28c3: Smart Hacking for Privacy
Loading...
Uploaded by 28c3 on Dec 30, 2011
Download high quality version: http://bit.ly/sexyIG
Description: http://events.ccc.de/congress/2011/Fahrplan/events/4754.en.html
Dario Carluccio, Stephan Brinkhaus: Smart Hacking For Privacy
Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings.
Unfortunately, smart meters are able to become surveillance devices that monitor the behavior of the customers leading to unprecedented invasions of consumer privacy. High-resolution energy consumption data is transmitted to the utility company in principle allowing intrusive identification and monitoring of equipment within consumers' homes (e. g., TV set, refrigerator, toaster, and oven) as was already shown in different reports.
This talk is about the Discovergy / EasyMeter smart meter used for electricity metering in private homes in Germany. During our analysis we found several security bugs that range from problems with the certificate management of the website to missing security features for the metering data in transit. For example (un)fortunately the metering data is unsigned and unencrypted, although otherwise stated explicitly on the manufacturer's homepage. It has to be pointed out that all tests were performed on a sealed, fully functionally device.
In our presentation we will mainly focus on two aspects which we revealed during our analysis: first the privacy issues resulting in even allowing to identify the TV program out of the metering data and second the "problem" that one can easily alter data transmitted even for a third party and thereby potentially fake the amount of consumed power being billed.
In the first part of the talk we show that the analysis of the household's electricity usage profile can reveal what channel the TV set in the household is displaying. We will also give some test-based assessments whether it is possible to scan for copyright-protected material in the data collected by the smart meter.
In the second part we focus on the data being transmitted by the smart meter via the Internet. We show to what extent the consumption data can be altered and transmitted to the server and visualize this by transmitting some kind of picture data to Discovergy's consumption data server in a way that the picture content will become visible in the electricity profile. Moreover, we show what happens if the faked power consumption data reflects unrealistic extreme high or negative power consumptions and how that might influence the database and service robustness.
- 22 likes, 2 dislikes
-
- 1:09:40
Introduction to Hackingby elithecomputerguy73,696 views
- 32:52
The Dark Side of 'Smart' Metersby eon3161,553 views
- 1:07:34
28c3: Taking control over the Tor networkby 28c33,752 views
- 4:20
Michael Jackson - Live in Munich - Dangerous (1997) High Defby MJJHDMix2,612 views
- 1:06:11
28c3: Black Ops of TCP/IP 2011by 28c37,618 views
- 26:03
28c3: Reverse Engineering USB Devicesby 28c37,591 views
- 4:27
Genesis - That's Allby Billinois78591,322 views
- 3:41
Moves Like Jagger (Maroon 5) - Sam Tsui & Kurt Schneiderby TheSamTsui599,624 views
- 1:25:40
28c3: How governments have tried to block Torby 28c342,879 views
- 3:29
Land Down Under - Men At Work (Lyrics Included)by smurfinator140,754 views
- 59:12
28c3: New Ways I'm Going to Hack Your Web Appby 28c34,577 views
- 28:20
28c3: Ooops I hacked my PBXby 28c33,038 views
- 1:05:14
2012 State Of The Union Address: Enhanced Versionby whitehouse2,558,687 views
- 48:00
28c3: String Oriented Programmingby 28c33,052 views
- 8:34
Excel 2007 Tutorial 4.1. Pie, Column & Line Chartsby djdates32,651 views
- 3:54
Hermanninator: Tonpfeifenby hermanninator582 views
- 26:41
28c3: A Brief History of Plutocracyby 28c36,532 views
- 4:22
Hugh Grant: How I exposed hackingby paveldunghd84,436 views
- 32:47
28c3: Antiforensikby 28c33,031 views
- 1:02:55
28c3: Reverse-engineering a Qualcomm basebandby 28c32,808 views
Some info for Best Hacker Competition.
Challenge 1 * Flash the meter so that wifi/ir/usb-ports are disabled then the device can't be reflashed without it being removed and flashed at manufacturer.
Challenge 2 * corrupt data into the matrix network so that community devices are all wrong in reporting
PeekyBooo 1 month ago
Has anyone tried to static damage the meters? Burn out their circuits?
PeekyBooo 1 month ago
Kool. The ultimate hacker will be the one that can flash the Smart Meters so their flash is unflashable and disabled so no WIFI is transmitted.
PeekyBooo 1 month ago
@no38no - Yes, he was courageous for coming on, but this could have been made a lot less painful by actually practicing the presentation a few times before going on stage and staring at the screen for long amounts of time. Practice, if you can even record video of yourself so you can watch it and criticize yourself.
cheddahisbettah 1 month ago
Kudos to the Discovergy guy. He was very humble and courageous to come on stage.
It is also a nice warning about what information may be leaking from your seamless electrical consummation.
no38no 1 month ago 2
to authors : url for slides please
wadael 1 month ago
Also, like the bit.ly URL. What's an IG?
Zenchreal 1 month ago
Good heavens... this talk has everything: it's like a roller coaster ride that stops for 5 minutes with no apparent reason, and then proceeds to rocket on at high speeds almost killing everyone on the ride.
Zenchreal 1 month ago
Sorry but this makes me nuts. cant watch it to the end, cause of getting angry...
sonnenbadesalzkruste 1 month ago