{"id":"https://openalex.org/W2983028905","doi":"https://doi.org/10.1145/3319535.3354240","title":"Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps","display_name":"Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps","publication_year":2019,"publication_date":"2019-11-06","ids":{"openalex":"https://openalex.org/W2983028905","doi":"https://doi.org/10.1145/3319535.3354240","mag":"2983028905"},"language":"en","primary_location":{"id":"doi:10.1145/3319535.3354240","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3354240","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3354240","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3354240","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100551485","display_name":"Chaoshun Zuo","orcid":null},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Chaoshun Zuo","raw_affiliation_strings":["Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008433466","display_name":"Haohuang Wen","orcid":"https://orcid.org/0000-0002-2753-0250"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haohuang Wen","raw_affiliation_strings":["Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026864098","display_name":"Zhiqiang Lin","orcid":"https://orcid.org/0000-0001-6527-5994"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhiqiang Lin","raw_affiliation_strings":["Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070946957","display_name":"Yinqian Zhang","orcid":"https://orcid.org/0000-0002-7585-1075"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yinqian Zhang","raw_affiliation_strings":["Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100551485"],"corresponding_institution_ids":["https://openalex.org/I52357470"],"apc_list":null,"apc_paid":null,"fwci":7.1796,"has_fulltext":true,"cited_by_count":68,"citation_normalized_percentile":{"value":0.97833232,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1469","last_page":"1483"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12801","display_name":"Bluetooth and Wireless Communication Technologies","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7874457240104675},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.6288010478019714},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5917174816131592},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5163429975509644},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5075570344924927},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.48586317896842957},{"id":"https://openalex.org/keywords/bluetooth","display_name":"Bluetooth","score":0.4802968204021454},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.4773947596549988},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4273253083229065},{"id":"https://openalex.org/keywords/default-gateway","display_name":"Default gateway","score":0.41392984986305237},{"id":"https://openalex.org/keywords/wireless","display_name":"Wireless","score":0.3709922134876251},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1890188455581665},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.18456605076789856}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7874457240104675},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.6288010478019714},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5917174816131592},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5163429975509644},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5075570344924927},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.48586317896842957},{"id":"https://openalex.org/C546215728","wikidata":"https://www.wikidata.org/wiki/Q39531","display_name":"Bluetooth","level":3,"score":0.4802968204021454},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.4773947596549988},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4273253083229065},{"id":"https://openalex.org/C187713609","wikidata":"https://www.wikidata.org/wiki/Q2465461","display_name":"Default gateway","level":2,"score":0.41392984986305237},{"id":"https://openalex.org/C555944384","wikidata":"https://www.wikidata.org/wiki/Q249","display_name":"Wireless","level":2,"score":0.3709922134876251},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1890188455581665},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.18456605076789856}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3319535.3354240","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3354240","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3354240","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3319535.3354240","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3354240","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3354240","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4025480908","display_name":"SDI-CSCS: Collaborative Research: S2OS Enabling Infrastructure-Wide Programmable Security with SDI","funder_award_id":"1834216","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6699940893","display_name":"CAREER: A Dual-VM Binary Code Reuse Based Framework for Automated Virtual Machine