MENU
Florida Tech Panther Cybersecurity Logo

IoT Security and Privacy Lab

Research Focus

Expanding the transparency and control of IoT devices by examining the state of security and privacy within Internet-of-Things (IoT) ecosystems.

  • Developing novel attack vectors for IoT
  • Identifying systemic design failures in IoT
  • Examining means for better transparency in IoT
  • Leveraging IoT for security education

Publications

  • TJ OConnor, Dylan Jessee and Daniel Campos. Towards Examining The Security Cost of Inexpensive Smart Home IoT Devices. IEEE International Workshop on Consumer Devices, Systems, and Services (CDS 2023), Torino, Italy, June 2023.

  • Stian Olsen and TJ OConnor. Toward a Labeled Dataset of IoT Malware Features. IEEE Computers, Software, and Applications Conference (COMPSAC 2023), Torino, Italy, June 2023.

  • TJ OConnor, Dane Brown, Jasmine Jackson, Suzaan Schmeelk, Bryson Payne. Compete to Learn: Toward Cybersecurity As A Sport. In The Journal of Cybersecurity Education Research and Practice (JCERP), Kennesaw, GA, June 2023 [bib] [pdf]
  • Parth Ganeriwala, Anubhav Gupta, Daniel Campos, Siddhartha Bhattacharyya, TJ OConnor, Adolf Dcosta,  Modeling Internet-of-Things (IoT) Behavior for Enforcing Security and Privacy Policies. In Computing Conference 2023, London, UK, June 2023. [pdf]
  • Ahmed Alhazm, Khulud Alawaji, and TJ OConnor. MPO: MQTT-Based Privacy Orchestrator for Smart Home Users. In Computers, Software, and Applications Conference (COMPSAC), Virtual Event, July 2022. IEEE. [bib] [pdf]

  • TJ OConnor, Carl Mann, Tiffanie Petersen, Isaiah Thomas and Chris Stricklan. Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course.  In Innovation and Technology in Computer Science Education (ITiCSE), Dublin, Ireland, July 2022. ACM. [bib] [pdf]

  • TJ OConnor. HELO DarkSide: Breaking free from katas and embracing the adversarial mindset in cybersecurity education. In Special Interest Group on Computer Science Education (SIGCSE), Providence, RI, March 2022. ACM. [bib] [pdf]

  • Ahmed Alhazmi, Ghassen Kilani, William Allen, and TJ OConnor. A replication Study for IoT Privacy Preferences. IEEE Conference on Omni-Layer Intelligent Systems (COINS). August 2021 [bib] [pdf]
  • TJ OConnor, Dylan Jesse, and Daniel Camps. Through the Spyglass: Toward IoT Companion App Man-in-the-Middle Attacks. USENIX Cyber Security Experimentation and Test Workshop (CSET). August 2021.  [bib] [pdf]
  • Daniel Campos, TJ OConnor. Towards Labeling On-Demand IoT Traffic. USENIX Cyber Security Experimentation and Test Workshop (CSET). August 2021. [bib] [pdf]
  • TJ OConnor, Chris Stricklan. Teaching a Hands-On Mobile and Wireless Cybersecurity Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021.  [bib] [pdf]
  • Chris Stricklan, TJ OConnor. Towards Binary Diversified Challenges For A Hands-On Reverse Engineering Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021. [bib] [pdf]
  • Blake Janes, Heather Crawford, and TJ OConnor. Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices. IEEE Security and Privacy SafeThings Workshop. May, 2020. [bib] [pdf] (Also received Bug Bounty From Google)
  • TJ OConnor, William Enck, and Bradley Reaves. Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). May, 2019. [bib] [pdf](Best Paper WiSec, 2019)

Datasets

  • Labeled Dataset of IoT Traffic from Towards Labeling On-Demand IoT Traffic is available now. [Github Link]
    • Please cite the dataset using: [bib] [pdf]
  • Attacks presented in Through the Spyglass: Toward IoT Companion App MiTM Attacks  [Github Link]
    • Please cite the dataset using: [bib] [pdf]
  • Labeled Dataset of IoT Malware from Toward a Labeled Dataset of IoT Malware Features  [Github Link]

Awards

  • Office of Naval Research: Educational Approaches and Curriculum to Engage and Educate a More Diverse Cybersecurity Workforce $746,929.
  • Office of Naval Research: Multidisciplinary Approach to Internet-of-Things (IoT) Cybersecurity Research $249,946.

