Smart Meters Reveal Movie and TV Viewing Habits
digital tv utility smart meter Mocana movies eavesdropping 28th Chaos Communication Congress smart devices Nikolaus Starzacher Deviceline 28C3 spoofing energy usage data Discovergy MAC address ssl encryption Stephan Brinkhaus Dario Carluccio Internet of Things
German researchers, presenting at the 28th Chaos Communication Congress (28c3), say they can guess what's on your digital TV based on unencrypted signals from certain Smart Meters.
In a talk entitled "Smart Hacking For Privacy" researchers Dario Carluccio and Stephan Brinkhaus described their experience with German energy provider Discovergy. Prior to their talk, the Discovergy web site promised customers that access to your consumption data is protected by HTTPS, that the Smart Meter data relayed back to Discovergy was encrypted and signed with a certificate to prevent forged data, and that this information was independently confirmed. On the day of the talk, however, according to a blog on NakedSecurity, those claims all disappeared from the site.
So it's no surprise that the researchers found the SSL certificate for the site was misconfigured and the data wasn't encrypted. This, however, lead to a more interesting discovery: The researchers found the Discovergy Smart Meters were polled every two seconds. And based on those two second samples they could guess what movies people were watching.
This is similar to research published last November from the University of Washington, where the use of switched mode power supplies (SMPS) in digital TVs could reveal what programs were being watched.
In the 28C3 audience was Discovergy CEO, Nikolaus Starzacher, who defended the two second polling for future notification of customers if they left an electronic device running after they left the house. But he vowed that he would address the other issues cited by the researchers.
The full 28C3 talk is available here.