Smart Meters Hacked, Part Two
utility smart meter Mocana eavesdropping smart devices Nikolaus Starzacher Deviceline 28C3 spoofing energy usage data Discovergy MAC address ssl encryption Stephan Brinkhaus Dario Carluccio Chaos Communication Congress Internet of Things
Yesterday, DeviceLine talked about two German researchers who could intercept and decipher what videos you were watching by eavesdropping on your smart meter. Today, DeviceLine is talking about a more serious concern: spoofing energy usage data from your smart meter.
Speaking the 28th Chaos Communication Congress (28C3), Dario Carluccio and Stephan Brinkhaus showed the audience how the smart meters associated with the German energy company Discovergy used improperly configured SSL. The company also did not encrypt the consumer data. Naturally this is a target for future exploration.
The researchers used the smart meter's MAC address to spoof the unencrypted packets going back to Discovergy. Not only could they tamper with the smart meter results, they managed to manipulate data spikes and valleys in one report to read "U have been hacked" (see graphic above). Further, since they used a Windows program (not Linux), the researchers commented that just about anyone can do this (provided they release the Windows tool to the masses).
Fun and games aside, research like this could cost the utilities in terms of theft of service (one could depress actual energy usage) or cost consumers in targeted high bills (one could increase actual energy usage). Needless to say, this is a serious problem if the energy provider has not secured the smart meter or its data in transit.
In the 28C3 audience was Discovergy CEO, Nikolaus Starzacher, who vowed to address this and other the other issues cited by the researchers.
The complete 28C3 smart meter talk is available on YouTube