Media & Interviews

  • CSO published a story about Reducing the Risk of DNS Tunneling and quoted Dr. OConnor [Link]
  • Florida Weekly published a story about the impact of security on IoT devices in the future [Link]
  • Space Coast Daily published a story about the FITSEC first place finish at the 2022 Fall NCL Game. [Link]
  • Space Coast Daily published a story about Chandler Hake, who is in the Cyber Ops Concentration. [Link]
  • Space Coast Daily published a story about the FITSEC second place finish at the 2022 Spring NCL Game. [Link]
  • Brevard Business News Story about Dr. OConnor's leadership of the US Cyber Games [Link]
  • Florida Tech Article about our work bringing cybersecurity education to K-12 [Link]
  • Congressional Record Congratulating FITSEC's win at National Cyber League Team Tournament [Link]
  • Florida Tech Article about FITSEC Win at National Cyber League Team Tournament [Link]
  • Scythe Post about Risk of Supply Chain From IoT Devices (Dr. OConnor) [Link]
  • Florida Tech Article about IoT Companion App Vulnerabilities [Link]
  • Washington Post Article about US Cyber Games (Dr. OConnor) [Link]
  • Capitol.Com Article about Cybersecurity Summit (Dr. OConnor) [Link]
  • Dr. OConnor named as US Cyber Games Head Coach [Link]
  • WESH Interview about the cyber attack on Carnival Cruise (Dr. OConnor) [Link]
  • CybserScoop Interview about Amazon Sidewalk [Link]
  • Fox35 Interview about the DarkSide Ransomware attack on Colonial Pipeline (Dr. OConnor) [Link]
  • Fox35 Interview about Water Treatment Plant Compromise (Dr. OConnor) [Link]
  • Fox35 (Second) Interview about Water Treatment Plant Compromise (Dr. OConnor) [Link]
  • Washington Post Story about IoT S&P Lab [Link]
  • Florida Today Story about IoT S&P Lab [Link]
  • Interview with REFirm Labs about Camera Backdoor Discovery (Dr. OConnor) [Link]
  • ITSP Magazine Podcast about our IoT S&P Lab (Dr. OConnor & Dan Campos) [Link]
  • DeviceSecurityIO Interview about the state of IoT Security (Dr. OConnor) [Link]
  • Florida Tech Story about IoT S&P Lab and FITSec Team (Josh Connolly & Dr. OConnor) [Link]

Vulnerability Disclosures

  • CVE-2021-33559 : Kangaroo Privacy Camera (Unauthenticated remote access)
  • CVE-2021-31793 : NightOwl Doorbell Camera Vulnerability (WDB-20-V2 WDB-20-V2_20190314)
  • CVE-2020-28713 : NightOwl Smart Doorbell Vulnerability (Firmware Version 20190505)
  • CVE-2020-28998 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-28999 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-29000 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
  • CVE-2020-29001 : Geeni (Multiple Devices, Firmware versions 2.7.2, 2.9.5, 2.96)

