{"id":"https://openalex.org/W4404520498","doi":"https://doi.org/10.1109/jiot.2024.3502405","title":"Exposed by Default: A Security Analysis of Home Router Default Settings and Beyond","display_name":"Exposed by Default: A Security Analysis of Home Router Default Settings and Beyond","publication_year":2024,"publication_date":"2024-11-19","ids":{"openalex":"https://openalex.org/W4404520498","doi":"https://doi.org/10.1109/jiot.2024.3502405"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2024.3502405","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2024.3502405","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://research.vu.nl/en/publications/b97b4fca-20a9-4251-bbea-a41ee792caee","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102705057","display_name":"Junjian Ye","orcid":"https://orcid.org/0009-0007-0923-9658"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Junjian Ye","raw_affiliation_strings":["School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025487194","display_name":"Xavier de Carn\u00e9 de Carnavalet","orcid":"https://orcid.org/0000-0003-2664-3963"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Xavier de Carn\u00e9 de Carnavalet","raw_affiliation_strings":["Department of Computing, The Hong Kong Polytechnic University, Hong Kong, SAR, China","Department of Computing, The Hong Kong Polytechnic University, Hong Kong, China"],"affiliations":[{"raw_affiliation_string":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong, SAR, China","institution_ids":["https://openalex.org/I14243506"]},{"raw_affiliation_string":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075517496","display_name":"Lianying Zhao","orcid":"https://orcid.org/0000-0002-6376-4062"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Lianying Zhao","raw_affiliation_strings":["School of Computer Science, Carleton University, Ottawa, ON, Canada","School of Computer Science, Carleton University, Ottawa, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Carleton University, Ottawa, ON, Canada","institution_ids":["https://openalex.org/I67031392"]},{"raw_affiliation_string":"School of Computer Science, Carleton University, Ottawa, Canada","institution_ids":["https://openalex.org/I67031392"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023224430","display_name":"Mengyuan Zhang","orcid":"https://orcid.org/0000-0001-7457-5198"},"institutions":[{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Mengyuan Zhang","raw_affiliation_strings":["Computer Systems, Vrije Universiteit Amsterdam, Amsterdam, The Netherlands","Computer Systems, Vrije Universiteit Amsterdam, Amsterdam, Netherlands"],"affiliations":[{"raw_affiliation_string":"Computer Systems, Vrije Universiteit Amsterdam, Amsterdam, The Netherlands","institution_ids":["https://openalex.org/I865915315"]},{"raw_affiliation_string":"Computer Systems, Vrije Universiteit Amsterdam, Amsterdam, Netherlands","institution_ids":["https://openalex.org/I865915315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023896344","display_name":"Lifa Wu","orcid":"https://orcid.org/0000-0001-5457-1923"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lifa Wu","raw_affiliation_strings":["School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084565580","display_name":"Wei Zhang","orcid":"https://orcid.org/0000-0002-1658-0236"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]},{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CA","CN"],"is_corresponding":false,"raw_author_name":"Wei Zhang","raw_affiliation_strings":["School of Computer Science, Carleton University, Ottawa, ON, Canada","School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Carleton University, Ottawa, ON, Canada","institution_ids":["https://openalex.org/I67031392"]},{"raw_affiliation_string":"School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5102705057"],"corresponding_institution_ids":["https://openalex.org/I41198531"],"apc_list":null,"apc_paid":null,"fwci":0.221,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.55295452,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"12","issue":"2","first_page":"1182","last_page":"1199"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.9060999751091003,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.9060999751091003,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7415433526039124},{"id":"https://openalex.org/keywords/router","display_name":"Router","score":0.5979930758476257},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5574768781661987},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.5253029465675354},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41756972670555115}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7415433526039124},{"id":"https://openalex.org/C2775896111","wikidata":"https://www.wikidata.org/wiki/Q642560","display_name":"Router","level":2,"score":0.5979930758476257},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5574768781661987},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.5253029465675354},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41756972670555115}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/jiot.2024.3502405","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2024.3502405","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},{"id":"pmh:oai:research.vu.nl:openaire/b97b4fca-20a9-4251-bbea-a41ee792caee","is_oa":true,"landing_page_url":"https://research.vu.nl/en/publications/b97b4fca-20a9-4251-bbea-a41ee792caee","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Ye, J, De