{"id":"https://openalex.org/W4400121504","doi":"https://doi.org/10.1145/3634737.3637671","title":"Exposed by Default: A Security Analysis of Home Router Default Settings","display_name":"Exposed by Default: A Security Analysis of Home Router Default Settings","publication_year":2024,"publication_date":"2024-06-28","ids":{"openalex":"https://openalex.org/W4400121504","doi":"https://doi.org/10.1145/3634737.3637671"},"language":"en","primary_location":{"id":"doi:10.1145/3634737.3637671","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3634737.3637671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://research.vu.nl/en/publications/4b6e3230-3e3f-4725-b168-c57a849518d7","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102705057","display_name":"Junjian Ye","orcid":"https://orcid.org/0009-0007-0923-9658"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Junjian Ye","raw_affiliation_strings":["Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025487194","display_name":"Xavier de Carn\u00e9 de Carnavalet","orcid":"https://orcid.org/0000-0003-2664-3963"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Xavier De Carn\u00e9 De Carnavalet","raw_affiliation_strings":["The Hong Kong Polytechnic University, HongKong, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong Polytechnic University, HongKong, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075517496","display_name":"Lianying Zhao","orcid":"https://orcid.org/0000-0002-6376-4062"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Lianying Zhao","raw_affiliation_strings":["Carleton University, Ottawa, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Ottawa, Canada","institution_ids":["https://openalex.org/I67031392"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023224430","display_name":"Mengyuan Zhang","orcid":"https://orcid.org/0000-0001-7457-5198"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Mengyuan Zhang","raw_affiliation_strings":["The Hong Kong Polytechnic University, HongKong, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong Polytechnic University, HongKong, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023896344","display_name":"Lifa Wu","orcid":"https://orcid.org/0000-0001-5457-1923"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lifa Wu","raw_affiliation_strings":["Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084565580","display_name":"Wei Zhang","orcid":"https://orcid.org/0000-0002-1658-0236"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Zhang","raw_affiliation_strings":["Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5102705057"],"corresponding_institution_ids":["https://openalex.org/I41198531"],"apc_list":null,"apc_paid":null,"fwci":2.0721,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.87526564,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"63","last_page":"79"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10986","display_name":"RFID technology advancements","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/2214","display_name":"Media Technology"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6430627107620239},{"id":"https://openalex.org/keywords/router","display_name":"Router","score":0.6064090132713318},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.4781673550605774},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4039117097854614},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3991820216178894},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3458855152130127}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6430627107620239},{"id":"https://openalex.org/C2775896111","wikidata":"https://www.wikidata.org/wiki/Q642560","display_name":"Router","level":2,"score":0.6064090132713318},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.4781673550605774},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4039117097854614},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3991820216178894},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3458855152130127}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3634737.3637671","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3634737.3637671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:research.vu.nl:publications/4b6e3230-3e3f-4725-b168-c57a849518d7","is_oa":true,"landing_page_url":"https://research.vu.nl/en/publications/4b6e3230-3e3f-4725-b168-c57a849518d7","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Ye, J, de Carn\u00e9 de Carnavalet, X, Zhao, L, Zhang, M, Wu, L & Zhang, W 2024, Exposed by Default : A Security Analysis of Home Router Default Settings. in AsiaCCS 2024 : Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, pp. 63-79, 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024, Singapore, Singapore, 