Research Focus

Expanding the transparency and control of IoT devices by examining the state of security and privacy within Internet-of-Things (IoT) ecosystems.

  • Developing novel attack vectors for IoT
  • Identifying systemic design failures in IoT
  • Examining means for better transparency in IoT
  • Leveraging IoT for security education

Publications

  • Ahmed Alhazmi, Ghassen Kilani, William Allen, and TJ OConnor. A replication Study for IoT Privacy Preferences. IEEE Conference on Omni-Layer Intelligent Systems (COINS). August 2021 [COINS20-Alhazmi.pdf]
  • TJ OConnor, Dylan Jesse, and Daniel Camps. Through the Spyglass: Toward IoT Companion App Man-in-the-Middle Attacks. USENIX Cyber Security Experimentation and Test Workshop (CSET). August 2021.  [pdf][attack dataset]
  • Daniel Campos, TJ OConnor. Towards Labeling On-Demand IoT Traffic. USENIX Cyber Security Experimentation and Test Workshop (CSET). August 2021. [CSET21-Campos][dataset]
  • TJ OConnor, Chris Stricklan. Teaching a Hands-On Mobile and Wireless Cybersecurity Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021.  [pdf]
  • Chris Stricklan, TJ OConnor. Towards Binary Diversified Challenges For A Hands-On Reverse Engineering Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021. [pdf]
  • Blake Janes, Heather Crawford, and TJ OConnor. Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices. IEEE Security and Privacy SafeThings Workshop. May, 2020. [pdf] (Also received Bug Bounty From Google)
  • TJ OConnor, William Enck, and Bradley Reaves. Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). May, 2019. [WISEC19-OConnor] (Best Paper WiSec, 2019)

Datasets

  • Labeled Traffic Dataset from Towards Labeling On-Demand IoT Traffic is available now. [Link]
  • Attacks presented in Through the Spyglass: Toward IoT Companion App MiTM Attacks  [Link]

Awards

  • Office of Naval Research: Educational Approaches and Curriculum to Engage and Educate a More Diverse Cybersecurity Workforce $746,929.
  • Office of Naval Research: Multidisciplinary Approach to Internet-of-Things (IoT) Cybersecurity Research $249,946.

Media & Interviews

  • Dr. OConnor named as US Cyber Games Head Coach [Link]
  • WESH Interview about the cyber attack on Carnival Cruise (Dr. OConnor) [Link]
  • CybserScoop Interview about Amazon Sidewalk [Link]
  • Fox35 Interview about the DarkSide Ransomware attack on Colonial Pipeline (Dr. OConnor) [Link]
  • Fox35 Interview about Water Treatment Plant Compromise (Dr. OConnor) [Link]
  • Fox35 (Second) Interview about Water Treatment Plant Compromise (Dr. OConnor) [Link]
  • Washington Post Story about IoT S&P Lab [Link]
  • Florida Today Story about IoT S&P Lab [Link]
  • Interview with REFirm Labs about Camera Backdoor Discovery (Dr. OConnor) [Link]
  • ITSP Magazine Podcast about our IoT S&P Lab (Dr. OConnor & Dan Campos) [Link]
  • DeviceSecurityIO Interview abouat the state of IoT Security (Dr. OConnor) [Link]
  • Florida Tech Story about IoT S&P Lab and FITSec Team (Josh Connolly & Dr. OConnor) [Link]

Vulnerability Disclosures

  • CVE-2021-33559 : [Responsible Disclosure Pending]
  • CVE-2021-31793 : NightOwl Doorbell Camera Vulnerability (WDB-20-V2 WDB-20-V2_20190314)
  • CVE-2020-28713 : [Responsible Disclosure Pending]
  • CVE-2020-28998 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-28999 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-29000 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-29001 : Geeni (Multiple Devices, Firmware versions 2.7.2, 2.9.5, 2.96)

News

2021

  • Dr. OConnor was recently named to lead the US Cyber Games to compete in the International Cyber Competition in Athens, Greece. 
  • The Office of Naval Researched has awarded funding Florida Tech and the IoT Security and Privacy Lab to investigate Educational Approaches and Curriculum to Engage and Educate a More Diverse Cybersecurity Workforce for $746,929.
  • Dr. OConnor was recently interviewed on Fox35 about the DarkSide Ransomware that attack Colonial Pipeline. 
  • We recently reported and were assigned two new CVEs (CVE-2021-31793, CVE-2020-28713) in The Night OWL Doorbell sold at Walmart. 
  • Excited our students placed #3 in the university team division at the National Cyber League and were ranked the #4 program in the National Cyber League Spring 21 Power Rankings.
  • Florida Tech recently published a news story about the success of our FITSec Cybersecurity Team and our IoT S&P Lab.
  • Our recent vulnerability disclosures were reported in the Washington Post and Florida Today. Read the technical details at our blog post on REFirm Labs
  • We recently reported and were assigned 4 CVEs in security cameras and doorbells. See our Geeni Vulnerability Disclosures for more information. The assigned vulnerabilities including   

2020

  • Congratulations to Josh Connolly and Blake Janes, who lead our FITSec Team to be ranked #21/300 for the Fall 2020 National Cyber League Tournament. 
  • The Office of Naval Research has awarded funding for the Florida Tech and the IoT Security and Privacy Lab for Multidisciplinary Approach to Internet-of-Things (IoT) Cybersecurity Research for $249,946.
  • Congratulations to Josh Connolly, who lead our FITSec Team, to a 7th Place Finish at the Spring 2020 National Cyber League Tournament. 
  • Congratulations to Blake Janes for being awarded a $3,133.70 bug bounty from Google! 
  • We are happy to that we partnered with the ReFirm Labs CyberSecurity Education Program, which granted access to the ReFirms Binwalk Enterprise Platform to our students. 
  • We are happy to announce that we partnered with the CloudShark Education Program, which granted access to the CloudShark Platform to our students.