Computer Laboratory

[Kieron] Ivy Turk

Recent Highlights

• I will be giving a series of talks in Germany over the coming weeks. I will be at Paderborn University on the 8th of January, Hannover on the 9th, and Erlangen on the 19th and staying until the 23rd. I will also be staying in Bochum for the week commencing 12 Jan, and am happy to meet with friends and researchers at any stop on this trip.
• I recently presented our IoT tech-abuse paper at SOUPS 2025!
• Our WIP paper on the SecureWhispers application is available on ArXiv!

About me

I am a final year PhD student at the University of Cambridge whose research explores interpersonal harms with a focus on technology-facilitated domestic abuse. My prior works explore both safety tools for survivors of abuse, and improving detection and prevention mechanisms for ongoing abuse. My present research explores safety-by-design from the perspective of "abusability", expanding on threat modelling methodologies to proactively identify and prevent misuse of technical systems before deployment.

I have nearly completed my PhD at the Department of Computer Science and Technology at the University of Cambridge studying interactions between technology and domestic abuse, supervised by Alice Hutchings. I am part of the Cambridge Cybercrime Centre.

I completed my MEng and BA at the University of Cambridge. My MEng dissertation is Locked Into Stupidity: A Smart Lock Security Analysis - a vulnerability analysis of a pair of smart locks, resulting in 4 attacks on a Wifi-based lock and 8 attacks on a BLE lock. My BA project was Pinpoint: A Web Application Vulnerability Scanner which can detect XSS, command and code injection, path traversal, and Shellshock vulnerabilities in websites.

I'm non-binary (genderfluid) and use either name and they/she pronouns. Voice, appearance, and other gender-y things subject to change.

Peer-Reviewed Publications

K.I. Turk, A. Hutchings, Spy-oT: Understanding How Users Discover Malicious Uses of Internet of Things Devices in Domestic Abuse Scenarios, In Proceedings of the Twenty First Symposium on Usable Privacy and Security (SOUPS 2025) 2025.[USENIX]

K. Beadle, K.I. Turk, A. Eusebi, M. Tran, M. Ordekian, E. Mariconti, Y. Zhou, M. Vasek, SoK: A Privacy Framework for Security Research Using Social Media Data, In 2025 IEEE Symposium on Security and Privacy (S&P), 2025. [IEEE] [UCL Repository]

K.I. Turk, A. Talas, A. Hutchings, Threat Me Right: A Human HARMS Threat Model for Technical Systems, To appear at Security Protocols Workshop XXIX, 2025. [ArXiv]

C. Geeng, N. Chen, K.I. Turk, J. Hutson, D. McCoy, "Say I'm in public...I don't want my nudes to pop up." User Threat Models for Using Vault Applications, In Twentieth Symposium on Usable Privacy and Security (SOUPS 2024), pages 433–451, Philadelphia, PA, August 2024. USENIX Association. [USENIX].

K.I. Turk, A. Hutchings, "Stop Following Me! Evaluating the Effectiveness of Anti-Stalking Features of Personal Item Tracking Devices", In The 2024 European Symposium on Usable Security (EuroUSEC 2024), page 21, 202. [ACM] and [ArXiv] / [open access here].

K.I. Turk, A. Hutchings, A. Beresford, "Can’t Keep Them Away: The failures of anti-stalking protocols in personal item tracking devices" In: F. Stajano, V. Matyas, B. Christianson, J. Anderson (ed) Security Protocols XXVIII. Security Protocols 2023. Lecture Notes in Computer Science, vol 14186. Springer, Cham. [Paper available here] ; [Transcript of discussion available here].

K.I. Turk, A. Hutchings, "Click Here to Exit: An Evaluation of Quick Exit Buttons." In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI ’23), April 23–28, 2023, Hamburg, Germany. ACM, New York, NY, USA, 15 pages. [Available here]

K. Turk, S. Pastrana, and B. Collier, "A tight scrape: methodological approaches to collecting research data on cybercrime communities in adversarial environments," in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 428–437, 2020. [Available here]

Other Publications

V. Khandkar, K.I. Turk, E. Toreini, N. Sastry, "Supporting Socially Constrained Private Communications with SecureWhispers" [ArXiv] Preprint, 2025.

