Research Focus

Expanding the transparency and control of IoT devices by examining the state of security and privacy within Internet-of-Things (IoT) ecosystems.

  • Developing novel attack vectors for IoT
  • Identifying systemic design failures in IoT
  • Examining means for better transparency in IoT
  • Leveraging IoT for security education

Publications

  • OConnor, Carl Mann, Tiffanie Petersen, Isaiah Thomas and Chris Stricklan. Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course.  In Innovation and Technology in Computer Science Education (ITiCSE), Dublin, Ireland, July 2022. ACM.

  • TJ OConnor. HELO DarkSide: Breaking free from katas and embracing the adversarial mindset in cybersecurity education. In Special Interest Group on Computer Science Education (SIGCSE), Providence, RI, March 2022. ACM. [bib] [pdf]

  • Ahmed Alhazmi, Ghassen Kilani, William Allen, and TJ OConnor. A replication Study for IoT Privacy Preferences. IEEE Conference on Omni-Layer Intelligent Systems (COINS). August 2021 [bib] [pdf]
  • TJ OConnor, Dylan Jesse, and Daniel Camps. Through the Spyglass: Toward IoT Companion App Man-in-the-Middle Attacks. USENIX Cyber Security Experimentation and Test Workshop (CSET). August 2021.  [bib] [pdf]
  • Daniel Campos, TJ OConnor. Towards Labeling On-Demand IoT Traffic. USENIX Cyber Security Experimentation and Test Workshop (CSET). August 2021. [bib] [pdf]
  • TJ OConnor, Chris Stricklan. Teaching a Hands-On Mobile and Wireless Cybersecurity Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021.  [bib] [pdf]
  • Chris Stricklan, TJ OConnor. Towards Binary Diversified Challenges For A Hands-On Reverse Engineering Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021. [bib] [pdf]
  • Blake Janes, Heather Crawford, and TJ OConnor. Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices. IEEE Security and Privacy SafeThings Workshop. May, 2020. [bib] [pdf] (Also received Bug Bounty From Google)
  • TJ OConnor, William Enck, and Bradley Reaves. Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). May, 2019. [bib] [pdf](Best Paper WiSec, 2019)

Datasets

  • Labeled Traffic Dataset from Towards Labeling On-Demand IoT Traffic is available now. [Github Link]
    • Please cite the dataset using: [bib] [pdf]
  • Attacks presented in Through the Spyglass: Toward IoT Companion App MiTM Attacks  [Github Link]
    • Please cite the dataset using: [bib] [pdf]

Awards

  • Office of Naval Research: Educational Approaches and Curriculum to Engage and Educate a More Diverse Cybersecurity Workforce $746,929.
  • Office of Naval Research: Multidisciplinary Approach to Internet-of-Things (IoT) Cybersecurity Research $249,946.

Media & Interviews

  • Brevard Business News Story about Dr. OConnor's leadership of the US Cyber Games [Link]
  • Florida Tech Article about our work bringing cybersecurity education to K-12 [Link]
  • Congressional Record Congratulating FITSEC's win at National Cyber League Team Tournament [Link]
  • Florida Tech Article about FITSEC Win at National Cyber League Team Tournament [Link]
  • Scythe Post about Risk of Supply Chain From IoT Devices (Dr. OConnor) [Link]
  • Florida Tech Article about IoT Companion App Vulnerabilities [Link]
  • Washington Post Article about US Cyber Games (Dr. OConnor) [Link]
  • Capitol.Com Article about Cybersecurity Summit (Dr. OConnor) [Link]
  • Dr. OConnor named as US Cyber Games Head Coach [Link]
  • WESH Interview about the cyber attack on Carnival Cruise (Dr. OConnor) [Link]
  • CybserScoop Interview about Amazon Sidewalk [Link]
  • Fox35 Interview about the DarkSide Ransomware attack on Colonial Pipeline (Dr. OConnor) [Link]
  • Fox35 Interview about Water Treatment Plant Compromise (Dr. OConnor) [Link]
  • Fox35 (Second) Interview about Water Treatment Plant Compromise (Dr. OConnor) [Link]
  • Washington Post Story about IoT S&P Lab [Link]
  • Florida Today Story about IoT S&P Lab [Link]
  • Interview with REFirm Labs about Camera Backdoor Discovery (Dr. OConnor) [Link]
  • ITSP Magazine Podcast about our IoT S&P Lab (Dr. OConnor & Dan Campos) [Link]
  • DeviceSecurityIO Interview abouat the state of IoT Security (Dr. OConnor) [Link]
  • Florida Tech Story about IoT S&P Lab and FITSec Team (Josh Connolly & Dr. OConnor) [Link]

