Are Your Smart Devices Spying on You?

Discussion in 'privacy problems' started by lotuseclat79, Aug 4, 2015.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,982
    Location:
    Brasil
    I would like to add that there is a great danger in "Smart Cars". It has been demonstrated that it is possible to crack into a car system and have full control over it, and that means breaks, transmission, wheel... anything.

    I wouldn't be surprised if inteligence agencies (government agencies included) use such technique to forge "accidents" in order to kill someone they don't like.
     
  3. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    It was a great article, it got some things right. The whole smart meter thing is right on the mark. I work for a utility that has smart meter infrastructure. The data that they get from it could in no way be used to breach privacy. The most they can tell from it is how much energy you use in a given 30 minute interval. They are not very smart. Although many of these meters do have additional functionality; in our case a zigbee device. You also need to remember with meter infrastructure that it has a 20 year lifespan.
     
  4. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
    I think that would have potential to reveal some household patterns. Such as the approximate time people awake, leave for the day, return home, and go to sleep. Whether someone normally is home and on what days. Whether people are away certain days. Etc. I don't think the picture would be clear for all householdss, but for others... couples who work the same hours & households of one... I suspect it could be clear enough. Compared to the other things we talk about, this would be far down the list of concerns. However, I feel like we should acknowledge it.

    FWIW, I've seen some downloaded data showing kWh to 3 decimal places every 15-minutes, and other downloaded data showing kWh to 2 decimal places every hour.

    BTW, my electric company uses a third-party service that processes/formats the smart meter data for consumer consumption. So there is third-party sharing, at least if you interact with the energy consumption related tools. When I looked into them it appeared that they do such work for a number of electric companies.
    I know what ZigBee is, but I don't know any of the details. Can one device capture factory hardware addresses belonging to other devices, information about the types of other devices, things like that?
     
    Last edited: Aug 5, 2015
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Electrical consumption clearly shows household occupancy, whether you're away on vacation etc. That information is, presumably in a utility database in some form (for how long? how identifiable?) - we do not know, and track record shows that corporations are not very good at keeping the information safe. On the Ricthter scale of exposures, this would not concern me that much, except on a legal/policy basis, I'd like to see all companies anonymise the data and reduce its retention to the minimum. But they won't, because that takes thought and money in development and operations.

    The bigger exposure I thought was via the radio link (the ZigBees). They do offer some form of encryption, but there have been exposures in the past, and as we know on this forum, even well-designed security controls are vulnerable to breech.:)

    Probably, the home automation systems, particularly if internet connected, would be a higher level of risk. And home security systems even worse! Even at basic, all those webcams with default passwords....

    But no, right now, my assessment of exposure is far more about the over-reach of the TLAs, and the vulnerability of our services, infrastructure and clients on the internet proper.
     
  6. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Can you clarify what you mean?

    The Zigbeee antenna would be used for customers to access there electrical use data. In our case it is left disabled. As far as it capturing hardware addresses belonging to other devices. I am not too sure about.


     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
    I'll use WiFi as an example. If a device acts like an AP, it will receive broadcast probe requests from in range devices, which will include the MAC Address of those devices. It will be able to infer the proximity of those devices based on signal strength. In many cases, the MAC Addresses can be used to lookup device manufacturer information (public OUI records), which will also sometimes reveal the nature of the device as well. There are some publicly available, as well as non-publicly available, records which provide MAC Address ranges for different types/versions of specific devices. So some non-trivial information can be gained from this. Additional information can be gathered by putting the interface in promiscuous mode and listening to all traffic. It isn't just APs that can do this, but other WiFi devices as well.

    So, if there is a WiFi radio which is under someone else's control within range of your home and devices, you may be snooped on. Some people have enough land, and space between their home and others, to reduce if not eliminate this possibility. Particularly if the assumption is that in-range devices will be ordinary devices with non-optimal antennas, etc. Plus, many assume that their neighbors will behave ethically.

