Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Fun and Games Hacking German Smart Meters

In a talk at the 28th Chaos Communication Congress (28C3) entitled “Smart Hacking For Privacy,” researchers Dario Carluccio and Stephan Brinkhaus described their experiences with smart meters from the German energy provider Discovergy. They said they could guess what’s on your digital TV based on unencrypted signals from the smart meters. They could also spoof the energy usage reported from the meter, a far more serious concern.

In a talk at the 28th Chaos Communication Congress (28C3) entitled “Smart Hacking For Privacy,” researchers Dario Carluccio and Stephan Brinkhaus described their experiences with smart meters from the German energy provider Discovergy. They said they could guess what’s on your digital TV based on unencrypted signals from the smart meters. They could also spoof the energy usage reported from the meter, a far more serious concern. All of this is because the utility in question misconfigured its SSL.

Smart Meter HackingAccording to a blog on NakedSecurity, prior to the talk the Discovergy Web site promised consumers several security features. Among these, that access to consumption data is protected by HTTPS, that the smart meter data relayed back to Discovergy was encrypted and signed with a certificate to prevent forged data, and that this information was independently confirmed. On the day of the talk, however, those claims disappeared.

The researchers, in seeking to see whether the security claims were true, quickly discovered that the SSL certificate for the site was badly misconfigured so the data in transit wasn’t actually encrypted. This lead to a more interesting discovery: Discovergy polled their smart meters every two seconds, meaning the utility collected and maintained a fairly accurate and very granular record of home usage. The unencrypted data in transit could potentially allow anyone to collect and maintain a similar record of their own—which is what they did.

Based on these records, the researchers said they could guess what movies people were watching in the home. This is similar to research I wrote about last November from the University of Washington, where the use of switched mode power supplies (SMPS) in digital TVs provided energy fluctuations that could reveal what programs were being watched. Here, too, granular power fluctuations matched certain video content displayed on a digital TV in the test.

The researchers, of course, attempted to do more. They used the smart meter’s MAC address to spoof the unencrypted packets going back to Discovergy, and therefore compromise the record being kept at the utility. Not only could they tamper with the smart meter results, they managed to manipulate data to specific spikes and valleys. In one report, the energy usage fluctuations spelled out “U have been hacked”.

They note that since they used a Windows program (not Linux) to do this manipulation, just about anyone can do this (assuming they release the Windows tool to the masses, which they (so far) have not).

In the 28C3 audience was Discovergy CEO, Nikolaus Starzacher, who came on stage during the Question and Answer period and vowed to address these and other the other issues cited by the researchers.

Fun and games aside, smart meter attacks like this could cost utilities millions in potential theft of service (one could depress actual energy usage) or cost consumers large sums in targeted high bills (one could increase actual energy usage). This is a very serious problem. If the energy provider has not secured the smart meter or the smart meter data in transit, then the Smart Grid is unlikely to result in the efficiency and savings that many have promised.

The complete 28C3 Smart Hacking For Privacy smart meter presentation is embedded below.

Advertisement. Scroll to continue reading.


Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.