Vulnerability Disclosures

  • CVE-2021-33559 : Kangaroo Privacy Camera (Unauthenticated remote access)
  • CVE-2021-31793 : NightOwl Doorbell Camera Vulnerability (WDB-20-V2 WDB-20-V2_20190314)
  • CVE-2020-28713 : NightOwl Smart Doorbell Vulnerability (Firmware Version 20190505)
  • CVE-2020-28998 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-28999 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-29000 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-29001 : Geeni (Multiple Devices, Firmware versions 2.7.2, 2.9.5, 2.96)

News

2002

  • We are excited our paper, "Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course" was accepted by ITiCSE 2022.
  • We recenty presented our paper, "HELO DarkSide: Breaking free from katas and embracing the adversarial mindset in cybersecurity education" at ACM SIGCSE. [bib] [pdf]
  • Brevard Business News published a story about Dr. OConnor's leadership of the US Cyber Games  [Link]

2021

  • Florida Tech's Cybersecurity Team, advised by Dr. OConnor, won the Fall 2021 National Cyber League Team Tournament [News Story] [NCL Power Rankings]
  • Florida Tech published a press release about our work discovering vulnerabilities in IoT Companion Applications [Press Release] [cset2021oconnor]
  • Dr. OConnor was recently named to lead the US Cyber Games to compete in the International Cyber Competition in Athens, Greece. 
  • The Florida Tech IoT S&P Lab was featured in the Florida Tech Spring 2021 magazine. [FloridaTech-Spr21.pdf]
  • The Office of Naval Researched has awarded funding Florida Tech and the IoT Security and Privacy Lab to investigate Educational Approaches and Curriculum to Engage and Educate a More Diverse Cybersecurity Workforce for $746,929.
  • Dr. OConnor was recently interviewed on Fox35 about the DarkSide Ransomware that attack Colonial Pipeline. 
  • We recently reported and were assigned two new CVEs (CVE-2021-31793, CVE-2020-28713) in The Night OWL Doorbell sold at Walmart. 
  • Excited our students placed #3 in the university team division at the National Cyber League and were ranked the #4 program in the National Cyber League Spring 21 Power Rankings.
  • Florida Tech recently published a news story about the success of our FITSec Cybersecurity Team and our IoT S&P Lab.
  • Our recent vulnerability disclosures were reported in the Washington Post and Florida Today. Read the technical details at our blog post on REFirm Labs
  • We recently reported and were assigned 4 CVEs in security cameras and doorbells. See our Geeni Vulnerability Disclosures for more information. The assigned vulnerabilities including   

2020

  • Congratulations to Josh Connolly and Blake Janes, who lead our FITSec Team to be ranked #21/300 for the Fall 2020 National Cyber League Tournament. 
  • The Office of Naval Research has awarded funding for the Florida Tech and the IoT Security and Privacy Lab for Multidisciplinary Approach to Internet-of-Things (IoT) Cybersecurity Research for $249,946.
  • Congratulations to Josh Connolly, who lead our FITSec Team, to a 7th Place Finish at the Spring 2020 National Cyber League Tournament. 
  • Congratulations to Blake Janes for being awarded a $3,133.70 bug bounty from Google! 
  • We are happy to that we partnered with the ReFirm Labs CyberSecurity Education Program, which granted access to the ReFirms Binwalk Enterprise Platform to our students. 
  • We are happy to announce that we partnered with the CloudShark Education Program, which granted access to the CloudShark Platform to our students.