Carne De Carnavalet, X, Zhao, L, Zhang, M, Wu, L & Zhang, W 2025, 'Exposed by Default : A Security Analysis of Home Router Default Settings and Beyond', IEEE Internet of Things Journal, vol. 12, no. 2, pp. 1182-1199. https://doi.org/10.1109/JIOT.2024.3502405","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:research.vu.nl:publications/b97b4fca-20a9-4251-bbea-a41ee792caee","is_oa":true,"landing_page_url":"https://hdl.handle.net/1871.1/b97b4fca-20a9-4251-bbea-a41ee792caee","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Ye, J, De Carne De Carnavalet, X, Zhao, L, Zhang, M, Wu, L & Zhang, W 2025, 'Exposed by Default : A Security Analysis of Home Router Default Settings and Beyond', IEEE Internet of Things Journal, vol. 12, no. 2, pp. 1182-1199. https://doi.org/10.1109/JIOT.2024.3502405","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:research.vu.nl:openaire/b97b4fca-20a9-4251-bbea-a41ee792caee","is_oa":true,"landing_page_url":"https://research.vu.nl/en/publications/b97b4fca-20a9-4251-bbea-a41ee792caee","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Ye, J, De Carne De Carnavalet, X, Zhao, L, Zhang, M, Wu, L & Zhang, W 2025, 'Exposed by Default : A Security Analysis of Home Router Default Settings and Beyond', IEEE Internet of Things Journal, vol. 12, no. 2, pp. 1182-1199. https://doi.org/10.1109/JIOT.2024.3502405","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G8776636448","display_name":null,"funder_award_id":"2019YFB2101704","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W1556597491","https://openalex.org/W1839333977","https://openalex.org/W2029693536","https://openalex.org/W2030346994","https://openalex.org/W2066785512","https://openalex.org/W2072234079","https://openalex.org/W2091939272","https://openalex.org/W2123070675","https://openalex.org/W2129586531","https://openalex.org/W2139985879","https://openalex.org/W2767098552","https://openalex.org/W2782926283","https://openalex.org/W2811289723","https://openalex.org/W2891921089","https://openalex.org/W2892310063","https://openalex.org/W2929305171","https://openalex.org/W2966979469","https://openalex.org/W2974058390","https://openalex.org/W2989837574","https://openalex.org/W3102768552","https://openalex.org/W3111743984","https://openalex.org/W3175239812","https://openalex.org/W3206818901","https://openalex.org/W4225086694","https://openalex.org/W4244531994","https://openalex.org/W4385187299","https://openalex.org/W4388755575","https://openalex.org/W4400121504","https://openalex.org/W4401508204","https://openalex.org/W4402957840","https://openalex.org/W6638718924","https://openalex.org/W6678042037","https://openalex.org/W6767139982","https://openalex.org/W6768774651","https://openalex.org/W6776510913","https://openalex.org/W6782670649","https://openalex.org/W6841999922"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2122026593","https://openalex.org/W2582203024","https://openalex.org/W1588358165","https://openalex.org/W4237683758","https://openalex.org/W2370711413","https://openalex.org/W2052038519","https://openalex.org/W2375932043"],"abstract_inverted_index":{"With":[0],"the":[1,4,12,20,35,86,91,112,127,134,153,167],"popularity":[2],"of":[3,14,22,63,76,83,93,126,136,172],"Internet,":[5],"home":[6,15,26,67],"routers":[7,27,68,128],"have":[8],"become":[9],"crucial":[10],"for":[11,151,169],"security":[13,45,77,135,163],"networks.":[16],"However,":[17],"according":[18],"to":[19,34,43,165],"results":[21],"our":[23,158],"user":[24,44],"survey,":[25],"are":[28],"often":[29],"deployed":[30],"with":[31,121],"minimal":[32],"changes":[33],"factory":[36],"default":[37,173],"settings,":[38],"which":[39,80],"may":[40],"pose":[41],"risks":[42],"and":[46,58,117,141,156,175],"privacy.":[47],"To":[48,89],"systematically":[49],"evaluate":[50],"potential":[51],"risks,":[52],"we":[53,103,129,132,147],"designed":[54],"a":[55,60,74,105],"threat-model-based":[56],"framework":[57,155],"conducted":[59],"comprehensive":[61],"analysis":[62,154],"40":[64],"commercial":[65],"off-the-shelf":[66],"from":[69],"14":[70],"brands.":[71],"We":[72],"found":[73,142],"variety":[75],"issues,":[78],"among":[79],"incorrect":[81],"implementation":[82],"TLS":[84,96],"is":[85],"most":[87],"common.":[88],"improve":[90],"efficiency":[92],"manually":[94],"detecting":[95,162],"certificate":[97],"validation":[98],"vulnerabilities":[99],"without":[100],"real":[101],"routers,":[102],"proposed":[104,148],"heuristic":[106],"method":[107],"that":[108],"can":[109],"narrow":[110],"down":[111],"search":[113],"scope":[114],"in":[115],"firmware":[116,124],"proved":[118],"its":[119],"effectiveness":[120],"30":[122],"available":[123],"images":[125],"purchased.":[130],"Moreover,":[131],"evaluated":[133],"custom":[137],"remote":[138],"management":[139],"protocols":[140],"several":[143,149],"cryptographic":[144],"misuses.":[145],"Finally,":[146],"recommendations":[150],"extending":[152],"discussed":[157],"ideas":[159],"about":[160],"automatically":[161],"issues":[164],"highlight":[166],"need":[168],"heightened":[170],"scrutiny":[171],"settings":[174],"inspire":[176],"other":[177],"researchers.":[178]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-05T09:29:38.588285","created_date":"2025-10-10T00:00:00"}