IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

UAlbany Research Looking for Cybersecurity Vulnerabilities

Two new labs at SUNY’s Albany campus are searching for cybersecurity vulnerabilities in open-source intelligence and IoT devices. Ten other labs are planned to open in the university’s cybersecurity college by 2025.

Benjamin Yankson, assistant professor at UAlbany's College of Emergency Preparedness, Homeland Security, and Cybersecurity, is seen with students in his robot lab at ETEC.
Benjamin Yankson, assistant professor at UAlbany's College of Emergency Preparedness, Homeland Security, and Cybersecurity, is seen with students in his robot lab at ETEC on April 12, 2023.
Photo by Patrick Dodson
Researchers at State University of New York at Albany (UAlbany) have opened two new campus labs to examine the future of social media monitoring, digital forensics ad geospatial analysis, while also taking a closer look at cybersecurity vulnerabilities in toys and household items.

The Open Source Intelligence (OSI) and Hack-IoT (Internet of Things) labs inside the university’s College of Emergency Preparedness, Homeland Security and Cybersecurity (CEHC) are now up and running, according to a recent news release. All told, 12 labs within that program will open by 2025.

“These new labs will play integral roles in our college’s growing research ecosystem,” Gary Ackerman, CEHC associate dean for research, said in a public statement. “Under their dynamic leads, we expect them not only to enhance the current capabilities of CEHC’s other labs and research centers, but to stand on their own in making valuable contributions to some of the largest challenges facing 21st-century society.”

The news release said Assistant Professor Stephen Coulthart will oversee the OSI Lab. The research involves collection and analysis of open-source intelligence (OSINT) data that is readily available from public sources, information that is often applied in criminal or civil investigations, legal disputes and threat assessment. This type of personal or sensitive information is also vulnerable to malicious intent.

“One does not need to look far to see how the explosion in open-source information is changing how we think about security,” Coulthart said in a public statement. “Look at the recent news about the Pentagon document leaks. It showed how quickly journalists using open-source searching could track down the leaker. The Russian invasion of Ukraine has illustrated the usefulness of OSINT as well. The purpose of this lab is to develop and share best practices around open-source intelligence and prepare the next generation of homeland security professionals.”

The Hack-IoT Lab, meanwhile, is focusing on personal privacy vulnerabilities in a variety of smart devices, including toys and kitchen appliances. That research is directed by Assistant Professor Benjamin Yankson, and partially inspired by a report by the International Data Corporation that estimates 41.6 billion IoT devices will exist in 2025.

In an interview with Government Technology on Monday, Yankson said his students have already begun testing Zenbo robot toys, and they’ll document any found vulnerabilities and inform the vendors of their findings. He noted that the research begins with the Zenbo robots, but it could become more extensive over time. Zenbos, much like interactive Barbies, require user registrations online, the downloading of an app, and use of home Internet service to access the toy’s functions. These playthings can become vehicles for attackers to find open ports to a household’s Internet router and the family’s personal information.

“A lot of parents aren’t aware of the actual privacy risks,” Yankson said.

Likewise, home monitoring systems with cameras and even microwave ovens configured to follow voice commands put their owner’s personal information at risk. Worse, Yankson added, imagine the possibilities that could occur when a government contractor brings their work laptop home and connects it to the same network that reminds the user that his food has finished heating up in the microwave oven.

“Ports are open, and the data may not be encrypted,” Yankson said. “The echo system can expose it to a breach. You can have a critical data breach.”
Aaron Gifford has several years of professional writing experience, primarily with daily newspapers and specialty publications in upstate New York. He attended the University at Buffalo and is based in Cazenovia, NY.