Slashdot Mirror
Security Holes Found In "Smart" Meters
Hugh Pickens writes "In the US alone, more than 8 million smart meters, designed to help deliver electricity more efficiently and to measure power consumption in real time, have been deployed by electric utilities and nearly 60 million should be in place by 2020. Now the Associated Press reports that smart meters have security flaws that could let hackers tamper with the power grid, opening the door for attackers to jack up strangers' power bills, remotely turn someone else's power on and off, or even allow attackers to get into the utilities' computer networks to steal data or stage bigger attacks on the grid. Attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them, or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc, a vendor-independent consultant that performs penetration tests and security risk assessments."
"Wright says that his firm found 'egregious' errors, such as flaws in the meters and the technologies that utilities use to manage data (PDF) from meters. For example, smart meters encrypt their data but the digital 'keys' needed to unlock the encryption are stored on data-routing equipment known as access points that many meters relay data to so stealing the keys lets an attacker eavesdrop on all communication between meters and that access point (PDF). 'Even though these protocols were designed recently, they exhibit security failures we've known about for the past 10 years,' says Wright."
And this is a big surprise?
While this is bad, this is the same situation as with the old, traditional meters.
didn't the Chinese warn us? i mean i wasn't to long ago that i read an article here about some Chinese guy warning us about a flaw in our power grid....
epic sig..... ya i got nothing
...but there really should be a minimum security standard for infrastructure items like any city's power grid (or voting machines, or traffic systems, or water supplies, or any number of things you dont want folks monkeying with). Its really insane to hear about this considering how power stations and utilities are tightly regulated. It doesnt matter that the system is only open on the far end of the line because eventually someone will mess with it and show just why its a bad idea. Either make the system secure or dont make them so accessable.
Let me take this opportunity to dig up my attempt at an 'Ask Slashdot' from more than 3 years ago:
How to monitor your electricity meter
This question was never published and thus never answered. Anyone out there with experience in this field? That IR-interface currently sits on front of the meter doing nothing at all while it would create the possibility to eg. create an accurate power use graph, power quality data - I'm on the far end of a long air cable so that is sometimes an issue - and more interesting things. I guess I'm not the only one interested in these things?
--frank[at]unternet.org
Since when a meter needs to have wireless capabilities?
In soviet russia the government regulates the companies.
With this you could use a whole country to display a message for aliens, or to entertain the astronauts on iss. :-)
So just use the electrons which are already around you then. Rub a balloon against your hair and harvest those electrons or something. Let me know when you manage to power your laptop from that. Or perhaps it's easier to just pay someone to deliver a steady electron stream to your house?
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
I fail to see any improvement by introducing a computer into a electrical connection. They're still opt-in (at least here), but they really provide no benefit to the consumer, and a huge point of failure when something goes wrong. Even when they're working as designed, your air conditioner won't work as well when it's hottest. And now they have these huge security flaws that could let someone remotely turn off your electricity, change how much your bill is, and even mess with the electric grid. They really are a nightmare for the consumer.
Unless I could find that software, then I'd get one in a second, build some fake solar cells and windmills on the roof, and spin that thing backwards 24/7. I'd even build a perpetual motion machine that was secretly powered by electricity and claim it was producing it, just to mess with people.
This sentence no verb.
is why electricity costs money. It is just electrons, which are everywhere.
Electricity is free, it's the packaging and delivery that costs money. Just like water that comes out of the faucet, or comes in a plastic bottle, it's the getting it to you part that is expensive. Yes, yes, I know it's an inaccurate oversimplification ... just think of it as a metaphor.
Feel free to use all the free electricity (or water) that you can grab and take home. Heck, you can take mine too, if you can carry it.
I can see the benefit in making meters network-enabled just to prevent having to send someone to read the meter physically, but why would you want to be able to control them remotely? That doesn't seem like it's worth the risk. Make the thing read-only, with some standard way of collecting the data - using SNMP or something.
rooooar
I've read through both PDFs, and they really go into a lot of detail on the experimental methodology. The main thing they seem to be concerned about (and the only vulnerability they detail) are extracting the encryption keys from the meter firmware ("some" meters) and reverse-engineering the command protocol. While this could be a threat, being able to turn off/manipulate individual home meters isn't going to have any far-ranging effects beyond that. It also, obviously, requires a lot of reverse-engineering skill. I'd be more concerned with someone packaging this into a bluebox-style solution for manipulating your own meter, giving you free power? Earlier in the methodology report they talk about IR ports and similar being unsecured due to the perceived unlikelihood of attacking them, but they don't detail anything about that in the presentation PDF. That would be easier to exploit, though, so they might be keeping a lid on the more critical vulns?
