{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:5ELHWIATACR2CI4WPJR74WHVVA","short_pith_number":"pith:5ELHWIAT","canonical_record":{"source":{"id":"1901.10062","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-29T01:29:32Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"5acb6fa435716081fac52fdf2199b5958bbb074f784f2bb3c99d239513428173","abstract_canon_sha256":"488e2748805d2daad93115fcdd0da6446da96996d027a8342d8fc7eb63a64f4c"},"schema_version":"1.0"},"canonical_sha256":"e9167b201300a3a123967a63fe58f5a801b2b9ab2875be898327d9cc65db55d9","source":{"kind":"arxiv","id":"1901.10062","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1901.10062","created_at":"2026-05-17T23:55:16Z"},{"alias_kind":"arxiv_version","alias_value":"1901.10062v1","created_at":"2026-05-17T23:55:16Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1901.10062","created_at":"2026-05-17T23:55:16Z"},{"alias_kind":"pith_short_12","alias_value":"5ELHWIATACR2","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_16","alias_value":"5ELHWIATACR2CI4W","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_8","alias_value":"5ELHWIAT","created_at":"2026-05-18T12:33:10Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:5ELHWIATACR2CI4WPJR74WHVVA","target":"record","payload":{"canonical_record":{"source":{"id":"1901.10062","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-29T01:29:32Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"5acb6fa435716081fac52fdf2199b5958bbb074f784f2bb3c99d239513428173","abstract_canon_sha256":"488e2748805d2daad93115fcdd0da6446da96996d027a8342d8fc7eb63a64f4c"},"schema_version":"1.0"},"canonical_sha256":"e9167b201300a3a123967a63fe58f5a801b2b9ab2875be898327d9cc65db55d9","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:55:16.264331Z","signature_b64":"W5evsg6tIGeuP/NuTT3lm08jRuWd5jNNeR682WgBON03/NgsSs0n6sc5YMpn3MWZkYesIXUQjbqsKpfWzC67Dg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"e9167b201300a3a123967a63fe58f5a801b2b9ab2875be898327d9cc65db55d9","last_reissued_at":"2026-05-17T23:55:16.263788Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:55:16.263788Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1901.10062","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:55:16Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"c5TW+VWgwsOw3zvizQ3Lc/mCZYg00rAyQdJ5FfknrFTrDbNIUv9YV1btztlElhBGy4ZiCM2pxo3jHKJXMoLICg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-11T10:19:03.401371Z"},"content_sha256":"153dce91886c4693c4c3ff75aa9a8ae7de19b8523bc7ad34ca7f4b3c43e5774b","schema_version":"1.0","event_id":"sha256:153dce91886c4693c4c3ff75aa9a8ae7de19b8523bc7ad34ca7f4b3c43e5774b"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:5ELHWIATACR2CI4WPJR74WHVVA","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Beware of the App! On the Vulnerability Surface of Smart Devices through their Companion Apps","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Atul Prakash, Davino Mauro Junior, Harvey Lu, Luis Melo, Marcelo d'Amorim","submitted_at":"2019-01-29T01:29:32Z","abstract_excerpt":"Internet of Things (IoT) devices are becoming increasingly important. These devices are often resource-limited, hindering rigorous enforcement of security policies. Assessing the vulnerability of IoT devices is an important problem, but analyzing their firmware is difficult for a variety of reasons, including requiring the purchase of devices. This paper finds that analyzing companion apps to these devices for clues to security vulnerabilities can be an effective strategy. Compared to device hardware and firmware, these apps are easy to download and analyze. A key finding of this study is that"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1901.10062","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:55:16Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"P51fJBNLb4D2hgBsdnBGoT+i9DJUj/KAH+sSDBg/AiLWLeydGrsH8b1VfNcykq6XkWkQXIXCtrQ3gqBjXRqgCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-11T10:19:03.401735Z"},"content_sha256":"dcf05d593776a8c29dfe3de7999bd886a0f319af4003bd8fd7f1efe9aa5fbd94","schema_version":"1.0","event_id":"sha256:dcf05d593776a8c29dfe3de7999bd886a0f319af4003bd8fd7f1efe9aa5fbd94"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/5ELHWIATACR2CI4WPJR74WHVVA/bundle.json","state_url":"https://pith.science/pith/5ELHWIATACR2CI4WPJR74WHVVA/