V8I8. (Accessed on 10\/15\/2023)."},{"key":"e_1_3_2_1_12_1","unstructured":"2023. SmartThings Developers - Automation View. https:\/\/developer.smartthings.com\/docs\/devices\/capabilities\/capability-presentations#automation-view. (Accessed on 01\/04\/2024)."},{"key":"e_1_3_2_1_13_1","unstructured":"2023. SmartThings Developers - Capabilities. https:\/\/developer.smartthings.com\/docs\/devices\/capabilities\/. (Accessed on 01\/03\/2024)."},{"key":"e_1_3_2_1_14_1","unstructured":"2023. SmartThings Developers - Presentations. https:\/\/developer.smartthings.com\/docs\/devices\/configurations-and-presentations\/device-presentations. (Accessed on 01\/03\/2024)."},{"key":"e_1_3_2_1_15_1","unstructured":"2023. SmartThings Motion Sensor. . (Accessed on 10\/15\/2023)."},{"key":"e_1_3_2_1_16_1","unstructured":"2023. SmartThings Multipurpose Sensor. https:\/\/www.amazon.com\/Samsung-SmartThings-Multipurpose-Sensor-GP-U999SJVLAAA\/dp\/B07F956F3B?th=1. (Accessed on 10\/15\/2023)."},{"key":"e_1_3_2_1_17_1","unstructured":"2023. sonoff Zigbee 3.0 dongle. https:\/\/sonoff.tech\/product\/gateway-andsensors\/sonoff-zigbee-3-0-usb-dongle-plus-p\/. (Accessed on 01\/26\/2023)."},{"key":"e_1_3_2_1_18_1","unstructured":"2023. Sonos One Gen2 Speaker. https:\/\/www.bestbuy.com\/site\/sonos-one-gen-2-smart-speaker-with-voice-control-built-in-black\/6333557.p'skuId=6333557. (Accessed on 01\/18\/2024)."},{"key":"e_1_3_2_1_19_1","unstructured":"2023. Wemo Mini Smart Plug. https:\/\/www.amazon.com\/Smart-Enabled-Google-Assistant-HomeKit\/dp\/B01NBI0A6R?th=1. (Accessed on 01\/18\/2024)."},{"key":"e_1_3_2_1_20_1","unstructured":"2023. YaleAssure Lock with Zigbee. https:\/\/www.amazon.com\/Yale-Touchscreen-Deadbolt-YRD226HA2619-SmartThings\/dp\/B072LF66YX\/ref=sr_1_2?crid=116YIX7V71LRC&keywords=YRD226-HA2--619&qid=1697385837&s=hi&sprefix=yrd226-ha2--619%2Ctools%2C75&sr=1--2&th=1. (Accessed on 10\/15\/2023)."},{"key":"e_1_3_2_1_21_1","unstructured":"2023. Z-Wave. https:\/\/www.z-wave.com\/. (Accessed on 10\/17\/2023)."},{"key":"e_1_3_2_1_22_1","unstructured":"2023. Z-Wave JS. https:\/\/github.com\/zwave-js. (Accessed on 01\/21\/2024)."},{"key":"e_1_3_2_1_23_1","unstructured":"2023. ZIGBEE SECURITY: BASICS. https:\/\/research.kudelskisecurity.com\/2017\/11\/08\/zigbee-security-basics-part2\/#: :text=A%20default%20global%20trust%20center at%20the%20time%20of%20joining. (Accessed on 02\/06\/2023)."},{"key":"e_1_3_2_1_24_1","unstructured":"2024. Official Yale Lock Document. https:\/\/www.homecontrols.com\/homecontr ols\/products\/pdfs\/YA-Yale\/YAYRD256HA2x-User-Manual.pdf. (Accessed on 03\/12\/2024)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395351.3399363"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS53000.2021.9705043"},{"key":"e_1_3_2_1_27_1","unstructured":"Zigbee Alliance. 2023. Zigbee Cluster Library. https:\/\/zigbeealliance.org\/wpcontent\/uploads\/2021\/10\/07--5123-08-Zigbee-Cluster-Library.pdf. (Accessed on 01\/05\/2023)."},{"key":"e_1_3_2_1_28_1","unstructured":"Apple. 2025. Characteristic types. https:\/\/developer.apple.com\/documentation\/homekit\/characteristic-types. (Accessed on 04\/03\/2025)."},{"key":"e_1_3_2_1_29_1","unstructured":"Ed Bott. 2024. The future may be passwordless but it's not here yet. https:\/\/www.zdnet.com\/article\/the-future-may-be-passwordless-but-its-not-here-yet\/. (Accessed on 01\/25\/2024)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2016.2516102"},{"key":"e_1_3_2_1_31_1","unstructured":"John Carlsen. 2023. Outfitting Your Smart Home: Zigbee Devices. https:\/\/www.safewise.com\/zigbee-devices\/#: :text=What%20is%20the%20range%20of of%20250%E2%80%93325%20feet%20indoors.&text=Without%20obstructions%2C%20Zigbee%20frequencies%20can by%20using%20a%20signal%20repeater. (Accessed on 10\/17\/2023)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833620"},{"key":"e_1_3_2_1_33_1","unstructured":"davidgyoung. 2021. Stackoverflow - Where to find Service Data UUIDs? https:\/\/stackoverflow.com\/a\/57718856\/16852539. (Accessed on 04\/04\/2025)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/LCNW.2015.7365922"},{"key":"e_1_3_2_1_36_1","unstructured":"Google. 2025. Smart Home Device Traits. https:\/\/developers.home.google.com\/cloud-to-cloud\/traits. (Accessed on 04\/03\/2025)."