P. Doerfler, K.I. Turk, C. Geeng, D. McCoy, J. Ackerman, M. Dragiewicz, "Privacy or Transparency? Negotiated Smartphone Access as a Signifier of Trust in Romantic Relationships" [ArXiv] Preprint, 2024.

Academic

AP4L Research Fellow at the University of Surrey, March 2025 - September 2025.

PhD Student 2021-2026 at the University of Cambridge. Thesis title: Targeted Tactics Against Tech-Abuse: Interactions Between Technology and Domestic Abuse

Intern with Damon McCoy from May 1st 2023 - July 21st 2023 at New York University.

MEng (Hons with Distinction, 2020-2021) + BA (1st with Hons, 2017-2020) Computer Science from University of Cambridge.

• [MEng Certificate] // [BA Certificate] // [Combined Transcript]
• [MEng Dissertation]: Locked into Stupidity: A Smartlock Security Analysis
• [BA Dissertation]: PinPoint: A Web Application Vulnerability Scanner

Industry

Security Intern at Entrust / nCipher from June to September 2021.

Computer Scientist at Netcraft from June 2020 to September 2020.

Software Developer Intern at the Cambridge Cybercrime Center from June 2019 to August 2019.

Teaching and Supervisions

*I only supervised theses in 2024 while focusing on my PhD thesis writeup, and will graduate from Cambridge in February 2026 and am no longer supervising any undergraduate courses as of the end of 2025.

Undergraduate/Master's Theses

A. Hassanali, A. Talas, K.I. Turk, "Mind the App: Detecting Dual-Use Android Applications", Undergraduate Dissertation, 2026.

A. Khan, A. Talas, K.I. Turk, "Behind Closed Tabs: A Secure Chrome Extension for Domestic Abuse Victims", Undergraduate Dissertation, 2025.

M. Benatallah, A. Talas, K.I. Turk, "Decoding the Keys to Success: Reverse Engineering Pin Tumbler Lock Keys From Images", Undergraduate Dissertation, 2025.

S. Braid, K.I. Turk, "Designing Dual-Use Applications to Prevent Abuse", Undergraduate Dissertation, 2024.

S. Leigh, K.I. Turk, "Implementing Access Control Mechanisms for IoT Devices for Use in Adversarial Households", Undergraduate Dissertation, 2024.

O. Shapcott, R. Clayton, K.I. Turk, "Classifying Internet of Things Malware using Software Metrics and Measures", MPhil Dissertation, 2023.

D. Foldi, K.I. Turk, "Identifying Misconfiguration Vulnerabilities in Web Services", Undergraduate Dissertation, 2023.

S. Mathetharan, K.I. Turk, "Inferring Firewall Policies using Smart Probing", Undergraduate Dissertation, 2023.

Societies etc.

I was on the committee of the CU Cyber Security Society (Cybersoc) for 2021-2024 and have presented on Web Hacking, Intro to CTF, and physical security workshops.

I was president of the Wolfson Pole and Aerial Sports Society for 2022-2024 after being vice-president for 2021-2022.

I was Wolfson Student co-Bar Manager from January 2024 until February 2025.

I managed the Security Seminar Series for seminars from January 2022 – April 23.

I managed the LGBTQ+@CL webpages from February 2022.

Hobbies etc.

I know too much about locks and lockpicking, and can pick about 12 different types of lock. I'm currently working on cracking the ATM safes in the security corridor for fun.

I play acoustic and electric guitar, lute, bass, ukulele, mandolin, banjo and tenor banjo, and used to play piano/keyboard.

I speak Spanish (DELE B2) and some Russian (CEFR A2 ish). I will be learning German throughout 2026.

I solve Rubik's cubes and similar puzzles pretty fast, and used to compete in speedcubing competitions.

I have two black belts (2nd dan Taekwondo, 1st dan Krav Maga), and sometimes train in these two styles as well as training with weapons like sais, tonfa, bo staff, and butterfly swords.