{"id":"https://openalex.org/W4308408710","doi":"https://doi.org/10.1145/3548606.3560640","title":"Understanding IoT Security from a Market-Scale Perspective","display_name":"Understanding IoT Security from a Market-Scale Perspective","publication_year":2022,"publication_date":"2022-11-07","ids":{"openalex":"https://openalex.org/W4308408710","doi":"https://doi.org/10.1145/3548606.3560640"},"language":"en","primary_location":{"id":"doi:10.1145/3548606.3560640","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3548606.3560640","pdf_url":null,"source":{"id":"https://openalex.org/S4363608815","display_name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100641343","display_name":"Xin Jin","orcid":"https://orcid.org/0000-0001-6525-2821"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xin Jin","raw_affiliation_strings":["The Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"The Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001757372","display_name":"Sunil Manandhar","orcid":"https://orcid.org/0000-0003-3187-0044"},"institutions":[{"id":"https://openalex.org/I4210114115","display_name":"IBM Research - Thomas J. Watson Research Center","ror":"https://ror.org/0265w5591","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sunil Manandhar","raw_affiliation_strings":["IBM T.J. Watson Research Center, Yorktown Heights, NY, USA"],"affiliations":[{"raw_affiliation_string":"IBM T.J. Watson Research Center, Yorktown Heights, NY, USA","institution_ids":["https://openalex.org/I4210114115"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060999480","display_name":"Kaushal Kafle","orcid":"https://orcid.org/0000-0003-1917-7677"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kaushal Kafle","raw_affiliation_strings":["William & Mary, Williamsburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"William & Mary, Williamsburg, VA, USA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026864098","display_name":"Zhiqiang Lin","orcid":"https://orcid.org/0000-0001-6527-5994"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhiqiang Lin","raw_affiliation_strings":["The Ohio State University, Columbus, OH, USA"],"affiliations":[{"raw_affiliation_string":"The Ohio State University, Columbus, OH, USA","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5061764764","display_name":"Adwait Nadkarni","orcid":"https://orcid.org/0000-0001-6866-4565"},"institutions":[{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]},{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adwait Nadkarni","raw_affiliation_strings":["William & Mary, Williamsburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"William & Mary, Williamsburg, VA, USA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100641343"],"corresponding_institution_ids":["https://openalex.org/I52357470"],"apc_list":null,"apc_paid":null,"fwci":3.6868,"has_fulltext":false,"cited_by_count":30,"citation_normalized_percentile":{"value":0.95165877,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1615","last_page":"1629"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.696212887763977},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6076797246932983},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.5508565306663513},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.5135260224342346},{"id":"https://openalex.org/keywords/snapshot","display_name":"Snapshot (computer storage)","score":0.4694133698940277},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4504120349884033},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.4475722908973694},{"id":"https://openalex.org/keywords/mobile-computing","display_name":"Mobile computing","score":0.425545334815979},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4132267236709595},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.39744043350219727},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3926522433757782},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.1614757776260376}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.696212887763977},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6076797246932983},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.5508565306663513},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.5135260224342346},{"id":"https://openalex.org/C55282118","wikidata":"https://www.wikidata.org/wiki/Q252683","display_name":"Snapshot (computer storage)","level":2,"score":0.4694133698940277},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4504120349884033},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.4475722908973694},{"id":"https://openalex.org/C144543869","wikidata":"https://www.wikidata.org/wiki/Q2738570","display_name":"Mobile