How to collaborate

Applications for FALL 2025 ARE OPEN.


We are excited to announce the list of collaboration opportunities in our Mon(IoT)r IoT lab. These can be interesting opportunities to get exposed to cutting-edge IoT technologies and understand how they work.

CO-OP POSITION AVAILABLE: In addition to the projects below, in Spring 2026 we have an open undergraduate Research Engineer co-op position, reserved for Boston-based Northeastern University undergraduate students.
For information on this co-op position and how to apply, please click here. Note that applications for this co-op will open on October 15, 2025.

For other projects, please read the instructions below.

If you are interested in any of these projects, you are a current active undergraduate or graduate student at Northeastern University, and you satisfy the prerequisites for the project you are interested in, please send an email to moniotr@ccs.neu.edu with subject “Fall 2025 Mon(IoT)r Lab collaboration” and a recent resume attached (with GPA), specifying the following:

  • What project you are interested in, specifying (a) why you are interested in that particular project, (b) why you are a fit for that project, (c) how you plan to use your existing experience to contribute to that project, (d) how collaborating to the project aligns with your career goals. If you are interested in more than one project, please rank them starting from the one you are interested the most.
  • The preferred start date and end date for the collaboration, and the total number of average hours you plan to spend per week on this project;
  • Your expected course load for the semester (list of classes and credits);
  • Any other time commitments you have during the semester, for example TA, RA, a co-op, side jobs, on campus / off campus activities, both paid and unpaid;
  • Your availability for a volunteer (unpaid) position. Note that we do not currently have any available paid or for-credits positions (except for the Spring 2026 co-op above);
  • The Northeastern University campus location you are based on and the possibility or preference to work on site in Boston, remotely, or both.

Please note that, in general, we have a preference for projects that are on-site, that last a whole semester (15 weeks), and for a minimum of 10 hours per week.

We will start reviewing applications for Fall 2025 on September 2 and will be back to you by September 12, so please be patient if you do not hear back by then. Also, for some projects, we may give you a take-home exercise related to the project before starting working with us.

If you are interested in applying for a later term (e.g., Spring 2026), we cannot guarantee that this list of projects will still be valid. Therefore, we suggest waiting for the projects to be updated before applying, which typically happens within two weeks after the Spring or Fall semester starts. We are not currently offering summer projects.

Fall 2025 projects

Project 1. IoT Analysis From Network Traffic Using SPHERE

Internet of Things (IoT) devices are increasingly found in homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells. Along with their benefits come potential risks, since these devices can communicate information (audio recordings, video recordings, television viewing habits) about their users to other parties over the Internet. However, understanding these risks is difficult due to heterogeneity in devices’ online behaviors. For example, smart speakers responding to voice commands send very different network traffic than a smart power plug that is activated via a companion app.

The goal of this project is to measure what IoT devices are doing, simply based on the network traffic they generate. For example, we would like to know if a smart speaker is recording audio from users when it should not, and we can automatically infer this if we have a good model and analysis of what normal, expected recording behavior looks like.

This project will have several outcomes, including published source code and data, published research papers in academic venues, and press articles about our findings through our journalist partners.

In the Fall 2025 semester, this project will focus on reproducing the results we obtained in one of our previous papers using the SPHERE IoT testbed (the SPHERE IoT testbed allows remote interaction with more than 100 IoT devices). Particular emphasis will be given in evaluating the usefulness of the SPHERE IoT testbed as a research tool.

This research can be performed on site and/or remotely.

Prerequisites:

  1. Familiarity with the most important Internet and networking protocols and measurement tools (e.g., TLS, DNS, Wireshark/tshark, port scanning)
  2. Extensive programming experience (python recommended)
  3. Strong interest in cybersecurity, privacy, and IoT.

Project 2: Privacy and Safety Risks in Modern Voice Assistants

Voice assistants are increasingly integrated into smart home environments, with many platforms transitioning from traditional command-based systems to interfaces powered by large language models (LLMs) such as Google Gemini and Alexa+. These systems may infer sensitive user attributes (such as education level and interests) from interactions and store them as internal profiling labels. While some of these labels are disclosed through privacy dashboards or data access requests, others may remain hidden from the user. Maintaining undisclosed user attributes raises serious transparency concerns and may violate data protection regulations.
This project aims to evaluate the extent to which voice assistants (both LLM-based and traditional) engage in undisclosed profiling, how these profiles influence voice assistant behavior, and whether unauthorized users (e.g., guests or attackers) can extract private information from the assistant through specially crafted voice interactions (indirect probing). It will also explore whether LLM-based assistants can be coerced into issuing risky or unintended commands to IoT devices, including through prompt injection or indirect manipulation.

This research can be performed on site and/or remotely.

Prerequisites:

  1. Familiarity with the most common Voice Assistants (Alexa/Alexa+, Google Assistant/Gemini, Siri).
  2. Extensive programming experience (bash and python) for automating repetitive tasks.
  3. In case of remote option: ability to access all the voice assistants.

Project 3: Comparing ACR Platforms in Smart TVs

Smart TVs are among the most widely deployed consumer IoT devices. To access streaming services, software updates, or smart home integrations, users typically connect them to the Internet. Many of these devices include Automatic Content Recognition (ACR) technologies, i.e., systems embedded by third-party providers (e.g., Alphonso, Samba TV, Inscape) that monitor what is displayed on the screen, regardless of the input source (e.g., HDMI, antenna, cast).
Previous research and press articles have shown that ACR systems are widespread and collect detailed viewing data, but comprehensive comparisons across the major ACR platforms have not been performed yet. Moreover, some apps may have licenses that limit ACR behavior.
The goal of this project is to provide a comparative analysis of ACR platforms integrated into smart TVs, assessing their privacy risks, user control mechanisms to disable or limit them, changes in ACR behavior when running certain apps, and profiling implications (e.g., profiling data sharing with the TV vendor).

This research can be performed on site and/or remotely.

Prerequisites:

  1. Familiarity with the most important Internet and networking protocols and measurement tools (e.g., TLS, DNS, Wireshark/tshark).
  2. Extensive programming experience (python recommended)
  3. Willing to learn tools for splitting, merging, and playing audio/video files.