Introspection","funder_award_id":"1834215","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G746997477","display_name":null,"funder_award_id":"1718084,1750809,1834215,1834216","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2983028905.pdf","grobid_xml":"https://content.openalex.org/works/W2983028905.grobid-xml"},"referenced_works_count":35,"referenced_works":["https://openalex.org/W58703277","https://openalex.org/W1582456956","https://openalex.org/W1593203335","https://openalex.org/W2027538101","https://openalex.org/W2064355504","https://openalex.org/W2115062372","https://openalex.org/W2166743230","https://openalex.org/W2274307588","https://openalex.org/W2290987989","https://openalex.org/W2408302068","https://openalex.org/W2467636675","https://openalex.org/W2471502520","https://openalex.org/W2474516640","https://openalex.org/W2508433864","https://openalex.org/W2540974634","https://openalex.org/W2575029217","https://openalex.org/W2604900212","https://openalex.org/W2614329954","https://openalex.org/W2751531621","https://openalex.org/W2760047100","https://openalex.org/W2766106797","https://openalex.org/W2771982916","https://openalex.org/W2774305472","https://openalex.org/W2786031714","https://openalex.org/W2787330523","https://openalex.org/W2791018263","https://openalex.org/W2791080348","https://openalex.org/W2794648377","https://openalex.org/W2794718534","https://openalex.org/W2913256667","https://openalex.org/W2929275958","https://openalex.org/W2965642204","https://openalex.org/W2967554252","https://openalex.org/W2967994413","https://openalex.org/W4244726870"],"related_works":["https://openalex.org/W4220926637","https://openalex.org/W2362681120","https://openalex.org/W2376320007","https://openalex.org/W4376643979","https://openalex.org/W2322402661","https://openalex.org/W2389079374","https://openalex.org/W2372429262","https://openalex.org/W2903653170","https://openalex.org/W2722482855","https://openalex.org/W1890954422"],"abstract_inverted_index":{"Being":[0],"an":[1,26,116,176,219],"easy-to-deploy":[2],"and":[3,77,81,99,109,207,226,263,277,295],"cost-effective":[4],"low":[5],"power":[6],"wireless":[7],"solution,":[8],"Bluetooth":[9,303],"Low":[10],"Energy":[11],"(BLE)":[12],"has":[13,243],"been":[14],"widely":[15],"used":[16],"by":[17,189,196,275],"Internet-of-Things":[18],"(IoT)":[19],"devices.":[20],"In":[21],"a":[22,42,50,52,67,92,106,121,254,258],"typical":[23],"IoT":[24,27,137,204,213,235],"scenario,":[25],"device":[28,53,108,123,205],"first":[29,54],"needs":[30],"to":[31,60,72,118,145,282,290,301],"be":[32,163,193],"connected":[33,188],"with":[34,58,79,124,148,229],"its":[35,45,110],"companion":[36,68,111],"mobile":[37,112,167,221,247],"app":[38,69,222,293],"which":[39,114,184],"serves":[40],"as":[41],"gateway":[43],"for":[44],"Internet":[46],"access.":[47,284],"To":[48,198],"establish":[49],"connection,":[51],"broadcasts":[55],"advertisement":[56],"packets":[57],"UUIDs":[59,126],"nearby":[61],"smartphone":[62],"apps.":[63,129,168],"Leveraging":[64],"these":[65,149,190,210],"UUIDs,":[66],"is":[70,91,153,175],"able":[71],"identify":[73,172],"the":[74,96,102,128,186,200,232,291,298,302],"device,":[75],"pairs":[76],"bonds":[78],"it,":[80],"allows":[82,115],"further":[83],"data":[84],"communication.":[85],"However,":[86],"we":[87,131,170,217],"show":[88],"that":[89,134,173],"there":[90,152,174],"fundamental":[93],"flaw":[94],"in":[95,237,249,257],"current":[97],"design":[98],"implementation":[100],"of":[101,179,203,231],"communication":[103],"protocols":[104],"between":[105],"BLE":[107,122,136,212,234,267],"app,":[113],"attacker":[117],"precisely":[119],"fingerprint":[120],"static":[125],"from":[127,166],"Meanwhile,":[130],"also":[132,162,171,208,252,296],"discover":[133],"many":[135],"devices":[138,150,187,214],"adopt":[139],"\"just":[140],"works\"":[141],"pairing,":[142],"allowing":[143],"attackers":[144],"actively":[146],"connect":[147],"if":[151],"no":[154],"app-level":[155,181],"authentication.":[156],"Even":[157],"worse,":[158],"this":[159],"vulnerability":[160],"can":[161,192],"directly":[164,194],"uncovered":[165],"Furthermore,":[169],"alarming":[177],"number":[178],"vulnerable":[180,211,246,281],"authentication":[182],"apps,":[183],"means":[185],"apps":[191,236,248],"controlled":[195],"attackers.":[197],"raise":[199],"public":[201],"awareness":[202],"fingerprinting":[206,299],"uncover":[209],"before":[215],"attackers,":[216,276],"develop":[218],"automated":[220],"analysis":[223],"tool":[224,242],"BLESCOPE":[225],"evaluate":[227],"it":[228],"all":[230],"free":[233],"Google":[238],"Play":[239],"store.":[240],"Our":[241],"identified":[244,264],"1,757":[245],"total.":[250],"We":[251,285],"performed":[253],"field":[255],"test":[256],"1.28":[259],"square":[260],"miles":[261],"region,":[262],"5,822":[265],"real":[266],"devices,":[268],"among":[269],"them":[270],"5,509":[271],"(94.6%)":[272],"are":[273,280],"fingerprintable":[274],"431":[278],"(7.4%)":[279],"unauthorized":[283],"have":[286],"made":[287],"responsible":[288],"disclosures":[289],"corresponding":[292],"developers,":[294],"reported":[297],"issues":[300],"Special":[304],"Interest":[305],"Group.":[306]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":12},{"year":2021,"cited_by_count":18},{"year":2020,"cited_by_count":13}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}