Emotions! In your brain!
Is why electricity costs money. It is just electrons, which are everywhere.
You're not paying for the electrons, you're paying for the non-conservative fields propelling them around.
Ezekiel 23:20
So would that be 39.37 smart inches?
Anyone remember the end of "hackers" (the movie) ? They where showing text on a apartment building by controlling which lights go on and off...
Guess it is possible now.
My city-run utility company inadvertently drove itself into a political clusterf**k with smart meters. A large bunch of the smart meters were installed in January, then we had an extremely cold February that caused very high bills for some people, and the bills were blamed on the smart meters.
is why electricity costs money. It is just electrons, which are everywhere. If there weren't electrons, we would all be living on a neutron star like Pluto where everything is a sick off-white color and people talk really slowly becuse they are strtched into string beans and they don't have any electrical energies in their metabalisims. But somehow we are supposed to pay for this? Somebody is evil and somebody is Italian here.
What I want to know is where can I get some of the drugs you're on.
Vulnerabilities were identified in the smart meters last year, see http://earth2tech.com/2009/07/31/smart-meter-worm-could-spread-like-a-virus/
The vendors for the vulnerable meters have since patched the buffer overflow used to propagate this worm, but they don't have a way to patch the meters already installed; the power companies aren't exactly storming Ma and Pa Kettles around the grid, replacing their meters. It is a safe bet that there are other overflows, lurking in the dusty corners -- hardware vendors still believe that obscurity is all the protection they need, and the government does not know how to force the issue without seizing control of private enterprise.
As for the grid being regulated? Hah. The CIPS regulations can be condensed down to "Okay, tell us you have a plan. And, from here on, adhere to that plan. We trust you to know what a good plan is, because we sure as hell don't know."
I'm confused, why is it physically possible for anyone to remotely turn power on and off? That doesn't have anything to do with "help deliver electricity more efficiently and to measure power consumption in real time". Surely the entire software and circuity surrounding those features should be able to fail completely with the core system (supply of electricity) completely unaffected and oblivious? I'm tempted to assume someone has other, less marketable objectives for the smart meters such as being able to cheaply disconnect people who aren't paying the bill, and therefore the root of the problem is those inherently risky objectives.
Which begs the question, why are they not gettin up off their ass's and building more power generation plants as opposed to whining and crying which eventually leads to these stupid hair brained ideas in the first place.
Save money by cycling your AC indeed. The MONEY *IS* the incentive, not the SAVING.
The problem we have is our leaders have sold us out, instead of pre-planning ahead, and taking actions to prevent destruction, they scam the system, their lives revolve around re-election finance, the ONLY time they take action is when it's forced because something breaks (because they had NO PLAN AT ALL) and we have another disaster which has to be fixed with another fucking OVER budget debt.
Then they get out there and say they didn't know. They KNOW, they are ENCOURAGING this crap.
Yes, yes, I know it's an inaccurate oversimplification ... just think of it as a metaphor.
Can you rephrase that in the form of a car analogy?
The traditional problems utilities have had to deal with are of physical intrusion, either by customers or by neighbors, looking to bypass the meter, modify the readings, or steal electricity. They solve this (or at least reduce it to a manageable level) mostly with intrusion detection -- basically, seals so they know the meter has been tampered with. In this model, the only loss is money and so preventing it at high cost doesn't make sense; detecting and stopping it reasonably quickly is more important.
With meters which do more than metering, that's just not good enough. Significant effort must be made to prevent malicious people from surreptitiously turning power off, otherwise assholes will do it just for lols. It's not like ripping a meter off the wall, which will have the same effect but carries high likelyhood of getting caught.
So would that be 39.37 speedo inches?
I think it might be a severe head injury rather than drugs in this case. Not as much fun.
They are COUNTING on idiots that will depend on them. This is the IBM that ships their manufacturing to China and their software to India. Of course, they know that they have LOADS of security issues. BUT, like Windows, people will have to buy new ones to stay ahead of the crackers.
