Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Can Privacy Turn to Piracy?

While Raj Samani and I were conducting researching for our recent book, “Applied Cyber Security for the Smart Grid,” there was a lot of interest, speculation, imagination and debate around a particular discovery.

While Raj Samani and I were conducting researching for our recent book, “Applied Cyber Security for the Smart Grid,” there was a lot of interest, speculation, imagination and debate around a particular discovery. The original finding, by researchers Dario Carluccio and Stephan Brinkhaus, indicated that with a frequent enough polling interval, Smart Meter readings could identify not only specific appliances used within a home, but could identify enough detail to generate a unique signature for a specific movie or television show (because specific frames of video will require different levels of brightness, etc. and therefore a unique electrical demand). Our interest is easy enough to explain, as are our concerns about Privacy.

Theft of PrivacyWhat’s this about pirates? Well, our speculation and our imaginations started us thinking about what else a specific device signature could be used for. Could a similar 2-second reading and subsequent analysis allow an agent to intercept surveillance videos? Probably not—there’s no actual recreation of video, just the creation of a unique signature. Could a shift in signature identify how often a security panel rotates between CCV images? Probably. If only we knew how many cameras there were, we might be able to predict when a given area would go unmonitored. If we knew what brand and model of camera was being used, we might even be able to develop an exploit to alter or disable video surveillance altogether.

Note that this scenario, where would-be bank robbers use infrared interface scanners to safely hack smart meters from their car instead of sneaking into the lobby and scoping out the bank cloak-and-dagger style, would likely not go over well with Hollywood movie directors.

Of course, we’re not about to rob a bank — nor do we condone such activity. We’re simply speculating that with important information being stored in Smart Meters, and with easy access to that data — from the relative safety of a position outside of our fictional bank, and outside of the area being secured, surveyed, and also presumably guarded by trained men with automatic weapons — a lot of damage could be done.

Theft of “privacy” can often equate to more tangible sorts of larceny. The private data being stolen could be a valuable digital asset (PII, banking data, a pharmaceutical recipe), or it could be data valuable enough to someone else to justify extortion (compromising records, medical files, a guarded secret). Could meter data provide information needed to steal a physical asset. Theoretically, yes. It’s a frightening speculation, and like the research it is based upon, it is likely to spark a bit of controversy.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.