Anchors that Don't Lift: Understanding Supply Chain Driven Kernel Lock-In and Governance-Mediated Mitigation Strategies in SOHO Devices
Pith reviewed 2026-06-27 12:25 UTC · model grok-4.3
The pith
SOHO vendors are locked to outdated Linux kernels by SoC SDKs, inheriting vulnerability debt along the supply chain to end users.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
SOHO vendors are effectively locked to specific often older kernel versions due to the system-on-chip SDKs they use. This kernel lock-in produces a vulnerability debt that is inherited along the supply chain from SoC vendor to firmware creators to router or IP-camera vendor and ultimately borne by end users. All five SoC vendors in the dataset had used SDKs with Linux kernels that had reached end of life more than a year before their usage in a SOHO device.
What carries the argument
Supply-chain tracing from SoC SDKs through ODMs to final firmware that enforces kernel-version lock-in, combined with template-based CVE detection on GPL source releases.
If this is right
- Kernel vulnerabilities in SOHO devices arise from systemic supplier lock-in rather than isolated vendor choices.
- Meaningful kernel updates require changes at the SoC vendor level, not at the device assembler level.
- Regulatory compliance alone does not produce kernel upgrades in practice.
- Only SoC vendors that engage open-source communities demonstrate a workable path to mitigation.
Where Pith is reading between the lines
- Manufacturers could reduce exposure by qualifying multiple SoC suppliers with different kernel baselines.
- Security evaluations of SOHO devices should examine SDK release dates rather than final firmware version strings alone.
- If community-driven updates prove repeatable, they could become a contractual requirement in hardware supply agreements.
Load-bearing premise
The high-precision template-based CVE detection accurately identifies actual vulnerabilities in the customized SOHO kernels from GPL releases without significant false positives, and these sources represent the firmware running on the devices.
What would settle it
Direct verification on a sample of the 306 devices showing that the reported CVEs do not match the kernels actually running in the shipped firmware, or documentation of an SoC vendor releasing an updated SDK kernel without community involvement.
Figures
read the original abstract
Small Office/Home Office (SOHO) devices are widely popular, yet often attacked due to security vulnerabilities in their firmware, affecting thousands of devices. These security vulnerabilities often stem from outdated Linux kernel versions included in SOHO device firmware. Naturally, prior work audited the extent and impact of this issue by simple Linux version extraction and version number based vulnerability mapping. However, it is unclear how many of these anticipated vulnerabilities actually exist in the heavily customized SOHO kernels and if there are any barriers towards updating Linux kernels in SOHO firmwares. To address this gap, we uncover actual kernel-related vulnerabilities found in 306 SOHO devices using a high-precision template-based CVE detection mechanism on GPL source releases of more than 900 firmwares from these devices. Next, as a first, we traced the supply chain of these vulnerable SOHO devices at scale and identify kernel lock-in as a significant security issue -- SOHO vendors are effectively locked to specific (often older) kernel versions due to the system-on-chip (SoC) SDKs they use. This kernel lock-in produces a vulnerability debt that is inherited along the supply chain from SoC vendor to firmware creators (ODM/OEM) to router/IP-camera vendor and ultimately borne by end users. All five SoC vendors in our dataset had used SDKs with Linux kernels that had reached EoL more than a year before their usage in a SOHO device. Finally, we explore the mitigation-potential of individual, regulatory and community governance by analyzing social media posts, regulations and community efforts. Our results show that regulation compliance is insufficient and only SoC vendors who engage with communities for kernel upgradation offered a viable path towards mitigation. The data and code for this work is available at https://doi.org/10.5281/zenodo.20433799
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper analyzes kernel-related vulnerabilities in 306 SOHO devices via high-precision template-based CVE detection applied to GPL source releases from over 900 firmwares. It traces the supply chain to identify kernel lock-in driven by SoC SDKs, showing that all five SoC vendors in the dataset used kernels that had reached end-of-life more than a year prior to deployment; this creates inherited vulnerability debt borne by end users. The work also evaluates mitigation potential through individual, regulatory, and community governance mechanisms, concluding that only community-engaged SoC vendors offer a viable path, with data and code released at Zenodo.