computing","level":2,"score":0.425545334815979},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4132267236709595},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.39744043350219727},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3926522433757782},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.1614757776260376},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3548606.3560640","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3548606.3560640","pdf_url":null,"source":{"id":"https://openalex.org/S4363608815","display_name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G360297436","display_name":null,"funder_award_id":"NSF-CNS-2112471,NSF-CNS-2132281","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W2061922307","https://openalex.org/W2074236388","https://openalex.org/W2103370348","https://openalex.org/W2190207511","https://openalex.org/W2400269587","https://openalex.org/W2508433864","https://openalex.org/W2531566199","https://openalex.org/W2532717356","https://openalex.org/W2604900212","https://openalex.org/W2613352518","https://openalex.org/W2765982206","https://openalex.org/W2767943400","https://openalex.org/W2791018263","https://openalex.org/W2803355841","https://openalex.org/W2890559797","https://openalex.org/W2912998789","https://openalex.org/W2947175569","https://openalex.org/W2955270935","https://openalex.org/W2964378348","https://openalex.org/W2967994413","https://openalex.org/W2968383486","https://openalex.org/W2969759835","https://openalex.org/W2983028905","https://openalex.org/W3008212203","https://openalex.org/W3042771014","https://openalex.org/W3047139163","https://openalex.org/W3107210824","https://openalex.org/W4206245961","https://openalex.org/W4241491750","https://openalex.org/W6636893590","https://openalex.org/W6756440150"],"related_works":["https://openalex.org/W2542847180","https://openalex.org/W3034994054","https://openalex.org/W2048100608","https://openalex.org/W2090296580","https://openalex.org/W2156824869","https://openalex.org/W2098819407","https://openalex.org/W4243905374","https://openalex.org/W1576249345","https://openalex.org/W1796074903","https://openalex.org/W4254967497"],"abstract_inverted_index":{"Consumer":[0],"IoT":[1,13,22,66,84,207],"products":[2,23],"and":[3,111,171,177,209],"services":[4],"are":[5,24,58],"ubiquitous;":[6],"yet,":[7],"a":[8,30,48,188],"proper":[9],"characterization":[10],"of":[11,20,51,79,106,143,200,214],"consumer":[12],"security":[14,78,128,135,216],"is":[15,181],"infeasible":[16],"without":[17,29],"an":[18],"understanding":[19],"what":[21],"on":[25,205],"the":[26,42,77,83,103,117,140,184,197,201,212],"market,":[27],"i.e.,":[28,54],"market-scale":[31,49],"perspective.":[32],"This":[33],"paper":[34],"seeks":[35],"to":[36,65,75,124,132,219],"close":[37],"this":[38,80,122],"gap":[39],"by":[40,89,167,173,183],"developing":[41],"IoTSpotter":[43,68],"framework,":[44],"which":[45],"automatically":[46],"constructs":[47],"snapshot":[50,81],"mobile-IoT":[52,98,107,144,155,194],"apps,":[53,90,176],"mobile":[55,215],"apps":[56,99,108,156,179,195],"that":[57,72,130,138,180],"used":[59,172],"as":[60],"companions":[61],"or":[62],"automation":[63],"providers":[64],"devices.":[67],"also":[69],"extracts":[70],"artifacts":[71,208],"allow":[73],"us":[74],"examine":[76],"in":[82,116,152,203],"context":[85],"(e.g.,":[86],"devices":[87],"supported":[88],"IoT-specific":[91,164],"libraries).":[92],"Using":[93],"IoTSpotter,":[94],"we":[95],"identify":[96],"37,783":[97],"from":[100],"Google":[101],"Play,":[102],"largest":[104],"set":[105],"so":[109],"far,":[110],"uncover":[112],"7":[113],"key":[114,127],"results":[115],"process":[118],"(\u211b1-\u211b7).":[119],"We":[120],"leverage":[121],"dataset":[123],"perform":[125],"three":[126],"analyses":[129],"lead":[131],"10":[133],"impactful":[134],"findings":[136],"(F1-F10)":[137],"demonstrate":[139],"current":[141],"state":[142],"apps.":[145],"Our":[146],"analysis":[147,217],"uncovers":[148,196],"severe":[149],"cryptographic":[150],"violations":[151],"94.11%":[153],"(863/917)":[154],"with":[157,191],">1":[158],"million":[159],"installs":[160],"each,":[161],"65":[162],"vulnerable":[163],"libraries":[165],"affected":[166,182],"79":[168],"unique":[169],"CVEs,":[170],"40":[174],"popular":[175,193],"7,887":[178],"Janus":[185],"vulnerability.":[186],"Finally,":[187],"case":[189],"study":[190],"18":[192],"critical":[198],"impact":[199],"vulnerabilities":[202],"them":[204],"important":[206],"functions,":[210],"motivating":[211],"development":[213],"contextualized":[218],"IoT.":[220]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":16},{"year":2023,"cited_by_count":6}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}