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/5ELHWIATACR2CI4WPJR74WHVVA/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-11T10:19:03Z","links":{"resolver":"https://pith.science/pith/5ELHWIATACR2CI4WPJR74WHVVA","bundle":"https://pith.science/pith/5ELHWIATACR2CI4WPJR74WHVVA/bundle.json","state":"https://pith.science/pith/5ELHWIATACR2CI4WPJR74WHVVA/state.json","well_known_bundle":"https://pith.science/.well-known/pith/5ELHWIATACR2CI4WPJR74WHVVA/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:5ELHWIATACR2CI4WPJR74WHVVA","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"488e2748805d2daad93115fcdd0da6446da96996d027a8342d8fc7eb63a64f4c","cross_cats_sorted":["cs.SE"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-29T01:29:32Z","title_canon_sha256":"5acb6fa435716081fac52fdf2199b5958bbb074f784f2bb3c99d239513428173"},"schema_version":"1.0","source":{"id":"1901.10062","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1901.10062","created_at":"2026-05-17T23:55:16Z"},{"alias_kind":"arxiv_version","alias_value":"1901.10062v1","created_at":"2026-05-17T23:55:16Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1901.10062","created_at":"2026-05-17T23:55:16Z"},{"alias_kind":"pith_short_12","alias_value":"5ELHWIATACR2","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_16","alias_value":"5ELHWIATACR2CI4W","created_at":"2026-05-18T12:33:10Z"},{"alias_kind":"pith_short_8","alias_value":"5ELHWIAT","created_at":"2026-05-18T12:33:10Z"}],"graph_snapshots":[{"event_id":"sha256:dcf05d593776a8c29dfe3de7999bd886a0f319af4003bd8fd7f1efe9aa5fbd94","target":"graph","created_at":"2026-05-17T23:55:16Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Internet of Things (IoT) devices are becoming increasingly important. These devices are often resource-limited, hindering rigorous enforcement of security policies. Assessing the vulnerability of IoT devices is an important problem, but analyzing their firmware is difficult for a variety of reasons, including requiring the purchase of devices. This paper finds that analyzing companion apps to these devices for clues to security vulnerabilities can be an effective strategy. Compared to device hardware and firmware, these apps are easy to download and analyze. A key finding of this study is that","authors_text":"Atul Prakash, Davino Mauro Junior, Harvey Lu, Luis Melo, Marcelo d'Amorim","cross_cats":["cs.SE"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-29T01:29:32Z","title":"Beware of the App! On the Vulnerability Surface of Smart Devices through their Companion Apps"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1901.10062","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:153dce91886c4693c4c3ff75aa9a8ae7de19b8523bc7ad34ca7f4b3c43e5774b","target":"record","created_at":"2026-05-17T23:55:16Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"488e2748805d2daad93115fcdd0da6446da96996d027a8342d8fc7eb63a64f4c","cross_cats_sorted":["cs.SE"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-01-29T01:29:32Z","title_canon_sha256":"5acb6fa435716081fac52fdf2199b5958bbb074f784f2bb3c99d239513428173"},"schema_version":"1.0","source":{"id":"1901.10062","kind":"arxiv","version":1}},"canonical_sha256":"e9167b201300a3a123967a63fe58f5a801b2b9ab2875be898327d9cc65db55d9","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"e9167b201300a3a123967a63fe58f5a801b2b9ab2875be898327d9cc65db55d9","first_computed_at":"2026-05-17T23:55:16.263788Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:55:16.263788Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"W5evsg6tIGeuP/NuTT3lm08jRuWd5jNNeR682WgBON03/NgsSs0n6sc5YMpn3MWZkYesIXUQjbqsKpfWzC67Dg==","signature_status":"signed_v1","signed_at":"2026-05-17T23:55:16.264331Z","signed_message":"canonical_sha256_bytes"},"source_id":"1901.10062","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:153dce91886c4693c4c3ff75aa9a8ae7de19b8523bc7ad34ca7f4b3c43e5774b","sha256:dcf05d593776a8c29dfe3de7999bd886a0f319af4003bd8fd7f1efe9aa5fbd94"],"state_sha256":"f21181c813ed925ef6f6a7d26191e2d1a345c4be872ef3826e67c0bc2d377ab2"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Vw5+Xa3B2Tw0nBp9rHWWKCDLPMFF3TnQ0a0526skqrnYHrC0XqZvQOahEv2oZnZQZ5kS+rxVhSuw8mn2yMZOBw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-11T10:19:03.403798Z","bundle_sha256":"87e52706543263682b1c0e183649da7b6ea51f21614346c69e8206a8d3063eff"}}