So would that be 39.37 pedo inches?
if hackers cut the power off, then how will they continue to hack???
why are they not gettin up off their ass's and building more power generation plants
Because power demand increase as a curve and power supply increases in steps. Let's say power supply is currently 10,000 units. Next year the demand is expected to go to 10,500 units. A new coal power plant supplies 5,000 units at $1.5 billion dollars (approximate cost of a new plant). A power utility can spend $1.5 BILLION and build a new plant that's going to run at a fraction of its capacity for the next many years, or they can spend a few million dollars and trim demand to fit within their current infrastructure. If you're the power company which do you choose?: the $1.5 billion dollars that will be underutilized for the next ten years, or the few million dollars that ensures your system is running at peak capacity. Money IS the incentive. And the best way to make that in the energy world is to ensure that your current system is maximized in terms of its use.
Great, first it was IOActive frothing non-stop about smart meters, now we have Inguardians turning the froth up to 11. This whole smart grid security issue never addresses the probability of an attacker actually being able to carry out a serious attack in real life. The PDF talks about theoretical attacks. It describes possible weaknesses. It does not assign any probability or likelihood to those attacks. As such, this is faulty and misleading security work. Its the kind of FUD "security gurus" resort to when they want to scare people into buying their services. Notice that the PDF makes sure to advise users to buy services like pentesting and code review - which of course an Inguardians sales representative can sell you. Any decent security analysis MUST include consideration of probability. Risk (the most basic measure of security) is comprised of both impact and probability. Sure, breaking into a smart meter could be a catastrophic thing, thus a very high "impact" rating. However, if the probability of doing that in the wild is enormously low. Something like 0.000000001%. Then the risk of this actually happening is therefore very low. Until one of these “researchers” shows the real risks involved here, and not a bunch of theoretical and conceptual data, I remain unconvinced that there are serious problems with smart meters.
Now I can use my severs to war dial and not pay for the power that will be a nice way to match my free phone bill that I used to call all the numbers in sunny ville ca.
I was an engineering consultant for 40 years. I'm well familiar with the politics and ethics of engineering studies. Something is fishy here.
The AP says that Wright's firm was hired by three utilities. The web material suggests that it was actually ucaiug.org (an association of both vendors and utilities) Presumably, they financed the security study to expose vulnerabilities so that they could fix them. They did it openly and allowed the report to be published. That's laudable and responsible behavior. It is the opposite of denial and secrecy.
Normally, Wright and his team write the report and the vendors and utilities fix the problems. However, Wright is going pubic in a big way. He, with cooperation from the media, is mongering fear and suggesting that the vendors and utilities don't care about security. He's acting in a way that brings maximum bad publicity to his financial sponsors. That is extraordinary behavior for a consultant. If it was I that hired him, I would feel betrayed.
I really can't tell if he's doing it for shameless and unethical purposes of self promotion, or whether there was a breakdown in relations between the consultant and the clients. Somewhere there is an enormous untold back story.
Sure ...
... just think of it as taking up a metaphorical parking spot for my analogy.
What I just described as the engine of a Yugo is, in reality, probably closer to the complexity of a Ferrari's engine
Cars are free, it's just the making and selling of them that costs you money.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Heck, you can take mine too, if you can carry it.
Dear WrongSizeGlass,
Can we move one of our data-centres next to your house?
Sincerely,
Eric Schmidt
Mind the frickin' laser...
Think of the kind of girls here that Slashdotters are familiar with:
Just like girl that comes out of the closet, or comes in a plastic bottle, it's the getting it to you part that is expensive.
You know the kind of girls you have to inflate first or the came out of weird Japanese vending machines.... if you were thinking of something else when you read the above your clearly have a dirty mind! ;-)
Anyone found any similar useful hacks with them newfangled radio water meters?
My city put 'em in last year and this dude comes out to the house to install it and I'm like, "...so this let you drive past the house and pick up the meter reading without coming to the side of the house, right?" And the dude is like, "No. This radios your water usage directly to the central office every twelve hours."
Every twelve hours.
I know slashdot makes you paranoid, but this bothers me. I simply cannot imagine how it could be useful to monitoring this frequently when they still bill my usage monthly. Plus, any dude with access to the database can hack together an SQL query to find out which houses have a total water usage under a gallon over the past three days and know who's not home.
