New Zealand news‎ > ‎

German security researchers intercept smart meter data

posted Feb 23, 2012, 5:36 PM by ema-1 ema-1   [ updated Feb 23, 2012, 5:38 PM ]
"The researchers, Dario Carluccio and Stephan Brinkhaus, signed up with a company called Discovergy to see what type of information these meters collect, whether they were as secure as the company promised and what they might be able to determine from consumption patterns"

"This talk is about the Discovergy / EasyMeter smart meter used for electricity metering in private homes in Germany. During our analysis we found several security bugs that range from problems with the certificate management of the website to missing security features for the metering data in transit. For example (un)fortunately the metering data is unsigned and unencrypted, although otherwise stated explicitly on the manufacturer's homepage. It has to be pointed out that all tests were performed on a sealed, fully functionally device. In our presentation we will mainly focus on two aspects which we revealed during our analysis: First the privacy issues resulting in even allowing to identify the TV program out of the metering data and second the "problem" that one can easily alter data transmitted even for a third party and thereby potentially fake the amount of consumed power being billed"

"During the question and answer period the CEO of Discovergy, Nikolaus Starzacher, stood up and came onto the stage. He expressed his appreciation to the researchers for drawing attention to the problems they found and vowed to resolve them as quickly as possible. He explained that one of the reasons for using the two second polling interval was to provide services like notifying you if you left the house with the iron or stove on by accident. He promised to make the data collection interval configurable in the future for more privacy conscious consumers"

Researchers: Stephan Brinkhaus, Dario Carluccio, Ullrich Greveler, B. Justus, Dennis Löhr, Christoph Wegener




One hour presentation: