Smart meter hacking can disclose which TV shows and movies you watch

The place for technology related posts.

Moderator: Moderators

Post Reply
User avatar
Sabre
DCAWD Founding Member
Posts: 21432
Joined: Wed Aug 11, 2004 8:00 pm
Location: Springfield, VA
Contact:

Smart meter hacking can disclose which TV shows and movies you watch

Post by Sabre »

Sophos
At the 28th Chaos Computing Congress (28c3) hacker conference in Berlin, Germany researchers presented a talk titled “Smart Hacking for Privacy” where they looked into the privacy implications of “smart” electricity meters.

In Germany consumers who wish to contract with independent smart meter providers are able to have one installed in their home via a similar style of subscription you might agree to for a free cellular handset from a mobile phone company.

The researchers, Dario Carluccio and Stephan Brinkhaus, signed up with a company called Discovergy to see what type of information these meters collect, whether they were as secure as the company promised and what they might be able to determine from consumption patterns.

Discovergy’s website made three promises about the security of their devices. The web interface to access your consumption data used HTTPS to ensure no one could snoop on your sessions, the data relayed back to Discovergy was encrypted and signed to prevent forged data and that this had all been confirmed by independent experts.

Hacking Discovergy slide from Smart Hacking for Privacy

These claims mysteriously vanished from their website before the presentation was delivered on December 30, 2011.

The Discovergy website’s SSL certificate was misconfigured and presented them with an invalid certificate warning, then proceeded to redirect them to an HTTP url where the data and password were transmitted in clear text across the internet.

The web interface only allows customers to see the last three months of data, but because of the insecurity of the communications, they were able to demonstrate that data from the entire life of the device was in fact being stored on Discovergy’s servers.

Since the encryption and signing of traffic was untrue, they were able to intercept the communications using their router and forge incorrect readings back to Discovergy which at one point showed their minimum consumption to be -106610 kWh.

The last concern they expressed was that these smart meters were monitoring their power usage in two-second intervals. They were curious what type of information they could determine about someone with such fine grained measurements.

They tested different appliances to demonstrate the unique signatures their power consumption show on the two second interval graphs. This data could identify when the refrigerator was running, when you may be home or away or even sleeping.

They then looked at electrical usage of plasma, LCD and CRT televisions and could see differences in power consumption based on the brightness levels displayed for different scenes in TV shows and movies.
Pretty much anything can be used against you or to find information out about you...
Sabre (Julian)
Image
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
Post Reply