    One thing that can change the picture is a utility company and/or ISP that requires their customers to use their WiFi equipped device. Such customers not only end up with another party's radio on/in their home, but they are also exposed to the commercial interests of that company. Also, particularly in the case of a utility company device, the mandated device may remain for long periods. Its broadcast hardware address has the potential to be a very persistent identifier, which could be captured and exploited (for geolocation and/or other purposes) by cloudy software running on the home owner's device(s). A homeowner could easily swap out other things, and naturally would over time.

    The WiFi protocol wasn't designed to protect against this type of metadata collection. I don't know if ZigBee and/or other home automation related devices use protocols that do offer protection against it.
     
    Last edited: Aug 6, 2015
  8. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    That I am not too sure of. I would guess the ZigBee has an identifier built in, otherwise you could run the risk of activating your neighbours ZigBee. Our company chose not to activate it now citing privacy concerns (probably more because they dont want to deal with the negative publicity implementing this component could generate).
    The meter itself is a mesh network that sends "encrypted" traffic on usage. I am not sure on the security and encryption level as they have not disclosed it. The typical reason for introducing these meters are that it cuts the cost of meter readers, but it also cuts grow-ops hooking up illegal bypasses (big big problem).
     
  9. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    I totally agree. I avoid anything "smart" like the plague.

    As far as the original link in post1....What balony. First, when I read ANY piece that homes in on pathetic terms such as "conspiracy theory" (in this case no less than 5 times) it immediately tells me one of two things - the writer is either at best naive (using pop cliches to sound relevant), or at worst an outright propaganda puppet. In this case I believe the latter. The whole piece is crafted to make those who question these things out as paranoid nutjobs, which of course is what's behind the meaningless term "conspiracy theory".

    Smartmeters have a number of issues but even if you don't believe some things there is enough from any single point to warrant fair warning. They've caused fires, they cause people to get sick, they continually send out RF pulses, they have been proven to generate higher power bills and they most certainly are spy devices. If the greedy powercos were only out to make more money, I would have much less to worry about. The more you learn about these hideous things which are forced down our necks the worse you will see what's behind them.....(if you're honest) I think even a small amount of foresight should warn people clearly where these things are heading and just because all the "features" are not yet implemented doesn't mean you shouldn't wake up to the potential dangers, and exercise reason in that such "features" are there for a purpose, if later down the track.

    IN light of how we all should know the PTB are NOT trustworthy why should this be any different...

    Go here to view a graph of how your daily usage can be used to invade your privacy, plus other associated SM issues. Also I might add, a little bit of privacy invaded here and a little bit there all go into the the sum of the whole. You'll never see that if you concentrate on only one thing.

    https://smartmeterpowerstruggle.wordpress.com/

    Heres a comprehensive website dedicated to SMs.

    http://www.stopsmartmeters.org.nz/faqs/
    Heres some other interesting articles from the same site...
    http://www.stopsmartmeters.org.nz/latest-news/smart-meters-correcting-the-gross-misinformation/

    http://www.stopsmartmeters.org.nz/category/privacy-2/

    I have a number of pdfs regarding this issue and who is behind deploying SMs in my country. I can tell you the stealth methods they are using to "educate" the public is nothing less than dirty sneaky underhanded tactics. Some of our powercos are lying and bullying people to have SMs and I have successfully withstood the one who did that to us. I've changed powercos with the condition they don't force us to have one. I have a lock on my meter and a warning of the consequences if any "smart" person decides to take it on themselves to break in and install one on the sly. I've heard stories all over they just come on your property and do it anyway. Eventually they will FORCE people to have these dreadful things and the day they do is when I go off the grid.

    I hope everyone takes the time to evaluate these for themselves and see what they're letting themselves in for.
     
  10. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489

    I cant speak from the perspective of anybody outside my city in Alberta. The smart meters here cannot collect anywhere near the amount of information shown on that site.
    The site https://smartmeterpowerstruggle.wordpress.com/ gets a lot wrong. The business case for smart meters is getting rid of meter readers and identifying grow-ops sucking free juice not selling data. Our company is too beaurocratic to be able to use smart meter data for anything useful.

    I am not saying the claims shouldnt be taken seriously, it all depends on where you live and what threats most worry you the most.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
Loading...