Significance. If the CVE detection and supply-chain tracing hold, the results provide large-scale empirical evidence of systemic lock-in and inherited vulnerability debt in the SOHO/IoT supply chain, supported by open data and code. This strengthens the case for governance interventions and could inform future audits or regulations, while the reproducibility assets are a clear strength.
major comments (2)
- [CVE detection / methodology] The section describing the CVE detection mechanism: the central claim of actual (not merely potential) vulnerabilities and resulting debt rests on the template-based detector correctly identifying reachable CVEs in customized kernels. No validation (e.g., manual review of flagged cases, binary-diff comparison, or false-positive rate measurement on a subset) is reported to rule out over-counting from backports, config disables, or vendor patches; this directly affects the strength of the vulnerability-debt narrative.
- [supply chain tracing] The supply-chain tracing and SoC SDK analysis: the claim that all five SoC vendors used EoL kernels more than a year before SOHO deployment is load-bearing for the lock-in conclusion, yet the manuscript provides limited detail on how SDK release dates were obtained, matched to device firmwares, and verified for completeness across the 306 devices.
minor comments (1)
- [abstract] The abstract states the high-level findings but does not quantify false-positive risk or tracing coverage; adding one sentence on these points would improve clarity without altering the core argument.
Simulated Author's Rebuttal
We thank the referee for the constructive and detailed feedback. We address each major comment below and outline revisions to strengthen the manuscript.
read point-by-point responses
-
Referee: [CVE detection / methodology] The section describing the CVE detection mechanism: the central claim of actual (not merely potential) vulnerabilities and resulting debt rests on the template-based detector correctly identifying reachable CVEs in customized kernels. No validation (e.g., manual review of flagged cases, binary-diff comparison, or false-positive rate measurement on a subset) is reported to rule out over-counting from backports, config disables, or vendor patches; this directly affects the strength of the vulnerability-debt narrative.
Authors: We agree that the absence of reported validation steps is a limitation that weakens the strength of the vulnerability-debt claims. The template-based detector was selected for its focus on matching specific vulnerable code patterns rather than version numbers alone, and all analysis used the released GPL sources. However, no explicit validation (such as manual review or false-positive analysis) is described in the current manuscript. In the revised version we will add a dedicated subsection on methodology validation, including results from manual review of a sample of detections and discussion of how the approach handles common customization patterns. This directly incorporates the referee's point. revision: yes
-
Referee: [supply chain tracing] The supply-chain tracing and SoC SDK analysis: the claim that all five SoC vendors used EoL kernels more than a year before SOHO deployment is load-bearing for the lock-in conclusion, yet the manuscript provides limited detail on how SDK release dates were obtained, matched to device firmwares, and verified for completeness across the 306 devices.
Authors: We acknowledge that the supply-chain tracing section would benefit from expanded methodological detail to support the load-bearing claim. SDK timelines were derived from publicly available vendor release notes, archived SDK packages, and kernel version strings extracted from the firmware GPL sources, with matching performed via kernel version and build timestamp comparison. To address the comment, the revised manuscript will expand the supply-chain section with a step-by-step description of data sources per SoC vendor, the exact matching criteria, and verification procedures applied to the full set of 306 devices. The complete dataset remains available in the Zenodo release for independent inspection. revision: yes
Circularity Check
Empirical study with no definitional or fitted circularity
full rationale
The paper is an empirical audit of 306 SOHO devices using GPL source releases and supply-chain tracing. No equations, fitted parameters, or predictions are present that reduce claims to inputs by construction. Central claims about kernel lock-in and inherited vulnerability debt rest on observed data patterns from external firmware sources and public records rather than self-definitional mappings or self-citation chains. The template-based CVE detection is presented as an external mechanism applied to the data; its accuracy is an assumption about measurement validity, not a circular reduction of the result to the input.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption GPL source releases accurately represent the kernels deployed in the analyzed SOHO devices.
