• catloaf@lemm.ee
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    1
    ·
    4 months ago

    Castellucci, whose pronouns are they/them, acquired this remarkable control after gaining access to the administrative account for GivEnergy, the UK-based energy management provider who supplied the systems. In addition to the control over an estimated 60,000 installed systems, the admin account—which amounts to root control of the company’s cloud-connected products—also made it possible for them to enumerate names, email addresses, usernames, phone numbers, and addresses of all other GivEnergy customers (something the researcher didn’t actually do).

    tl;dr: hacker (the good kind) exploits weak encryption key to gain access to the utility’s management system. Because you too were probably wondering how key length and power generation could possibly be related.