Mike Davis with ioactive has done some in depth research, see http://www.ioactive.com/services/smart-grid-research.html
Check out the videos of worm propogation, really cool stuff. He actually wrote the attack vector and worm for his blackhat preso, I think you can get slides off that site.
There is also a webcast, if you are actually interested I would check it out.
The trouble with "smart meters" and the "smart grid" is that it's too easy to put in excess functionality that can cause trouble. The ability to do remote firmware upgrades is an example. The ability of meters to communicate with each other is another.
The "smart grid" has way too much centralized control in it. All that's really needed is remote meter reading, plus some broadcast signals to indicate how scarce power is at the moment. The customer should have read-only access to their meter from their side of the meter. High-current appliances should be able to query the meter to find out if it's OK to draw heavy power right now. The power company should have no data path to appliances.
Incidentally, some "smart meters" support pre-paid service, where customers have to pay in advance and are turned off automatically when their pre-payment runs out. There's also wattage-limited service, where the power turns off if a maximum load is exceeded. This can be used for collection purposes; if you get behind on your electric bill, your consumption is limited. There's a whole new range of ways for screwing poor people going in. It's like "check cashing" stores.
This place is from the 70s, so I assume it is a not a smart type?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
we had a similar problem in Italy. basically the new electricity meters were infrared-accessibile. password protected, of course. no need to hack anything trough, just use '0000', '1234' or '3635' ("enel as written with a cellphone, it's the company name). ta-da! full access. so what did we do? nothing. but we're in italy after all...
"I was gratified to be able to answer promptly, and I did. I said I didn't know." -- Mark Twain
we have a new vector, victor!
6th Street Radio @ddombrowsky
The solution is quite obviously a hash lookup, but you would be surprised how few "programmers" come up with that.
Which begs the question, why are they not gettin up off their ass's and building more power generation plants as opposed to whining and crying which eventually leads to these stupid hair brained ideas in the first place.
Because of the NIMBY/BANANA Nazis have teamed up with those concerned about climate change to filibuster any attempts at building new power plants?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
You can't turn off a houses power remotely, these smart meters don't have interrupting devices in them.
The only interrupting devices between my power and my neighbors power are my main breaker and their main breaker.
When the utility turns off someones power they send someone to physically pull the meter.
You could build a meter with interrupting capability, but it would cost $$ so utilities aren't going to do it.
Turning someones meter off (power stays on, it is just not metered) could be possible, but if I could hack a meter, I would be in the business of selling discounts. I think the utilities might not like this sort of thing, so I am fairly sure they are not going to sit back and let someone eat their lunch. This whole story is BS. There are plenty of concerns with cyber security of power networks, residential meters are not really a big deal.
A lot of these smart meters utilize 802.15.4 (2.4Ghz) radios running a Zigbee stack. 802.15.4 is DSSS like 802.11. The same vulnerabilities exist in both topologies. There are two pieces to this system. The utility area network and the home area network. They are generally required to be separate bands. For instance, A Zigbee HAN and a cellular backhaul. The architecture of the 'system' would limit a hacker to individual homes. Replay attacks I understand are particularly successful but they don't allow you to propagate back to the utility to shut down entire neighborhoods. It's just as dangerous as having a wifi router in your home.
If one could jack up the power bill, one could also ratchet it down too.
I am an engineer that designs smart grid transponders, and there is a lot of misinformation.
The present:
1.) Utilities and Meter Manufacturers are extremely paranoid about people altering their electrical bill. If someone can hack the system, then the Utility will lose a Massive amount of money. As such, the codes to change meter tables are kept very secret, and even meter transponder manufacturers aren't given the code.
- If you can alter the meter map, your product will not be qualified to work with a meter.
- If your hardware modifies the electrical usage in any way, (decreased accuracy or modifying the table reads), your product will not be inserted into the meter
- If someone does hack a system, the amount of money required to resolve the issue is tremendous. You have upset customers, government regulations, and meter technicians that cost a lot of money.
- A utility will spend YEARS researching AMR/AMI systems before installing them. This is not a fly-by-night industry. You MUST have a solid reputation for reliable hardware in order to stay alive.
- You Don't need additional government regulation. There is enough financial incentive to keep us scared shitless of creating a flawed product.
2.) The new front IR port can be used to access meter information, but you must have a very specific security code to read anything, let alone write. Even then, it varies between utilities. Even the transponder manufacturers don't have access to the write codes.
