28th Chaos Communication Congress
Behind Enemy Lines

SPEAKERS :  Dario Carluccio & Stephan Brinkhaus

Smart Hacking For Privacy

Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings.

Unfortunately, smart meters are able to become surveillance devices that monitor the behavior of the customers leading to unprecedented invasions of consumer privacy. High-resolution energy consumption data is transmitted to the utility company in principle allowing intrusive identification and monitoring of equipment within consumers’ homes (e. g., TV set, refrigerator, toaster, and oven) as was already shown in different reports.

This talk is about the Discovergy / EasyMeter smart meter used for electricity metering in private homes in Germany. During our analysis we found several security bugs that range from problems with the certificate management of the website to missing security features for the metering data in transit. For example (un)fortunately the metering data is unsigned and unencrypted, although otherwise stated explicitly on the manufacturer’s homepage. It has to be pointed out that all tests were performed on a sealed, fully functionally device.

In our presentation we will mainly focus on two aspects which we revealed during our analysis: first the privacy issues resulting in even allowing to identify the TV program out of the metering data and second the “problem” that one can easily alter data transmitted even for a third party and thereby potentially fake the amount of consumed power being billed.

In the first part of the talk we show that the analysis of the household’s electricity usage profile can reveal what channel the TV set in the household is displaying. We will also give some test-based assessments whether it is possible to scan for copyright-protected material in the data collected by the smart meter.

In the second part we focus on the data being transmitted by the smart meter via the Internet. We show to what extent the consumption data can be altered and transmitted to the server and visualize this by transmitting some kind of picture data to Discovergy’s consumption data server in a way that the picture content will become visible in the electricity profile. Moreover, we show what happens if the faked power consumption data reflects unrealistic extreme high or negative power consumptions and how that might influence the database and service robustness.



Smart Meters Reveal Movie and TV Viewing Habits

Posted by Robert Vamosi on 1/9/12 3:59 AM

German researchers, presenting at the 28th Chaos Communication Congress (28c3), say they can guess what’s on your digital TV based on unencrypted signals from certain Smart Meters.

In a talk entitled “Smart Hacking For Privacy” researchers Dario Carluccio and Stephan Brinkhaus described their experience with German energy provider Discovergy. Prior to their talk, the Discovergy web site promised customers that access to your consumption data is protected by HTTPS, that the Smart Meter data relayed back to Discovergy was encrypted and signed with a certificate to prevent forged data, and that this information was independently confirmed. On the day of the talk, however, according to a blog on NakedSecurity, those claims all disappeared from the site.

So it’s no surprise that the researchers found the SSL certificate for the site was misconfigured and the data wasn’t encrypted. This, however, lead to a more interesting discovery: The researchers found the Discovergy Smart Meters were polled every two seconds. And based on those two second samples they could guess what movies people were watching.

This is similar to research published last November from the University of Washington, where the use of switched mode power supplies (SMPS) in digital TVs could reveal what programs were being watched.

In the 28C3 audience was Discovergy CEO, Nikolaus Starzacher, who defended the two second polling for future notification of customers if they left an electronic device running after they left the house. But he vowed that he would address the other issues cited by the researchers.

The full 28C3 talk is available here.



Researchers claim smart meters can reveal TV viewing habits

Posted by: Metering.com September 21, 2011

Münster, Germany — (METERING.COM) — September 21, 2011 – A group of researchers at the Münster University of Applied Sciences have claimed that it is possible to use the electricity usage data from a smart electricity meter to determine which programs a consumer is watching on a standard TV set.

The test results, which have been presented in draft form and are yet to be formally published (presumably with peer review), also suggest that it may be possible to identify films played from a DVD or other source, the researchers claim.

The tests were carried out by Prof. Dr.-Ing U. Greveler, Dr. B. Justus, D. Löhr of Münster University’s IT Security Laboratory as part of the state-funded DaPriM (data privacy management) project.

The researchers conducted the investigation at a private residence in RWE’s service area in North Rhine-Westphalia, with a 3-phase Zähler Q3D smart meter from EasyMeter reading at 2 second intervals and the smart meter data sent to the company’s consumer web portal. They were able to readily identify the consumption profiles of the standard household appliances, including refrigerator, kettle, hot water heater, microwave, washing machine, oven and lighting. In addition, they were able to identify the TV and to match the light and dark scenes in a film to the smart meter data.

They then generalize this to suggest that through analysis of programs being broadcast at any time – and provided there is minimum interference from other devices – it may be possible to determine the channel to which the TV was set.

In the light of these results the researchers call for a tightening of data protection regulations, including a restriction on the length of time data is stored.