Smart Hacking For Privacy : What TV shows you watch ?
White-hat hackers have exposed the privacy shortcomings of smart meter technology. At the Chaos Communication Congress in Germany, 28C3, researchers presented "Smart Hacking For Privacy" After analyzing data collected by a smart meter, these gentlemen were able to determine devices like how many PCs or LCD TVs in a home, what TV program was being watched, and if a DVD movie being played had copyright-protected material.
Dario Carluccio and Stephan Brinkhaus demonstrated the flaws. Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings.
The researchers, also customers, learnt that energy consumption data was sent unencrypted because SSL was malfunctioning.They intercepted and manipulated the data using Fritzbox! and WireShark and returned to the company a negative energy consumption rate of -106610 kWh.Similar flaws also allowed Carluccio and Brinkhaus to demonstrate that a customer’s entire power consumption history was stored by Discovergy.
They signed up with a company called Discovergy to see what type of information these meters collect, whether they were as secure as the company promised and what they might be able to determine from consumption patterns. Because Discovergy's website's SSL certificate was misconfigured, the meters failed to send data over a secure, encrypted link contrary to claims Discovergy made at the time before the presentation. This meant that confidential electricity consumption data was sent in clear text. Because meter readings were sent in clear text, the researchers were able to intercept and send back forged (incorrect) meter readings back to Discovergy.
A capability that allowed power consumption to be monitored in two-second intervals was also exploited.The researchers said they could determine if a particular movie had been watched based on two-second relay data held by Discovergy and accessed through HTTP GET requests.
Researchers from Münster University of Applied Sciences were previously able analyze smart meter data to identify the power consumption activity for a refrigerator, stove, and television. They showed that the type of LCD TV set could be identified, what TV program was on, or if a movie was playing from a DVD or other source.
The next step was "having fun with the smart meter" which began with writing Python, continuously spoofing the packets, faking smart meter data which required a MITM attack.