{"id":"https://openalex.org/W2810355991","doi":"https://doi.org/10.1155/2018/7849065","title":"Resetting Your Password Is Vulnerable: A Security Study of Common SMS\u2010Based Authentication in IoT Device","display_name":"Resetting Your Password Is Vulnerable: A Security Study of Common SMS\u2010Based Authentication in IoT Device","publication_year":2018,"publication_date":"2018-01-01","ids":{"openalex":"https://openalex.org/W2810355991","doi":"https://doi.org/10.1155/2018/7849065","mag":"2810355991"},"language":"en","primary_location":{"id":"doi:10.1155/2018/7849065","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2018/7849065","pdf_url":"http://downloads.hindawi.com/journals/wcmc/2018/7849065.pdf","source":{"id":"https://openalex.org/S235346","display_name":"Wireless Communications and Mobile Computing","issn_l":"1530-8669","issn":["1530-8669","1530-8677"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Wireless Communications and Mobile Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"http://downloads.hindawi.com/journals/wcmc/2018/7849065.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100391483","display_name":"Dong Wang","orcid":"https://orcid.org/0000-0002-5141-9296"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dong Wang","raw_affiliation_strings":["University of Electronic Science and Technology of China, China","University of Electronic Science and Technology of China"],"affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, China","institution_ids":["https://openalex.org/I150229711"]},{"raw_affiliation_string":"University of Electronic Science and Technology of China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100780268","display_name":"Xiaosong Zhang","orcid":"https://orcid.org/0000-0001-9886-1412"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiaosong Zhang","raw_affiliation_strings":["University of Electronic Science and Technology of China, China","University of Electronic Science and Technology of China"],"affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, China","institution_ids":["https://openalex.org/I150229711"]},{"raw_affiliation_string":"University of Electronic Science and Technology of China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101420644","display_name":"Jiang Ming","orcid":"https://orcid.org/0000-0001-9682-0502"},"institutions":[{"id":"https://openalex.org/I189196454","display_name":"The University of Texas at Arlington","ror":"https://ror.org/019kgqr73","country_code":"US","type":"education","lineage":["https://openalex.org/I189196454"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jiang Ming","raw_affiliation_strings":["The University of Texas at Arlington, USA","The University of Texas at Arlington"],"affiliations":[{"raw_affiliation_string":"The University of Texas at Arlington, USA","institution_ids":["https://openalex.org/I189196454"]},{"raw_affiliation_string":"The University of Texas at Arlington","institution_ids":["https://openalex.org/I189196454"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100443178","display_name":"Ting Chen","orcid":"https://orcid.org/0000-0001-9165-8331"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ting Chen","raw_affiliation_strings":["University of Electronic Science and Technology of China, China","University of Electronic Science and Technology of China"],"affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, China","institution_ids":["https://openalex.org/I150229711"]},{"raw_affiliation_string":"University of Electronic Science and Technology of China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100406945","display_name":"Chao Wang","orcid":"https://orcid.org/0000-0002-1372-2366"},"institutions":[{"id":"https://openalex.org/I4210157345","display_name":"Venus Medtech (China)","ror":"https://ror.org/05xzt2h26","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210157345"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chao Wang","raw_affiliation_strings":["ADLab of Venustech, China","ADLab of Venustech"],"affiliations":[{"raw_affiliation_string":"ADLab of Venustech, China","institution_ids":["https://openalex.org/I4210157345"]},{"raw_affiliation_string":"ADLab of Venustech","institution_ids":["https://openalex.org/I4210157345"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029715489","display_name":"Weina Niu","orcid":"https://orcid.org/0000-0002-3235-3463"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]},{"id":"https://openalex.org/I24185976","display_name":"Sichuan University","ror":"https://ror.org/011ashp19","country_code":"CN","type":"education","lineage":["https://openalex.org/I24185976"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weina Niu","raw_affiliation_strings":["College of Cybersecurity, Sichuan University, China","University of Electronic Science and Technology of China, China","University of Electronic Science