1/07/24. https://doi.org/10.1145/3634737.3637671","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:research.vu.nl:openaire_cris_publications/4b6e3230-3e3f-4725-b168-c57a849518d7","is_oa":true,"landing_page_url":"https://hdl.handle.net/1871.1/4b6e3230-3e3f-4725-b168-c57a849518d7","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Ye, J, de Carn\u00e9 de Carnavalet, X, Zhao, L, Zhang, M, Wu, L & Zhang, W 2024, Exposed by Default : A Security Analysis of Home Router Default Settings. in AsiaCCS 2024 : Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, pp. 63-79, 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024, Singapore, Singapore, 1/07/24. https://doi.org/10.1145/3634737.3637671","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:research.vu.nl:publications/4b6e3230-3e3f-4725-b168-c57a849518d7","is_oa":true,"landing_page_url":"https://research.vu.nl/en/publications/4b6e3230-3e3f-4725-b168-c57a849518d7","pdf_url":null,"source":{"id":"https://openalex.org/S4306401107","display_name":"VU Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I865915315","host_organization_name":"Vrije Universiteit Amsterdam","host_organization_lineage":["https://openalex.org/I865915315"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Ye, J, de Carn\u00e9 de Carnavalet, X, Zhao, L, Zhang, M, Wu, L & Zhang, W 2024, Exposed by Default : A Security Analysis of Home Router Default Settings. in AsiaCCS 2024 : Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, pp. 63-79, 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024, Singapore, Singapore, 1/07/24. https://doi.org/10.1145/3634737.3637671","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1516368485","https://openalex.org/W2029693536","https://openalex.org/W2066785512","https://openalex.org/W2128962932","https://openalex.org/W2139985879","https://openalex.org/W2275418938","https://openalex.org/W2735401168","https://openalex.org/W2750235144","https://openalex.org/W2774510177","https://openalex.org/W2974058390","https://openalex.org/W3102768552","https://openalex.org/W3129136847","https://openalex.org/W4235202118"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2122026593","https://openalex.org/W2582203024","https://openalex.org/W1588358165","https://openalex.org/W4237683758","https://openalex.org/W2370711413","https://openalex.org/W2052038519","https://openalex.org/W2375932043","https://openalex.org/W2841075164","https://openalex.org/W1980506749"],"abstract_inverted_index":{"With":[0],"ubiquitous":[1],"Internet":[2],"connectivity,":[3],"home":[4,58,167],"routers":[5],"have":[6],"become":[7],"a":[8,45,51,81,95,131],"cornerstone":[9],"of":[10,54,61,83,89,97,153,175],"our":[11],"digital":[12],"lives,":[13],"often":[14],"deployed":[15],"with":[16,130],"minimal":[17],"changes":[18],"to":[19,33,94,142,160,186],"the":[20,87,143,148,173,188],"factory":[21],"default":[22,74,77,154,194],"settings.":[23,78,195],"However,":[24],"if":[25],"left":[26],"unexamined,":[27],"these":[28],"settings":[29],"can":[30],"pose":[31],"risks":[32],"user":[34],"security":[35,84,102],"and":[36,49,71,75,107,114,163],"privacy.":[37],"To":[38],"systematically":[39],"evaluate":[40],"potential":[41],"risks,":[42],"we":[43,136],"developed":[44],"threat":[46],"model-based":[47],"framework":[48],"conducted":[50],"comprehensive":[52],"analysis":[53],"40":[55],"commercial":[56],"off-the-shelf":[57],"routers,":[59,113],"representative":[60],"recent":[62],"models":[63],"across":[64],"14":[65],"brands.":[66],"We":[67,79,119],"surveyed":[68],"81":[69],"parameters":[70],"behaviors":[72],"including":[73,86],"deep":[76],"identified":[80],"variety":[82],"flaws":[85],"exposure":[88],"IPv6":[90],"local":[91],"devices":[92],"due":[93],"lack":[96],"firewall":[98],"protection,":[99],"vulnerable":[100],"Wi-Fi":[101,105],"protocols,":[103],"open":[104],"networks":[106],"trivial":[108,132],"admin":[109],"passwords":[110],"for":[111,150,165,180],"\"plug-and-play\"":[112],"unencrypted":[115],"firmware":[116],"update":[117],"communications.":[118],"also":[120],"discovered":[121],"concealed":[122],"WPS":[123],"PIN":[124],"support":[125],"---":[126],"at":[127],"times":[128],"associated":[129],"PIN.":[133],"In":[134],"total,":[135],"are":[137],"reporting":[138],"30":[139],"exploitable":[140],"vulnerabilities":[141],"vendors.":[144],"This":[145],"paper":[146],"highlights":[147],"need":[149],"heightened":[151],"scrutiny":[152],"router":[155,193],"settings,":[156],"providing":[157],"valuable":[158],"insights":[159],"both":[161],"manufacturers":[162],"consumers":[164],"enhancing":[166],"network":[168],"security.":[169],"Our":[170],"findings":[171],"underscore":[172],"importance":[174],"meticulous":[176],"device":[177],"configuration,":[178],"advocating":[179],"proactive":[181],"measures":[182],"from":[183],"all":[184],"stakeholders":[185],"mitigate":[187],"threats":[189],"posed":[190],"by":[191],"insecure":[192]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4}],"updated_date":"2026-04-06T07:47:59.780226","created_date":"2025-10-10T00:00:00"}