Research Duo Outsmarts Smart Power Meter Readers
It appears that for every one step forward we take in open access to information, we take one or maybe two steps backward in keeping our private lives private.
The latest example comes from the 28th Annual Chaos Computer Conference in Berlin,
With power companies here in the United States installing “smart power” all across the country there may be a great many lessons learned from how easily two computer researchers in Germany were able to manipulate the latest in reader technology. The researchers demonstrated the utility provider has the ability to know what movies and television shows consumers are watching and even when someone is not home or is fast asleep.
Additionally, the technology allowed the researchers to manipulate power consumption numbers, sending back to the power service provider negative kilowatt hours of usage.
All this and more was demonstrated by Dario Carluccio and Stephan Brinkhaus at the Berlin
The German company under fire is Discovergy, which acts as a middleman between the power service provider and the consumer. It offers its smart readers to consumers who can use them to regulate power consumption by determining what’s on, what’s off and what appliances may need updating to a more modern energy-friendly device.
However, there is a price to pay for this convenience.
It turns out the promises Discovergy makes on it Web site did not hold up when tested by Carluccio and Brinkhaus. Discovergy promised the Web interface to access meter readings went to an HTTPS server; however, the certificate did not match the Web site. If the consumer ignores the disparity it redirects the customer to a site where the required password is sent back to the service provider in plain text. In fact, all data from the smart reader to the Discovergy server was sent in clear text.
Although consumers can see only their personal usage data for three months back Discovergy does not delete old data it claims to, instead storing all of it on its servers.
While the Discovergy technology allows the consumer to pinpoint the power consumption of individual devices it is this same capability that reveals information from what Carlucci calls “the private sphere.”
The device reads power usage every two seconds. Thanks, or no thanks, to the frequency of these measurements Carluccio and Brinkhaus demonstrated how a user’s television and movie selections are also revealed.
By using a Pearson Correlation, which depicts the statistical relationship between two sets of data, the researchers overlaid a power consumption template of popular movies with the power consumption used by the television to determine what the viewer was watching.
The researchers also demonstrated how a consumer could turn the tables on the power company and manipulate kilowatt usage in their favor.
With a big smile on his face Carluccio, saying he didn’t want to confuse the power supplier with two sets of data, removed the cable from the Discovergy smart reader.
Then, he said, “Since I knew the smart meter's MAC address I sent my own packets.” The smart meter identifies itself with a MAC address.
Brinkhaus, in summing up the privacy implications of technologies like Discovergy’s, noted that because a smart reader can hone in on usage of individual appliances, these devices can determine the “daily routine of a user" and gives a company “direct insight into the private sphere.”
I can see a power company selling its customer's movie selections to the likes of Comcast and Netflix for some really good targeted advertising.
Interestingly, Brinkhaus explained there is no real English translation for the German phrase "Privacy Sphere" and "Internet Sphere." In Germany
Perhaps we here in the United States need to work on a good translation so that companies here will understand the difference between the two.
Leave your comment