Upload

This video is unavailable.

28c3: Smart Hacking for Privacy

28c3 28c3·149 videos
4,684

Subscription preferences

Loading...
Working...
23,059
Like     Dislike 2

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like 28c3's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike 28c3's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add 28c3's video to your playlist.

Uploaded on Dec 30, 2011

Download high quality version: http://bit.ly/sexyIG
Description: http://events.ccc.de/congress/2011/Fa...

Dario Carluccio, Stephan Brinkhaus: Smart Hacking For Privacy

Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings.

Unfortunately, smart meters are able to become surveillance devices that monitor the behavior of the customers leading to unprecedented invasions of consumer privacy. High-resolution energy consumption data is transmitted to the utility company in principle allowing intrusive identification and monitoring of equipment within consumers' homes (e. g., TV set, refrigerator, toaster, and oven) as was already shown in different reports.

This talk is about the Discovergy / EasyMeter smart meter used for electricity metering in private homes in Germany. During our analysis we found several security bugs that range from problems with the certificate management of the website to missing security features for the metering data in transit. For example (un)fortunately the metering data is unsigned and unencrypted, although otherwise stated explicitly on the manufacturer's homepage. It has to be pointed out that all tests were performed on a sealed, fully functionally device.

In our presentation we will mainly focus on two aspects which we revealed during our analysis: first the privacy issues resulting in even allowing to identify the TV program out of the metering data and second the "problem" that one can easily alter data transmitted even for a third party and thereby potentially fake the amount of consumed power being billed.

In the first part of the talk we show that the analysis of the household's electricity usage profile can reveal what channel the TV set in the household is displaying. We will also give some test-based assessments whether it is possible to scan for copyright-protected material in the data collected by the smart meter.

In the second part we focus on the data being transmitted by the smart meter via the Internet. We show to what extent the consumption data can be altered and transmitted to the server and visualize this by transmitting some kind of picture data to Discovergy's consumption data server in a way that the picture content will become visible in the electricity profile. Moreover, we show what happens if the faked power consumption data reflects unrealistic extreme high or negative power consumptions and how that might influence the database and service robustness.

The interactive transcript could not be loaded.
Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

All Comments (25)

Sign in now to post a comment!
  • omgwtfbbqalekx

    omgwtfbbqalekx 5 months ago

    I'm not sure that you understand.

    The patriot act isn't what it "Sounds" to be, there's nothing patriotic about it.

    This bill goes against the freedom and rights of the country's citizens. This bill allows the government to tap your phone, read your emails, search you without a warrant, etc...

    Clearly you didn't get the meaning of what I said, and I think that's because you don't know what the patriot act is.

    We haven't "lost" it, we've been force fed with it.

    Please google "Patriot act"

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate omgwtfbbqalekx's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate omgwtfbbqalekx's comment.
    in reply to 4crpg (Show the comment)
  • Frederique Zug

    Frederique Zug 5 months ago

    Hello htwhyppe Smart meters know when you are at home having sex with your partner. Googles knows what kind of kinky positions you had searched for. If you are searching for any personal or health issues, try a search engine that does not track you. I like to suggest DuckDuckGo. They have a great video on how Google gets rich.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Frederique Zug's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Frederique Zug's comment.
    in reply to htwhyppe (Show the comment)
  • 4crpg

    4crpg 5 months ago

    omgwtfbbqalekx You have lost the Patriot Act when smart meters and Google found you. How do you think they both get rich? Data mining. Your US congress is concerned and you aren't? Wake up Sunshine. fix the link and read ==> w w w.fas.org/sgp/crs/misc/R42338.­pdf MAKE A NOISE – The slide to dictatorship and denial of democratic rights should be hugely concerning to every single citizen of Canada or the USA, no matter if they like microwave device smart meters or not.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate 4crpg's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate 4crpg's comment.
    in reply to omgwtfbbqalekx (Show the comment)
  • omgwtfbbqalekx

    omgwtfbbqalekx 7 months ago

    "I must mention in the western world it's virtually impossible for an evil government to run spy operations on people"

    It's called the patriot act.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate omgwtfbbqalekx's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate omgwtfbbqalekx's comment.
    in reply to bjtaudio (Show the comment)
  • bjtaudio

    bjtaudio 9 months ago

    I must mention in the western world it's virtually impossible for an evil government to run spy operations on people, including market surveying and targeted marketing scams, without an insider blowing the whistle on it. As the truth will come out. However it is possible and already happening that individuals or even organized groups of criminals/people in trusted government positions with access, abuse these privileges and run organized crime under the radar, with the ability to cover up. 

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate bjtaudio's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate bjtaudio's comment.
    in reply to htwhyppe (Show the comment)
  • bjtaudio

    bjtaudio 9 months ago

    No! Its impossible, nor practical as the network could not handle the huge volume though put anyway. It is possible to profile an individual and its easy to predict what is going on based on power usage patterns, see if your home handy for an organized theft and crime. Its easy to mask your usage by having bogus devices switched on and off to make it look like someone is home thou.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate bjtaudio's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate bjtaudio's comment.
    in reply to htwhyppe (Show the comment)
  • PeekyBooo

    PeekyBooo 9 months ago

    I have a contract offer on our power box. If they come to replace the meter then they enter into a contract to give ownership (IP + physical) and free labour for any device put on the property. That way I can hack it and destroy it.

    For others, some may like to go around destroying the computer side of the devices as a means to stop foreign Governments(UN/Corporations/et­c) playing a role in the management of citizenship.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate PeekyBooo's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate PeekyBooo's comment.
    in reply to bjtaudio (Show the comment)
  • bjtaudio

    bjtaudio 9 months ago

    This is easy to do, you can use stun gun devices, even a car ignition coil to "zap" the device...But because the devices are constantly monitored failure of the device to communicate would prompt a service call from your power company to investigate. They would replace the meter, and if it kept getting blown up they will get suspicious and blame you. You would need to hit all your neighbors meters to cover it up making it look like a network issue.Watch out for hidden cameras to catch you.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate bjtaudio's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate bjtaudio's comment.
    in reply to PeekyBooo (Show the comment)
  • bjtaudio

    bjtaudio 9 months ago

    Most smart meters have a latching relay that can be used to remotely cut of supply to property. This is a bad idea as if the meter or system is compromised an attacker can cut off power to all effected meters. It is possible to bypass the relay, if your worried, and have an emergency bypass switch to bypass the meter all together! very easy to do but illegal obviously. Yes the meters can be destroyed by a high voltage device, the RF signals can be jammed or squashed! big brother can be stopped!

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate bjtaudio's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate bjtaudio's comment.
  • Loading comment...
Loading...
Loading...
Working...
Sign in to add this to Watch Later