Reference graph
Works this paper leans on
-
[1]
https://dd- wrt.com/ , 2026
DD-WRT: Linux-based open source router firmware. https://dd- wrt.com/ , 2026. Accessed: Jan. 26, 2026
2026
-
[2]
https://www.freshtomato.org/ , 2026
FreshTomato: Enhanced firmware for broadcom-based routers. https://www.freshtomato.org/ , 2026. Accessed: Jan. 26, 2026
2026
-
[3]
A survey on security, privacy, trust, and architectural challenges in iot systems
Mumin Adam, Mohammad Hammoudeh, Rana Al- rawashdeh, and Basil Alsulaimy. A survey on security, privacy, trust, and architectural challenges in iot systems. IEEE Access, 12:57128–57149, 2024
2024
-
[4]
A decade of {Privacy-Relevant} an- droid app reviews: Large scale trends
Omer Akgul, Sai Teja Peddinti, Nina Taft, Michelle L Mazurek, Hamza Harkous, Animesh Srivastava, and Benoit Seguin. A decade of {Privacy-Relevant} an- droid app reviews: Large scale trends. In33rd USENIX Security Symposium (USENIX Security 24), pages 5089– 5106, 2024
2024
-
[5]
Optuna: A Next-generation Hyperparameter Optimization Framework
Takuya Akiba, Shotaro Sano, Toshihiko Yanase, Takeru Ohta, and Masanori Koyama. Optuna: A next- generation hyperparameter optimization framework. ht tps://arxiv.org/abs/1907.10902, 2019
work page internal anchor Pith review Pith/arXiv arXiv 1907
-
[6]
Understanding users’ security and privacy concerns and attitudes towards conversational ai platforms
Mutahar Ali, Arjun Arunasalam, and Habiba Farrukh. Understanding users’ security and privacy concerns and attitudes towards conversational ai platforms. In2025 IEEE Symposium on Security and Privacy (SP), pages 298–316, 2025. 15
2025
-
[7]
Firmsolo: enabling dynamic analysis of binary linux-based iot kernel modules
Ioannis Angelakopoulos, Gianluca Stringhini, and Manuel Egele. Firmsolo: enabling dynamic analysis of binary linux-based iot kernel modules. InProceedings of the 32nd USENIX Conference on Security Symposium, SEC ’23, USA, 2023. USENIX Association
2023
-
[8]
Understanding the mirai botnet
Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Du- rumeric, J Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et al. Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17), pages 1093–1110, 2017
2017
-
[9]
Hackers Exploit Zero-Day in Discontin- ued D-Link Devices
Ionut Arghire. Hackers Exploit Zero-Day in Discontin- ued D-Link Devices. https://www.securityweek.c om/hackers-exploit-zero-day-in-discontinue d-d-link-devices/ , 1 2026. SecurityWeek, Jan. 7,
2026
-
[10]
Accessed: Feb. 6, 2026
2026
-
[11]
Susanne Barth and Menno D.T. de Jong. The privacy paradox investigating discrepancies between expressed privacy concerns and actual online behavior a system- atic literature review.Telemat. Inf., 34(7):1038–1058, November 2017
2017
-
[12]
Buck and Devon F
Amber M. Buck and Devon F. Ralston. I didn’t sign up for your research study: The ethics of using “public” data.Computers and Composition, 61:102655, 2021. Rhetorics of Data: Collection, Consent, & Critical Digi- tal Literacies
2021
-
[13]
But is it ex- ploitable? exploring how router vendors manage and patch security vulnerabilities in consumer-grade routers
George Chalhoub and Andrew Martin. But is it ex- ploitable? exploring how router vendors manage and patch security vulnerabilities in consumer-grade routers. InProceedings of the 2023 European Symposium on Us- able Security, EuroUSEC ’23, page 277–295, New York, NY , USA, 2023. Association for Computing Machinery
2023
-
[14]
Chen, Maverick Woo, David Brumley, and Manuel Egele
Daming D. Chen, Maverick Woo, David Brumley, and Manuel Egele. Towards automated dynamic analysis for linux-based embedded firmware. In23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21- 24, 2016. The Internet Society, 2016
2016
-
[15]
Scaling instruction-finetuned language models.Journal of Ma- chine Learning Research, 25(70):1–53, 2024