},{"key":"e_1_3_2_1_37_1","unstructured":"Tatum Hunter. 2021. Buggy software in off-brand smart home devices is a hacker's playground. https:\/\/www.washingtonpost.com\/technology\/2021\/11\/18\/smarthome-security\/. (Accessed on 01\/25\/2024)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484592"},{"key":"e_1_3_2_1_39_1","unstructured":"Kevin Jones. 2018. Unpatched Home Routers and IoT Devices A TragedyWaiting To Happen. https:\/\/www.hackercombat.com\/unpatched-home-routers-and-iotdevices- a-tragedy-waiting-to-happen\/. (Accessed on 01\/25\/2024)."},{"key":"e_1_3_2_1_40_1","unstructured":"Koenkk. [n. d.]. Zigbee2MQTT. https:\/\/www.zigbee2mqtt.io\/. (Accessed on 01\/05\/2023)."},{"key":"e_1_3_2_1_41_1","unstructured":"Joo Kyung-don. 2020. Over 110 mln people have downloaded Samsung's IoT app: exec. https:\/\/en.yna.co.kr\/view\/AEN20200108006700320."},{"key":"e_1_3_2_1_42_1","unstructured":"Silicon Labs. 2021. Zigbee 3.0 Device Interoperability with Legacy ZigBee Devices. https:\/\/community.silabs.com\/s\/article\/zigbee-3-0-device-interoperabilitywith-legacy-zigbee-devices?language=en_US. (Accessed on 04\/12\/2024)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3384217.3385617"},{"key":"e_1_3_2_1_44_1","volume-title":"Alexa Statistics: Market Report & Data. https:\/\/gitnux.org\/alexa-statistics\/. (Accessed on 04\/12\/2024).","author":"Lindner Jannik","year":"2023","unstructured":"Jannik Lindner. 2023. Alexa Statistics: Market Report & Data. https:\/\/gitnux.org\/alexa-statistics\/. (Accessed on 04\/12\/2024)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179282"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363248"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098243.3098254"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SMARTCOMP52413.2021.00055"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3448300.3468296"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.14"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-09234-3_6"},{"key":"e_1_3_2_1_52_1","unstructured":"SmartThings. 2024. SmartThings APIs. https:\/\/developer.smartthings.com\/docs\/api\/public. (Accessed on 08\/31\/2024)."},{"key":"e_1_3_2_1_53_1","unstructured":"SmartThings. 2024. SmartThings Edge Driver. https:\/\/developer.smartthings.com\/docs\/devices\/hub-connected\/get-started. (Accessed on 08\/31\/2024)."},{"key":"e_1_3_2_1_54_1","volume-title":"Remotely exploiting at command attacks on zigbee networks. Security and Communication Networks 2017","author":"Vaccari Ivan","year":"2017","unstructured":"Ivan Vaccari, Enrico Cambiaso, and Maurizio Aiello. 2017. Remotely exploiting at command attacks on zigbee networks. Security and Communication Networks 2017 (2017)."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3545948.3545953"},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 133--143","author":"Cicala Fabrizio","year":"2020","unstructured":"WeichengWang, Fabrizio Cicala, Syed Rafiul Hussain, Elisa Bertino, and Ninghui Li. 2020. Analyzing the attack landscape of Zigbee-enabled IoT systems and reinstating users' privacy. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 133--143."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560703"},{"volume-title":"Zigbee Range: You Must Know The Truth. https:\/\/reolink.com\/blog\/zigbee-range\/#: :text=Indoors%2C%20ZigBee%20typically%20manages%20multiple,reach%20to%20about%20300%20meters. (Accessed on 10\/17\/2023).","year":"2023","key":"e_1_3_2_1_58_1","unstructured":"Yucy. 2023. Zigbee Range: You Must Know The Truth. https:\/\/reolink.com\/blog\/zigbee-range\/#: :text=Indoors%2C%20ZigBee%20typically%20manages%20multiple,reach%20to%20about%20300%20meters. (Accessed on 10\/17\/2023)."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3744847","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3744847","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:09:34Z","timestamp":1766441374000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3744847"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":58,"alternative-id":["10.1145\/3719027.3744847","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3744847","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}