Cyber security

Setting out to sink the internet’s digital ghost ships

Researchers at DTU have set out to create novel tools to identify internet-of-things gadgets that leave the door open to hacker attacks. Knowing where these devices are and making them secure is a powerful weapon in the fight against attackers.

Router står på et bord, en mand står i baggrunden med en mobiltelefon i hånden.

To watch this info-graphic, we need your consent to use cookies.

You do this by clicking the blue button below and then selecting "Accept all".

It’s not just in people’s homes that gadgets with poorly maintained security features pose a problem. In fact, the stakes are often much higher for businesses and organizations that use and rely on smart devices if an intruder gets through and creates havoc.

Emmanouil Vasilomanolakis points out that the healthcare industry is a good example: “Hospitals use more and more devices that need internet connectivity. If these devices are hacked and stop functioning, we may have a life and death situation.”

He explains that even cheap devices such as surveillance cameras for your home that can’t do much can be powerful tools for hackers – especially if they gain access to a large number of devices at the same time and use them to stage an attack on another target:

“If you can access only one device, it’s not a very powerful attack. But of course, if you can use one million devices, that creates a serious security threat.”

Such attacks can be used to e.g., force authorities’ websites offline, as was seen when Chinese hackers  managed to temporarily force Taiwanese government websites offline during the visit of US speaker of the House of Representatives, Nancy Pelosi, to Taiwan in August. Hackers can also use it to cause significant disruption to commercial sites, effectively blocking actual customers from purchasing goods for periods of time.

A more finely meshed safety net

Commercial services are already available that allow users to scan the internet and identify internet-connected devices. Emmanouil Vasilomanolakis aims to create a much more finely meshed safety net that scans and detects only actual digital ghost ships while omitting properly maintained gadgets.

The system will also be trained to avoid so-called honeypots and other false positives. A honeypot is a detection system that developers create to attract attackers to a secure system to study their behaviour.

The researchers will investigate novel ways of creating network signatures of digital ghost ships. A network signature is a footprint that has been left following unauthorized access. The aim is to enrich these signatures with device fingerprinting capabilities. Collecting such fingerprints provides information about the software and hardware of the device in question, making it easier to identify its type.

DTU will collaborate with the University of Cambridge for this part of the project.


Forecasts have estimated that by the end of 2022, there would be approx. 14.4 billion internet-connected devices globally. According to projections, that number will grow to approximately 27 billion by 2025 as the supply shortage of, e.g., chips eases and growth in sales accelerates.

Source: IoT Analytics

Humans – the weakest link

An essential component in creating the best method for detecting digital ghost ships is getting inside the minds of those who use smart devices to understand how they use them.

“People in cyber security have said for years that it’s one thing that we can improve the technology and keep updating devices and create more secure software and devices. But on the other hand, you have the humans themselves, and many experts would agree that humans are usually the weakest link,” Emmanouil Vasilomanolakis says.

Therefore, an important project partner is the University of Colorado, where researchers have extensive expertise in cyber security psychology. Research in this field aims to understand the usual pitfalls that both administrators and ordinary people fall into when dealing with smart devices.

“The more we understand about how humans think and behave, the more we can see how we as researchers can find solutions that are easier for ordinary people to use instead of creating very technical things that work theoretically but practically don’t make much sense,” Emmanouil Vasilomanolakis explains.

Take the example of an influential YouTuber with millions of followers. “If we find a tutorial for a device they have posted where they say: ‘Just set up the device with this password and change it later’ – it would be interesting to find out whether there are actually millions of devices set up with such a password,” he says.


Despite the proliferation of internet-connected devices, many people are unaware of the risks associated with using them. A 2017 survey of 2,000 UK-based consumers conducted by tech firm Canonical revealed that 48%  did not know that hackers might be able to hijack their internet-connected devices–potentially to launch wide-scale attacks on other targets.

The EU Commission has proposed a Cyber Resilience Act, which among other things, will require that such internet-connected devices meet certain cybersecurity standards or risk being banned from the European market.

Making the method widely available

Once the method is developed, it will be freely available for all to use. Obvious users are internet service providers who can alert customers to the presence of digital ghost ships within their networks.
In fact, Danish internet service provider Telenor is a project partner. The company will run tests to ensure that the method can actually do what it is set up to do in a real-life setting.

“The digital ghost ship project can potentially enable Telenor to detect which customers are at increased risk of becoming victims of cyber security threats. Telenor can use this knowledge to contact and warn those customers about the possible threat,” says Martin Fejrskov Andersen, Solution Architect with Telenor Denmark.

“As Telenor’s customer base consists of both consumers, businesses and public authorities, the results of the project could improve not only the security of individuals, but also society as a whole.”

The three-year project has received DKK 2.8 million in funding from the Independent Research Fund Denmark.

Top tips

  1. Is your smart device connected to the Internet? Consider whether it needs to be and if so, take the necessary precautions to keep it safe by following the tips below.
  2. Does the device require a password for you to connect to or manage it? If so, make sure it is a strong password. There are sites to check its strength, e.g.,
  3. Do you use the same password elsewhere? Then make sure you have unique passwords for different devices. Password ‘recycling’ is not a good idea and should be avoided.
  4. Does the manufacturer of the device provide security updates? If so, make sure you enable the auto-update option if there is one—or schedule security checks and updates.