Hyung Won Chung, Le Hou, Shayne Longpre, Barret Zoph, Yi Tay, William Fedus, Yunxuan Li, Xuezhi Wang, Mostafa Dehghani, Siddhartha Brahma, et al. Scaling instruction-finetuned language models.Journal of Ma- chine Learning Research, 25(70):1–53, 2024
2024
-
[16]
Qca software development kit (qsdk) overview
CodeLinaro Wiki. Qca software development kit (qsdk) overview. https://wiki.codelinaro.org/en/clo /qsdk/overview, 2026. Accessed: 2026-02-02
2026
-
[17]
Consumer iot device cybersecurity standards, policies, and certifica- tion schemes 2025
Connectivity Standards Alliance (CSA). Consumer iot device cybersecurity standards, policies, and certifica- tion schemes 2025. Technical report, Connectivity Stan- dards Alliance, 2025
2025
-
[18]
Openwrt project
OpenWrt Contributors. Openwrt project. https://op enwrt.org/, 2024. Accessed: January 21, 2026
2024
-
[19]
Techinfodepot
TechInfoDepot Contributors. Techinfodepot. https:// techinfodepot.shoutwiki.com/ , 2024. Accessed: January 21, 2026
2024
-
[20]
Wikidevi
WikiDevi Contributors. Wikidevi. https://wikidevi .wi-cat.ru/, 2024. Accessed: January 21, 2026
2024
-
[21]
A large-scale analysis of the security of embedded firmwares
Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. A large-scale analysis of the security of embedded firmwares. InProceedings of the 23rd USENIX Conference on Security Symposium, SEC’14, page 95–110, USA, 2014. USENIX Association
2014
-
[22]
AA22-054A: New sandworm malware cyclops blink replaces vpnfilter
Cybersecurity and Infrastructure Security Agency (CISA). AA22-054A: New sandworm malware cyclops blink replaces vpnfilter. https://www.cisa.gov/new s-events/cybersecurity-advisories/aa22-054 a, 2022. Accessed: Jan. 26, 2026
2022
-
[23]
D-Link: Smart Home, SMB and Enterprise Networking Solutions
D-Link Systems, Inc. D-Link: Smart Home, SMB and Enterprise Networking Solutions. https://www.dlin k.com/in/en, 2026. Accessed: Jan. 26, 2026
2026
-
[24]
A survey of security and privacy issues in the internet of things from the layered context.Transactions on Emerging Telecom- munications Technologies, 33(6):e3935, 2022
Samundra Deep, Xi Zheng, Alireza Jolfaei, Dongjin Yu, Pouya Ostovari, and Ali Kashif Bashir. A survey of security and privacy issues in the internet of things from the layered context.Transactions on Emerging Telecom- munications Technologies, 33(6):e3935, 2022
2022
-
[25]
BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding
Jacob Devlin. Bert: Pre-training of deep bidirectional transformers for language understanding.arXiv preprint arXiv:1810.04805, 2018
work page internal anchor Pith review Pith/arXiv arXiv 2018
-
[26]
Berry, and Edward Lank
Janna Lynn Dupree, Richard Devries, Daniel M. Berry, and Edward Lank. Privacy personas: Clustering users via attitudes and behaviors toward security practices. In Proceedings of the 2016 CHI Conference on Human Fac- tors in Computing Systems, CHI ’16, page 5228–5239, New York, NY , USA, 2016. Association for Computing Machinery
2016
-
[27]
EMBA: The firmware security analyzer
e-m-b-a. EMBA: The firmware security analyzer. ht tps://github.com/e-m-b-a/emba , 2025. Accessed: Dec. 7, 2025
2025
-
[28]
ETSI EN 303 645: Cyber Security for Consumer Internet of Things
ETSI (European Telecommunications Standards Insti- tute). ETSI EN 303 645: Cyber Security for Consumer Internet of Things. https://www.etsi.org/stand ards/303645 , 2020. European Telecommunications Standards Institute,Accessed: January 21, 2026. 16
2020
-
[29]
Cyber Resilience Act (CRA)
European Union. Cyber Resilience Act (CRA). https: //digital-strategy.ec.europa.eu/en/policies /cyber-resilience-act , 2022. Accessed: 2026-02- 02
2022
-
[30]
Cvehound
Evdenis. Cvehound. https://github.com/evdenis /cvehound, 2023. Accessed: 2026-02-02
2023
-
[31]
Ethical issues in qualitative research on internet communities.BMJ, 323(7321):1103–1105, 2001
Gunther Eysenbach and James E Till. Ethical issues in qualitative research on internet communities.BMJ, 323(7321):1103–1105, 2001