News

2023

2022

  • We are excited our paper, "Modeling Internet-of-Things (IoT) Behavior for Enforcing Security and Privacy Policies" by Parth Ganeriwala, Anubhav Gupta, Daniel Campos, Siddhartha Bhattacharyya, TJ OConnor, Adolf Dcosta was accepted in the Computing Conference 2023.
  • Florida Tech's Cybersecurity Team, advised by Dr. OConnor and Dr. Sudhakaran, took first at the Fall 2022 National Cyber League Team Tournament [News Story]
  • Dr. OConnor gave the keynote address at the Central Florida Cybersecurity Summit, discussing the labs research in IoT Security and Privacy.
  • Dr. OConnor presented to the Tampa Armed Forces Communications Association (Tampa, FL), discussing the labs research in IoT Security and Privacy.
  • Florida Tech's Cybersecurity Team, advised by Dr. OConnor, took second at the Spring 2022 National Cyber League Team Tournament [News Story] [NCL Power Rankings]
  • We are excited our paper, "MPO: MQTT-Based Privacy Orchestrator for Smart Home Users" was accepted  in Computers, Software, and Applications Conference (COMPSAC 2022). [bib] [pdf]
  • Ahmed Alhazmi successfully defended his dissertation, titled: Preserving Users' Privacy in IoT Systems Through Network-based Access Control. Ahmed will serve as an Assistant Professor at Umm Al-Qura University in Saudi Arabia.
  • Stian Olsen successfully defended his thesis, titled: Toward a Labeled Dataset of IoT Malware Features.
  • We are excited our paper, "Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course" was accepted by ITiCSE 2022. [bib]
  • We recently presented our paper, "HELO DarkSide: Breaking free from katas and embracing the adversarial mindset in cybersecurity education" at ACM SIGCSE. [bib] [pdf]
  • Brevard Business News published a story about Dr. OConnor's leadership of the US Cyber Games  [Link]

2021

  • Florida Tech's Cybersecurity Team, advised by Dr. OConnor, won the Fall 2021 National Cyber League Team Tournament [News Story] [NCL Power Rankings]
  • Florida Tech published a press release about our work discovering vulnerabilities in IoT Companion Applications [Press Release] [cset2021oconnor]
  • Dr. OConnor was recently named to lead the US Cyber Games to compete in the International Cyber Competition in Athens, Greece. 
  • The Florida Tech IoT S&P Lab was featured in the Florida Tech Spring 2021 magazine. [FloridaTech-Spr21.pdf]
  • The Office of Naval Researched has awarded funding Florida Tech and the IoT Security and Privacy Lab to investigate Educational Approaches and Curriculum to Engage and Educate a More Diverse Cybersecurity Workforce for $746,929.
  • Dr. OConnor was recently interviewed on Fox35 about the DarkSide Ransomware that attack Colonial Pipeline. 
  • We recently reported and were assigned two new CVEs (CVE-2021-31793, CVE-2020-28713) in The Night OWL Doorbell sold at Walmart. 
  • Excited our students placed #3 in the university team division at the National Cyber League and were ranked the #4 program in the National Cyber League Spring 21 Power Rankings.
  • Florida Tech recently published a news story about the success of our FITSec Cybersecurity Team and our IoT S&P Lab.
  • Our recent vulnerability disclosures were reported in the Washington Post and Florida Today. Read the technical details at our blog post on REFirm Labs
  • We recently reported and were assigned 4 CVEs in security cameras and doorbells. See our Geeni Vulnerability Disclosures for more information. The assigned vulnerabilities including   

2020

  • Congratulations to Josh Connolly and Blake Janes, who lead our FITSec Team to be ranked #21/300 for the Fall 2020 National Cyber League Tournament. 
  • The Office of Naval Research has awarded funding for the Florida Tech and the IoT Security and Privacy Lab for Multidisciplinary Approach to Internet-of-Things (IoT) Cybersecurity Research for $249,946.
  • Congratulations to Josh Connolly, who lead our FITSec Team, to a 7th Place Finish at the Spring 2020 National Cyber League Tournament. 
  • Congratulations to Blake Janes for being awarded a $3,133.70 bug bounty from Google! 
  • We are happy to that we partnered with the ReFirm Labs CyberSecurity Education Program, which granted access to the ReFirms Binwalk Enterprise Platform to our students. 
  • We are happy to announce that we partnered with the CloudShark Education Program, which granted access to the CloudShark Platform to our students.  
Edit Page