[BITList] Smart meter hacking

franka franka at iinet.net.au
Mon Jan 9 13:15:17 GMT 2012 

Big brother is alive and well
frank

Smart meter hacking can disclose which TV shows and movies you watch

At the 28th Chaos Computing Congress (28c3) hacker conference in Berlin, 
Germany researchers presented a talk titled "Smart Hacking for Privacy" 
<http://www.youtube.com/28c3#p/u/54/YYe4SwQn2GE> where they looked into 
the privacy implications of "smart" electricity meters.

In Germany consumers who wish to contract with independent smart meter 
providers are able to have one installed in their home via a similar 
style of subscription you might agree to for a free cellular handset 
from a mobile phone company.

The researchers, Dario Carluccio and Stephan Brinkhaus, signed up with a 
company called Discovergy to see what type of information these meters 
collect, whether they were as secure as the company promised and what 
they might be able to determine from consumption patterns.

Discovergy's website made three promises about the security of their 
devices. The web interface to access your consumption data used HTTPS to 
ensure no one could snoop on your sessions, the data relayed back to 
Discovergy was encrypted and signed to prevent forged data and that this 
had all been confirmed by independent experts.

Hacking Discovergy slide from Smart Hacking for Privacy

These claims mysteriously vanished from their website before the 
presentation was delivered on December 30, 2011.

The Discovergy website's SSL certificate was misconfigured and presented 
them with an invalid certificate warning, then proceeded to redirect 
them to an HTTP url where the data and password were transmitted in 
clear text across the internet.

The web interface only allows customers to see the last three months of 
data, but because of the insecurity of the communications, they were 
able to demonstrate that data from the entire life of the device was in 
fact being stored on Discovergy's servers.

Since the encryption and signing of traffic was untrue, they were able 
to intercept the communications using their router and forge incorrect 
readings back to Discovergy which at one point showed their minimum 
consumption to be -106610 kWh.

The last concern they expressed was that these smart meters were 
monitoring their power usage in two second intervals. They were curious 
what type of information to could determine about someone with such fine 
grained measurements.

They tested different appliances to demonstrate the unique signatures 
their power consumption show on the two second interval graphs. This 
data could identify when the refrigerator was running, when you may be 
home or away or even sleeping.

They then looked at electrical usage of plasma, LCD and CRT televisions 
and could see differences in power consumption based on the brightness 
levels displayed for different scenes in TV shows and movies.

Identifying a movie using a smart meter

You can clearly see a discernible pattern of power usage that uniquely 
fingerprints this film. The researchers conclude that two seconds is a 
bit intrusive to privacy and unnecessary for the stated goals of the 
smart meter companies.

Nikolaus Starzacher at 28c3During the question and answer period the CEO 
of Discovergy, Nikolaus Starzacher, stood up and came onto the stage. He 
expressed his appreciation to the researchers for drawing attention to 
the problems they found and vowed to resolve them as quickly as possible.

He explained that one of the reasons for using the two second polling 
interval was to provide services like notifying you if you left the 
house with the iron or stove on by accident. He promised to make the 
data collection interval configurable in the future for more privacy 
conscious consumers.

One of the reason I enjoy conferences like Black Hat, DefCON and Chaos 
Computing Congress so much is the opportunity for industry to learn from 
their mistakes and consider the hacker mindset.

It appears the outcome of this talk will be beneficial to the entire 
smart meter industry, if they are listening, and it appears that 
Discovergy are taking the feedback to heart

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/ef0d30cf/attachment-0001.shtml 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hackingdiscovergy500.jpg
Type: image/jpeg
Size: 30423 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/ef0d30cf/attachment-0001.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smartmetermovieid500.png
Type: image/png
Size: 175027 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/ef0d30cf/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nikolausstarzacher175.png
Type: image/png
Size: 44678 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/ef0d30cf/attachment-0003.png

More information about the BITList mailing list