2001
-
[32]
People’s republic of china-linked actors compromise routers and iot devices for botnet operations
Federal Bureau of Investigation, Cyber National Mis- sion Force, and National Security Agency. People’s republic of china-linked actors compromise routers and iot devices for botnet operations. https://media.de fense.gov/2024/Sep/18/2003547016/-1/-1/0/C SA-PRC-LINKED-ACTORS-BOTNET.PDF , September
2024
-
[33]
Joint Cybersecurity Advisory JCSA-20240918- 001, Accessed: Dec. 7, 2025
2025
-
[34]
Cybersecurity labeling for internet of things
Federal Communications Commission. Cybersecurity labeling for internet of things. Report and Order and Further Notice of Proposed Rulemaking, FCC 24-26, March 2024
2024
-
[35]
Equipment au- thorization
Federal Communications Commission. Equipment au- thorization. https://www.fcc.gov/engineering-t echnology/laboratory-division/general/equi pment-authorization, 2025. Accessed: 2026-02-05
2025
-
[36]
Mobile phone maker BLU reaches settlement with FTC over deceptive privacy and data security claims
Federal Trade Commission. Mobile phone maker BLU reaches settlement with FTC over deceptive privacy and data security claims. FTC Press Release, April 2018
2018
-
[37]
Mobile security updates: Understanding the issues
Federal Trade Commission. Mobile security updates: Understanding the issues. Technical report, U.S. Federal Trade Commission, February 2018
2018
-
[38]
Security analysis of emerging smart home applications
Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. Security analysis of emerging smart home applications. In2016 IEEE Symposium on Security and Privacy (SP), pages 636–654, 2016
2016
-
[39]
Oper- ation wrthug, the global espionage campaign hiding in your home router
Gilad Friedenreich Maizles and Marty Kareem. Oper- ation wrthug, the global espionage campaign hiding in your home router. https://securityscorecard.co m/blog/operation-wrthug-the-global-espio nage-campaign-hiding-in-your-home-router/ , November 2025. SecurityScorecard Blog / STRIKE. Accessed: 2026-01-23
2025
-
[40]
i wasn’t sure if this is indeed a security risk
Rajdeep Ghosh, Shiladitya De, and Mainack Mondal. "i wasn’t sure if this is indeed a security risk": Data-driven understanding of security issue reporting in github repos- itories of open source npm packages. In Lujo Bauer and Giancarlo Pellegrino, editors,34th USENIX Secu- rity Symposium, USENIX Security 2025, Seattle, WA, USA, August 13-15, 2025, pages ...
2025
-
[41]
Gunnar Harboe and Elaine M. Huang. Real-world affin- ity diagramming practices: Bridging the paper-digital gap. InProceedings of the 33rd Annual ACM Confer- ence on Human Factors in Computing Systems, CHI ’15, page 95–104, New York, NY , USA, 2015. Association for Computing Machinery
2015
-
[42]
DeBERTa: Decoding-enhanced BERT with Disentangled Attention
Pengcheng He, Xiaodong Liu, Jianfeng Gao, and Weizhu Chen. Deberta: Decoding-enhanced bert with disentangled attention.arXiv preprint arXiv:2006.03654, 2020
work page internal anchor Pith review Pith/arXiv arXiv 2006
-
[43]
Helmke and J
R. Helmke and J. vom Dorp. Extended abstract: To- wards reliable and scalable linux kernel cve attribution in automated static firmware analyses. In Daniel Gruss, Federico Maggi, Mathias Fischer, and Michele Carmi- nati, editors,Detection of Intrusions and Malware, and Vulnerability Assessment, pages 201–210, Cham, 2023. Springer Nature Switzerland
2023
-
[44]
Home - hon hai technology group - foxconn
Hon Hai Technology Group (Foxconn). Home - hon hai technology group - foxconn. https://www.foxconn. com/en-us. Accessed: 2026-02-05
2026
-
[45]
Chinese botnet infects 260,000 soho routers, ip cameras with malware
Ionut Ilascu. Chinese botnet infects 260,000 soho routers, ip cameras with malware. https://www.bl eepingcomputer.com/news/security/flax-typ hoon-hackers-infect-260-000-routers-ip-c ameras-with-botnet-malware/ , September 2024. BleepingComputer. Accessed: 2026-01-23
