EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via Routing Analysis
Hangtian Liu
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · IoT Security
The proliferation of Internet of Things (IoT) devices has brought unprecedented convenience, but it has also opened a Pandora's box of security vulnerabilities. Among the myriad threats, **hidden web interfaces** stand out as a particularly insidious and often overlooked problem. These undocumented and untraceable access points provide undisclosed backdoors for attackers, potentially leading to severe security incidents without any clear indication of their existence or purpose to legitimate users or administrators. Traditional vulnerability discovery methods often fall short in identifying these interfaces due to their clandestine nature, lacking clear patterns for static analysis or discernible feedback for dynamic testing.
AI review
Solid academic research with a clear novel contribution: framing hidden IoT web interface discovery as a routing analysis problem rather than a fuzzing-everything-and-hoping problem. The numbers are credible and the comparison against IoT-Scope is honest — 79 vs. 3 interfaces found is a meaningful delta, not a cherry-picked benchmark. Not a paradigm-shifter, but this is real work done by people who clearly went into the firmware.