3.) Older front IR ports just sent a pulse every time there was a count, allowing some third-party transponders access to the count.
4.) The two-way systems have integrated disconnects, which allows the power to be connected/disconnected with a simple phone call. You just move into your house? Call the utility and you can have power in less than 5 minutes. You don't pay your bill? You get disconnected. You pay your bill? Reconnected instantly.
5.) The future:
The Smart Grid stimulus is causing havoc. People are assuming fast connections that can carry the internet (Most AMI systems stay below 10Kbps). Sure, we could provide 1Mbps to each house, but it would cause everyone's electrical bill to go up $50/month. As such, AMI systems are low data rate and low cost to give the smallest customer impact possible.
Utilities want an hourly read to make sure their system is properly responding to the load demands. The "Green" people want meter information every 5 minutes, and so Utilities are requesting 5 minute reads. It is not the Government, it is this "green" movement that wants 5 minute reads. (I could write forever about the Green Smart Grid, but I will leave that for another day)
The trouble with "smart meters" and the "smart grid" is that it's too easy to put in excess functionality that can cause trouble.
First, the "Smart Grid" is not defined. You can't buy a "Smart Grid" compatible piece of hardware. It does not exist. You cannot create trouble because you don't have access to the protocol or interface hardware.
Anyone found any similar useful hacks with them newfangled radio water meters?
Those are transmit only. They have a battery inside and transmit to a collector unit every 12 hours.
With meters which do more than metering, that's just not good enough. Significant effort must be made to prevent malicious people from surreptitiously turning power off, otherwise assholes will do it just for lols. It's not like ripping a meter off the wall, which will have the same effect but carries high likelyhood of getting caught.
This is a secondary issue. The real problem is if someone figures out how to hack the system to connect their own meter. AMI systems are VERY concerned about this.
but there really should be a minimum security standard for infrastructure items like any city's power grid (or voting machines, or traffic systems, o
Sorry, late to the party.
I work for an electric cooperative. We have automated meter reading. Each night, each meter sends in the reading for the day. We're thinking about going hourly. We're actually part of a pilot project for demand response. As someone brought up in a previous post, these meters works wonders for outage management. We can now "ping" meters. A member calls in an outage, we ping the feeder he's off of and within minutes we pinpoint the piece of equipment that has failed.
I'm actually excited about a lot of this new technology because I can see where it's going and it's not all that big brotherish. I think the largest benefit to everyone involved is the increased ability to monitor consumption. As it is now, you use a bunch of power and only find out what you're getting billed for at the end of the month. Some people get surprised. Wouldn't it be neat to have an in-home display (maybe your thermostat) that shows your current (heh) usage by the hour? You can now identify which times of day you're using the most juice, things like that. And no surprises when you get the bill.
Demand response is going to be huge. As we run out of places to build dams of power plants we need to do better with what we have. The silliest thing is some unreal proportion of generation sits there idle until 5 pm when everyone gets home and turns the heat up and their TV on. That demand spike requires us to generate huge amounts of energy for just an hour or two and then the generators sit there are spin at idle until the next peak. So if you can make that peak not so sharp or not so high, everyone wins when it comes to the bottom lines. The utility is otherwise forced to buy peak power at a premium and forced to pass that cost on.
So now we're piloting a project where people's electric heat and water heater are hooked up via the "smart" grid and during a peak event, for 45 minutes, we set back their thermostat 3 degrees and shut their water heater off. So, for that barely noticeable impact on a person's life, everyone gets savings. It's also a ton better than rolling blackouts or brownouts.
I honestly think the project as it is is a pretty hard sell but I envision hourly pricing data sent down the wire to a consumer's smart appliances. You want to do a load of laundry and when you push the start button on your drier is says "Currently $0.16/kwh. If you wait 2 hrs, power will be $0.12. Start now or wait?" Leave it in the hands of the consumers. Give them the correct up to date knowledge to make good choices.
But you can't get from here to there without the baby steps. You need to start collecting a ton of data on people's usage. You need to know where and when your peaks are. You need to be able to predict them. You need to be able to interact with the consumer. Gone are the days of your dumb meter, and thank God for that. I realize some of the growing pains aren't that great but I think it will pay off in the long run.
What doesn't kill you only delays the inevitable