Smart meter hacking made easier

Take a look at this presentation showing how some security researchers were able to learn all kinds of interesting things by intercepting unencrypted data from smart power meters. Much more interesting than it sounds at first (warning: Sometimes heavily accented English ahead!).

More easily comprehensible text report can be found in Smart meter SSL screw-up exposes punters’ TV habits: Also showed researchers WHETHER OR NOT THEY WERE HOME, an article in The Register.

White-hat hackers have exposed the privacy shortcomings of smart meter technology.

The researchers said German firm Discovergy apparently allowed information gathered by its smart meters to travel over an insecure link to its servers. The information – which could be intercepted – apparently could be interpreted to reveal not only whether or not users happened to be at home and consuming electricity at the time but even what film they were watching, based on the fingerprint of power usage…

Because Discovergy’s website’s SSL certificate was misconfigured, the meters failed to send data over a secure, encrypted link – contrary to claims Discovergy made at the time before the presentation. This meant that confidential electricity consumption data was sent in clear text.

More evidence that lack of attention to technical details can really get a business into trouble, and confirmation that many business leaders still don’t understand this.

Note: The video presentation itself can be pretty frustrating. The accents aren’t really that bad, but like most engineers the presenters aren’t … polished, and sometimes stall while trying to find the right words in English for what they wanted to say. As one commenter put it:

Good heavens… this talk has everything: it’s like a roller coaster ride that stops for 5 minutes with no apparent reason, and then proceeds to rocket on at high speeds almost killing everyone on the ride.