We would love to stay in touch with you!

Enter your details to join our mailing list and we'll send you a link to exclusive content.

* indicates required
Close

Smart meter privacy concerns

by Luciana de Rossi  //  January 11, 2012  //  News  //  No comments

Researchers Dario Carluccio and Stephan Brinkhaus recently presented a series of flaws in the security of electricity smart meters at the 28th Chaos Computing Congress (28c3) in Berlin, Germany.

What are Smart Meters?

Smart meters measure the consumption of electricity in a home or business. Like non-smart meters, they are the mechanism through which the utility company knows how much electricity a consumer as used – a figure from which the bill is calculated and generated. Smart meters have added value, though:

  • They are digital
  • They have memory and can store consumption history
  • They are web connected and can transmit acquired data

The benefits are:

  • a consumer gains visiblity of their usage and can optimize their consumption
  • the utility provider canvary their service charges
  • the infrastructure provider can better utilise their power infrastructure

But are these devices safe, and what impact do they have on privacy?

Privacy Concerns

The device tested by Carluccio and Brinkhaus was from Discovergy, who assured that the Discovergy GUI interface was HTTPS encrypted and that the transmission of data to Discovergy was encrypted and signed (to prevent fraud). The researchers however discovered that the SSL certificate was not configured properly and their browser generated a certificate warning. After authentication, the site also redirected to a non-SSL version.

What about the data being sent back to Discovergy? This was not properly encrypted or signed either, and the researchers were able to intercept the data, change it, and hence alter their bill. After some manipulation, here was the consumption graph of the researchers:

Perhaps the most alarming development for privacy, though, was that the meter recorded usage in two second intervals. Whilst this is great for understandind consumption with a very high fidelity, it also means that a pattern of life can easily be built through analysis of the consumption graphs. For example, it was possible to tell when the fridge was on, when the iron was on, or even which channel was showing on the television (by how much power was required for the plasma screen to display the image).

During the Q&A session, the CEO of Discovergy introduced himself to the audience and was invited to the podium. He explained that the reason Discovergy were collecting per second data was to allow consumers to profile their devices and to understand which of them may be consuming excessive amounts of electricity. In the future, he assured the audience, consumers would be able to opt out of detailed data collection.

About the Author

Luciana is a copy writer by profession with a specialist interest in Internet culture, cyber security and privacy.

Leave a Comment

comm comm comm