2024
-
[46]
Firmae: To- wards large-scale emulation of iot firmware for dynamic analysis
Mingeun Kim, Dongkwan Kim, Eunsoo Kim, Suryeon Kim, Yeongjin Jang, and Yongdae Kim. Firmae: To- wards large-scale emulation of iot firmware for dynamic analysis. InProceedings of the 36th Annual Computer Security Applications Conference, ACSAC ’20, page 733–745, New York, NY , USA, 2020. Association for Computing Machinery
2020
-
[47]
Pri- vacy Indexes: A Survey of Westin’s Studies
Ponnurangam Kumaraguru and Lorrie Faith Cranor. Pri- vacy Indexes: A Survey of Westin’s Studies. Tech- nical Report CMU-ISRI-5-138, Institute for Software Research International, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, Dezember 2005
2005
-
[48]
W. Largent. New VPNFilter malware targets at least 500k networking devices worldwide, May 2018. Ac- cessed: Dec. 7, 2025
2018
-
[49]
it’s up to the consumer to be smart
Jingjie Li, Kaiwen Sun, Brittany Skye Huff, Anna Marie Bierley, Younghyun Kim, Florian Schaub, and Kassem Fawaz. “it’s up to the consumer to be smart”: Under- standing the security and privacy attitudes of smart home 17 users on reddit. In2023 IEEE Symposium on Security and Privacy (SP), pages 2850–2866. IEEE, 2023
2023
-
[50]
Shadowv2 casts a shadow over iot devices
Vincent Li. Shadowv2 casts a shadow over iot devices. https://www.fortinet.com/blog/threat-resea rch/shadowv2-casts-a-shadow-over-iot-devic es, November 2025. Fortinet Blog (Threat Research). Accessed: 2026-01-23
2025
-
[51]
Linksys: Home and Business Wi-Fi and Networking
Linksys, Inc. Linksys: Home and Business Wi-Fi and Networking. https://www.linksys.com/ , 2026. Accessed: Jan. 26, 2026
2026
-
[52]
RoBERTa: A Robustly Optimized BERT Pretraining Approach
Yinhan Liu. Roberta: A robustly optimized bert pretrain- ing approach.arXiv preprint arXiv:1907.11692, 364, 2019
work page internal anchor Pith review Pith/arXiv arXiv 1907
-
[53]
Mediatek | home page
MediaTek Inc. Mediatek | home page. https://www. mediatek.com/. Accessed: 2026-02-05
2026
-
[54]
Debjyoti Mukherjee, Alireza Ahmadi, Maryam Vahdat Pour, and Joel Reardon. An empirical study on user reviews targeting mobile apps’ security & privacy.arXiv preprint arXiv:2010.06371, 2020
-
[55]
NVD - CVE- 2023-6932
National Vulnerability Database (NIST). NVD - CVE- 2023-6932. https://nvd.nist.gov/vuln/detail /CVE-2023-6932. Accessed: 2026-02-02
2023
-
[56]
NVD - CVE- 2024-1151
National Vulnerability Database (NIST). NVD - CVE- 2024-1151. https://nvd.nist.gov/vuln/detail /CVE-2024-1151. Accessed: 2026-02-02
2024
-
[57]
NVD - CVE- 2024-22386
National Vulnerability Database (NIST). NVD - CVE- 2024-22386. https://nvd.nist.gov/vuln/detail /CVE-2024-22386. Accessed: 2026-02-02
2024
-
[58]
NETGEAR: Advanced WiFi & Network- ing Products
Netgear, Inc. NETGEAR: Advanced WiFi & Network- ing Products. https://www.netgear.com/ , 2026. Accessed: Jan. 26, 2026
2026
-
[59]
Short text, large effect: Measuring the impact of user reviews on android app security & privacy
Duc Cuong Nguyen, Erik Derr, Michael Backes, and Sven Bugiel. Short text, large effect: Measuring the impact of user reviews on android app security & privacy. In2019 IEEE symposium on Security and Privacy (SP), pages 555–569. IEEE, 2019
2019
-
[60]
Unveiling {IoT} security in reality: A {Firmware-Centric} journey
Nicolas Nino, Ruibo Lu, Wei Zhou, Kyu Hyung Lee, Ziming Zhao, and Le Guan. Unveiling {IoT} security in reality: A {Firmware-Centric} journey. In33rd USENIX Security Symposium (USENIX Security 24), pages 5609– 5626, 2024
2024
-
[61]
NISTIR 8259: Foundational Cybersecurity Activities for IoT Device Manufacturers
NIST Internet of Things (IoT) Program. NISTIR 8259: Foundational Cybersecurity Activities for IoT Device Manufacturers. https://www.nist.gov/publica tions/foundational-cybersecurity-activitie s-iot-device-manufacturers , 2020. National Insti- tute of Standards and Technology,Accessed: January 21, 2026
