From research to real-world impact – Benjamin wants to make the internet safer

Most of us rarely think about how much of our daily lives depend on secure systems and up-to-date software. But behind the scenes, researchers are working to understand how security flaws arise – and how to fix them before anyone has the chance to take advantage of them.

At the Department of Computer Science and Engineering at Chalmers and the University of Gothenburg, Benjamin Lundblad conducts research within the Information Security Unit. His work focuses on developing methods that can automatically detect security vulnerabilities and thereby contribute to a safer digital society.

Benjamin’s interest in cybersecurity extends beyond his professional work. He founded the non-profit website Säkerhetsnätet (“The Security Net”), which helps identify Swedish websites with security flaws and spreads knowledge about how these can be fixed.

Tools that think like a hacker

Benjamin describes his work as building tools that think like a hacker but with good intentions. His research group develops so-called dynamic testing methods, which allow computers to explore a website much like a human user would: clicking around, filling in forms, and trying different paths.

“We try to imitate a penetration tester, that is, an ethical hacker. Our tools test what happens if you type code where you are only supposed to write text. If the page is vulnerable, the code might be executed instead of merely displayed,” he explains.

The aim is to find vulnerabilities before someone else does. However, teaching systems to understand how humans interact with websites is difficult; what is obvious to us is often unclear to a machine.

Swedish websites under scrutiny

Benjamin explains that in one project they identified and analysed more than 1,800 hacked Swedish websites to look for patterns and understand how different attacks are connected and what they do. Although the research mainly focuses on new methods that are not yet in use, it is clear that most current attacks could have been avoided.

“Most breaches happen through well-known issues such as weak or outdated passwords or systems that have not been updated regularly. It is not the most sophisticated attacks that cause the greatest problems, but the simpler ones,” Benjamin says.

He emphasises that even seemingly insignificant websites can play a role. A hacked Swedish blog, for instance, can be used as a springboard for phishing emails or as part of larger coordinated attacks.

“Website attacks may not affect daily life or individual users directly, but they create security holes in society. We also research browser extensions – popular add-ons can be bought and then modified to include malicious code. It is difficult for users to notice when ownership or content changes,” says Benjamin.

Financial incentives and political motives

Most detected attacks are financially motivated, for example to redirect visitors to advertising or gambling sites. However, there are also political motives, where Swedish domains are hijacked to spread disinformation.

In some cases, access to hacked websites is sold for small sums on various online forums. Such a site can then be used by someone else, perhaps for more serious purposes.

“It is hard to know who buys that access. In the worst case, a state actor might use it to spread fake news or prepare technical attacks,” says Benjamin.

Another type of attack that directly targets users is phishing. These are deceptive emails that appear to come from a bank or a colleague, designed to make the recipient act quickly – to click, log in or provide information. The best protection is to pause, read carefully and double-check rather than act immediately.

“One should be a little less helpful online and more helpful in real life,” Benjamin says with a smile.

After a data breach, the risk of targeted phishing increases, so it is important for users to stay alert.

“The biggest immediate danger is leaked passwords – they are often tested on other services. The next step is spear phishing, which involves personalised emails where attackers use information about organisations or colleagues to deceive the recipient. AI can also be used to write convincing fake messages,” Benjamin explains.

When research meets society

Benjamin Lundblad and his colleagues collaborate with both companies and public authorities through initiatives such as Cybercampus Sweden and CyberSecIT, part of the WASP research programme. These initiatives bring together academia and industry to share knowledge and strengthen the resilience of society’s digital systems.

Their research helps companies detect and close security holes more quickly, while students gain insight into a field that is becoming increasingly important for society.

“We want our results to make a difference. Ultimately, it is about creating safer systems and thereby a safer digital society,” says Benjamin. He adds that much of the research in IT security is aimed at developers, but that users benefit indirectly when the systems they use become more secure.

A future with higher demands and new opportunities

With new legislation such as the EU’s Cyber Resilience Act and the NIS Directive, security requirements are being raised across Europe. For Benjamin, this is a welcome development. At the same time, he believes the biggest gap is not in knowledge but in getting solutions implemented in practice.

“We often know how to solve the problems. The challenge is getting the methods applied in real systems.”

How to make the internet a bit safer: Benjamin’s five best tips

• Have unique passwords for every service – this is the single most important protection.

• Use a password manager to create and store strong passwords for you.

• Always update your software as soon as possible – many attacks exploit known vulnerabilities that have already been fixed.

• Be sceptical of urgent emails – stress and panic are common tricks in scams.

• Verify important messages through another channel – if the “boss” emails you, call to confirm.