and Technology of China","College of Cybersecurity, Sichuan University"],"affiliations":[{"raw_affiliation_string":"College of Cybersecurity, Sichuan University, China","institution_ids":["https://openalex.org/I24185976"]},{"raw_affiliation_string":"University of Electronic Science and Technology of China, China","institution_ids":["https://openalex.org/I150229711"]},{"raw_affiliation_string":"University of Electronic Science and Technology of China","institution_ids":["https://openalex.org/I150229711"]},{"raw_affiliation_string":"College of Cybersecurity, Sichuan University","institution_ids":["https://openalex.org/I24185976"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100780268"],"corresponding_institution_ids":["https://openalex.org/I150229711"],"apc_list":{"value":2300,"currency":"USD","value_usd":2300},"apc_paid":{"value":2300,"currency":"USD","value_usd":2300},"fwci":2.467,"has_fulltext":true,"cited_by_count":10,"citation_normalized_percentile":{"value":0.91722739,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"2018","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8678489923477173},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.792167067527771},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7074917554855347},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.5865681767463684},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5361858010292053},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.4943373203277588},{"id":"https://openalex.org/keywords/challenge\u2013response-authentication","display_name":"Challenge\u2013response authentication","score":0.45363882184028625},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.442682147026062},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.4293438494205475},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.2770575284957886}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8678489923477173},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.792167067527771},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7074917554855347},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.5865681767463684},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5361858010292053},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.4943373203277588},{"id":"https://openalex.org/C131129157","wikidata":"https://www.wikidata.org/wiki/Q1059963","display_name":"Challenge\u2013response authentication","level":4,"score":0.45363882184028625},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.442682147026062},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.4293438494205475},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.2770575284957886}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1155/2018/7849065","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2018/7849065","pdf_url":"http://downloads.hindawi.com/journals/wcmc/2018/7849065.pdf","source":{"id":"https://openalex.org/S235346","display_name":"Wireless Communications and Mobile Computing","issn_l":"1530-8669","issn":["1530-8669","1530-8677"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Wireless Communications and Mobile Computing","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:d2d2a3c5166e421f9711e8ad9028b73e","is_oa":true,"landing_page_url":"https://doaj.org/article/d2d2a3c5166e421f9711e8ad9028b73e","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Wireless Communications and Mobile Computing, Vol 2018 (2018)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1155/2018/7849065","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2018/7849065","pdf_url":"http://downloads.hindawi.com/journals/wcmc/2018/7849065.pdf","source":{"id":"https://openalex.org/S235346","display_name":"Wireless Communications and Mobile Computing","issn_l":"1530-8669","issn":["1530-8669","1530-8677"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Wireless Communications and Mobile Computing","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6100000143051147,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G391238517","display_name":null,"funder_award_id":", and","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5939423041","display_name":null,"funder_award_id":"Technology","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6248607417","display_name":null,"funder_award_id":"61572115","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7539257876","display_name":null,"funder_award_id":"2017YFB0802900","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7820223330","display_name":null,"funder_award_id":"6157211","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320326707","display_name":"State Grid Corporation of China","ror":"https://ror.org/05twwhs70"},{"id":"https://openalex.org/F4320335785","display_name":"Project 211","ror":null},{"id":"https://openalex.org/F4320335967","display_name":"Science and Technology