2020
-
[62]
Cybercriminal Proxy Services Exploiting End-of-Life Routers
Federal Bureau of Investigation (FBI). Cybercriminal Proxy Services Exploiting End-of-Life Routers. https: //www.fbi.gov/investigate/cyber/alerts/202 5/cybercriminal-proxy-services-exploitin g-end-of-life-routers , 5 2025. Public Service Announcement, May 7, 2025. Accessed: Feb. 6, 2026
2025
-
[63]
unblob: Accurate and fast extraction suite for binary blobs
ONEKEY. unblob: Accurate and fast extraction suite for binary blobs. https://unblob.org/, 2025. Accessed: Dec. 7, 2025
2025
-
[64]
Openwrt: Open source router and embedded operating system
OpenWrt Project. Openwrt: Open source router and embedded operating system. https://github.com/o penwrt/openwrt/, 2026. Accessed: 2026-02-03
2026
-
[65]
Openwrt table of hardware (toh)
OpenWrt Project. Openwrt table of hardware (toh). https://toh.openwrt.org/?view=normal , 2026. Accessed: 2026-02-02
2026
-
[66]
Qualcomm: Intelligent com- puting everywhere
Qualcomm Incorporated. Qualcomm: Intelligent com- puting everywhere. https://www.qualcomm.com/ . Accessed: 2026-02-05
2026
-
[67]
i just hated it and i want my money back
Rohit Raj, Mridul Newar, and Mainack Mondal. "i just hated it and i want my money back": Data-driven under- standing of mobile vpn service switching preferences in the wild. InUSENIX Security Symposium, 2024
2024
-
[68]
Karonte: Detecting in- secure multi-binary interactions in embedded firmware
Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spen- sky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. Karonte: Detecting in- secure multi-binary interactions in embedded firmware. In2020 IEEE Symposium on Security and Privacy (SP), pages 1544–1561, 2020
2020
-
[69]
Binwalk: Firmware Analysis Tool
ReFirmLabs. Binwalk: Firmware Analysis Tool. ht tps://github.com/ReFirmLabs/binwalk , 2025. Accessed: Dec. 7, 2025
2025
-
[70]
Saldana.The Coding Manual for Qualitative Re- searchers
J. Saldana.The Coding Manual for Qualitative Re- searchers. SAGE Publications, 2015
2015
-
[71]
Saturation in qualitative re- search: exploring its conceptualization and operational- ization.Quality & quantity, 52:1893–1907, 2018
Benjamin Saunders, Julius Sim, Tom Kingstone, Shula Baker, Jackie Waterfield, Bernadette Bartlam, Heather Burroughs, and Clare Jinks. Saturation in qualitative re- search: exploring its conceptualization and operational- ization.Quality & quantity, 52:1893–1907, 2018
1907
-
[72]
Threat intelligence research: V olt typhoon compromises 30% of cisco rv320/325 devices in 37 days
SecurityScorecard STRIKE Team. Threat intelligence research: V olt typhoon compromises 30% of cisco rv320/325 devices in 37 days. https://security scorecard.com/blog/threat-intelligence-res earch-volt-typhoon/, January 2024. Accessed: Dec. 7, 2025
2024
-
[73]
Selenium, 2026
Selenium Contributors. Selenium, 2026. Accessed: January 7, 2026. 18
2026
-
[74]
Coccinelle
Coccinelle Team. Coccinelle. https://coccinelle.g itlabpages.inria.fr/website/ , 2023. Accessed: 2026-02-02
2023
-
[75]
Linux exploit suggester
The-Z-Labs. Linux exploit suggester. https://gith ub.com/The-Z-Labs/linux-exploit-suggester ,
-
[76]
Accessed: 2026-02-02
2026
-
[77]
Technical news and reports about quad 7 (7777) botnet aka covertnetwork-1658, August 2025
TP-Link. Technical news and reports about quad 7 (7777) botnet aka covertnetwork-1658, August 2025. TP-Link Support FAQ (Last Updated: 2025-08-29). Ac- cessed: 2026-01-23
2025
-
[78]
TP-Link: Networking Products and Solutions
TP-Link Technologies Co., Ltd. TP-Link: Networking Products and Solutions. https://www.tp-link.com/ in/, 2026. Accessed: Jan. 26, 2026
2026
-
[79]
TRENDnet: Networking and Surveil- lance Solutions
TRENDnet, Inc. TRENDnet: Networking and Surveil- lance Solutions. https://www.trendnet.com/home,
-
[80]
26, 2026
Accessed: Jan. 26, 2026
2026
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.