[BITList] Smart meter hacking
franka
franka at iinet.net.au
Mon Jan 9 13:15:17 GMT 2012
Big brother is alive and well
frank
Smart meter hacking can disclose which TV shows and movies you watch
At the 28th Chaos Computing Congress (28c3) hacker conference in Berlin,
Germany researchers presented a talk titled "Smart Hacking for Privacy"
<http://www.youtube.com/28c3#p/u/54/YYe4SwQn2GE> where they looked into
the privacy implications of "smart" electricity meters.
In Germany consumers who wish to contract with independent smart meter
providers are able to have one installed in their home via a similar
style of subscription you might agree to for a free cellular handset
from a mobile phone company.
The researchers, Dario Carluccio and Stephan Brinkhaus, signed up with a
company called Discovergy to see what type of information these meters
collect, whether they were as secure as the company promised and what
they might be able to determine from consumption patterns.
Discovergy's website made three promises about the security of their
devices. The web interface to access your consumption data used HTTPS to
ensure no one could snoop on your sessions, the data relayed back to
Discovergy was encrypted and signed to prevent forged data and that this
had all been confirmed by independent experts.
Hacking Discovergy slide from Smart Hacking for Privacy
These claims mysteriously vanished from their website before the
presentation was delivered on December 30, 2011.
The Discovergy website's SSL certificate was misconfigured and presented
them with an invalid certificate warning, then proceeded to redirect
them to an HTTP url where the data and password were transmitted in
clear text across the internet.
The web interface only allows customers to see the last three months of
data, but because of the insecurity of the communications, they were
able to demonstrate that data from the entire life of the device was in
fact being stored on Discovergy's servers.
Since the encryption and signing of traffic was untrue, they were able
to intercept the communications using their router and forge incorrect
readings back to Discovergy which at one point showed their minimum
consumption to be -106610 kWh.
The last concern they expressed was that these smart meters were
monitoring their power usage in two second intervals. They were curious
what type of information to could determine about someone with such fine
grained measurements.
They tested different appliances to demonstrate the unique signatures
their power consumption show on the two second interval graphs. This
data could identify when the refrigerator was running, when you may be
home or away or even sleeping.
They then looked at electrical usage of plasma, LCD and CRT televisions
and could see differences in power consumption based on the brightness
levels displayed for different scenes in TV shows and movies.
Identifying a movie using a smart meter
You can clearly see a discernible pattern of power usage that uniquely
fingerprints this film. The researchers conclude that two seconds is a
bit intrusive to privacy and unnecessary for the stated goals of the
smart meter companies.
Nikolaus Starzacher at 28c3During the question and answer period the CEO
of Discovergy, Nikolaus Starzacher, stood up and came onto the stage. He
expressed his appreciation to the researchers for drawing attention to
the problems they found and vowed to resolve them as quickly as possible.
He explained that one of the reasons for using the two second polling
interval was to provide services like notifying you if you left the
house with the iron or stove on by accident. He promised to make the
data collection interval configurable in the future for more privacy
conscious consumers.
One of the reason I enjoy conferences like Black Hat, DefCON and Chaos
Computing Congress so much is the opportunity for industry to learn from
their mistakes and consider the hacker mindset.
It appears the outcome of this talk will be beneficial to the entire
smart meter industry, if they are listening, and it appears that
Discovergy are taking the feedback to heart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/ef0d30cf/attachment-0001.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hackingdiscovergy500.jpg
Type: image/jpeg
Size: 30423 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/ef0d30cf/attachment-0001.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smartmetermovieid500.png
Type: image/png
Size: 175027 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/ef0d30cf/attachment-0002.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nikolausstarzacher175.png
Type: image/png
Size: 44678 bytes
Desc: not available
Url : http://lists.bcn.mythic-beasts.com/pipermail/bitlist/attachments/20120109/ef0d30cf/attachment-0003.png
More information about the BITList
mailing list