Project of State Grid","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2810355991.pdf","grobid_xml":"https://content.openalex.org/works/W2810355991.grobid-xml"},"referenced_works_count":53,"referenced_works":["https://openalex.org/W126407768","https://openalex.org/W405461467","https://openalex.org/W1509743338","https://openalex.org/W1775663022","https://openalex.org/W1916906602","https://openalex.org/W1922832738","https://openalex.org/W1973965874","https://openalex.org/W1993719651","https://openalex.org/W2004921952","https://openalex.org/W2013856010","https://openalex.org/W2024170198","https://openalex.org/W2026843999","https://openalex.org/W2036823834","https://openalex.org/W2045057497","https://openalex.org/W2062814932","https://openalex.org/W2072978486","https://openalex.org/W2081888787","https://openalex.org/W2095773278","https://openalex.org/W2101800210","https://openalex.org/W2107147876","https://openalex.org/W2115062372","https://openalex.org/W2123070675","https://openalex.org/W2124430468","https://openalex.org/W2127456326","https://openalex.org/W2135177518","https://openalex.org/W2137143105","https://openalex.org/W2144271133","https://openalex.org/W2146455667","https://openalex.org/W2154209576","https://openalex.org/W2161963160","https://openalex.org/W2164539435","https://openalex.org/W2172081876","https://openalex.org/W2180970301","https://openalex.org/W2216041415","https://openalex.org/W2235312398","https://openalex.org/W2264131323","https://openalex.org/W2344770124","https://openalex.org/W2408302068","https://openalex.org/W2503469005","https://openalex.org/W2575029217","https://openalex.org/W2576376563","https://openalex.org/W2604900212","https://openalex.org/W2659233977","https://openalex.org/W2753873057","https://openalex.org/W2791018263","https://openalex.org/W2803170499","https://openalex.org/W2999962580","https://openalex.org/W3103269073","https://openalex.org/W4240634662","https://openalex.org/W4245444791","https://openalex.org/W4302920368","https://openalex.org/W6641506132","https://openalex.org/W6906355099"],"related_works":["https://openalex.org/W2359085393","https://openalex.org/W2969720675","https://openalex.org/W85711018","https://openalex.org/W2189322943","https://openalex.org/W2949495265","https://openalex.org/W2090295280","https://openalex.org/W2021087413","https://openalex.org/W1959666775","https://openalex.org/W2953105088","https://openalex.org/W2036082688"],"abstract_inverted_index":{"Firmware":[0],"vulnerability":[1],"is":[2,11,56],"an":[3,22,30,66,80,112,132],"important":[4],"target":[5],"for":[6,37,70],"IoT":[7,48,62,159,181],"attacks,":[8],"but":[9],"it":[10,186],"challenging,":[12],"because":[13],"firmware":[14,51],"may":[15],"be":[16,92],"publicly":[17],"unavailable":[18],"or":[19],"encrypted":[20],"with":[21],"unknown":[23],"key.":[24],"We":[25,129,184,203],"present":[26],"in":[27],"this":[28,84,139,209],"paper":[29],"attack":[31,137,178],"on":[32,58,138,180],"Short":[33],"Message":[34],"Service":[35],"(SMS":[36],"short)":[38,71],"authentication":[39,114,141],"code":[40,115,142],"which":[41],"aims":[42],"at":[43],"gaining":[44],"the":[45,59,93,122,152,156],"control":[46,74,157],"of":[47,98,158],"devices":[49,182],"without":[50],"analysis.":[52],"The":[53],"key":[54],"idea":[55],"based":[57],"observation":[60],"that":[61,110,131],"device":[63],"usually":[64,89],"has":[65],"official":[67],"application":[68],"(app":[69],"used":[72],"to":[73,78,91,117,120,154,173,207],"itself.":[75],"Customer":[76],"needs":[77],"register":[79],"account":[81,94,153],"before":[82],"using":[83],"app,":[85],"phone":[86,119],"numbers":[87],"are":[88],"suggested":[90],"name,":[95],"and":[96,187],"most":[97],"these":[99],"apps":[100],"have":[101,165],"a":[102,167],"common":[103],"feature,":[104],"called":[105,170],"Reset":[106],"Your":[107],"Password":[108],",":[109,172],"uses":[111],"SMS":[113,140],"sent":[116],"customer":[118,123],"authenticate":[121],"when":[124],"he":[125,149],"forgot":[126],"his":[127],"password.":[128],"found":[130,189],"attacker":[133],"can":[134,150],"perform":[135],"brute\u2010force":[136,177],"automatically":[143],"by":[144],"overcoming":[145],"several":[146],"challenges,":[147],"then":[148],"steal":[151],"gain":[155],"devices.":[160],"In":[161],"our":[162],"research,":[163],"we":[164],"implemented":[166],"prototype":[168],"tool,":[169],"SACIntruder":[171],"enable":[174],"performing":[175],"such":[176],"test":[179],"automatically.":[183],"evaluated":[185],"successfully":[188],"12":[190],"zero\u2010day":[191],"vulnerabilities":[192],"including":[193],"smart":[194,198,200],"lock,":[195],"sharing":[196],"car,":[197],"watch,":[199],"router,":[201],"etc.":[202],"also":[204],"discussed":[205],"how":[206],"prevent":[208],"attack.":[210]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2019,"cited_by_count":3}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}