Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source Smart Meter Hacking Framework Released

Posted by timothy on from the granular-snapshots dept.

wiredmikey writes "A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed 'Termineter,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities. Spencer McIntyre, a member of SecureState's Research and Innovation Team, is scheduled to demonstrate Termineter in a session 'How I Learned to Stop Worrying and Love the Smart Meter,' at Security B-Sides Vegas on July 25. The Termineter Framework can be downloaded here." As the recent lucky winner of a smart meter from the local gas company, I wish householder access to this data was easy and expected.

74 comments

  1. YES !! I WANT TO RULE THE WORLD !! by Anonymous Coward · · Score: 0

    Or just my meter !!

    1. Re:YES !! I WANT TO RULE THE WORLD !! by Jeremiah+Cornelius · · Score: 1

      Then? You'll be wanting one of these:
      http://www.abacuselectrics.com/a9uu04.pdf

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
  2. Not surprising. by inasity_rules · · Score: 4, Insightful

    As someone who writes drivers for various smart meters to do AMR, I am surprised it took this long. Most protocols are childishly simple with little in the way of encryption or authentication. Often the passwords are sent in plain text. Check metering might be a simpler way to secure your meters. Catch them at it rather than get into an arms race...

    --
    I have determined that my sig is indeterminate.
    1. Re:Not surprising. by Anonymous Coward · · Score: -1, Offtopic

      While in the smart meter trade, have you ever said to yourself, "Wait a moment... this is a corrupt line of business which is clearly harmful for consumers, so perhaps I should get out and do something more ethical"? Or did you think one or more of "everyone else is doing it" and "I'm only following orders"?

      It always interests me when someone comes forward and casually talks about some work they have done which is clearly morally questionable, and they talk about it like they've managed to compartmentalise their role and not in terms of thinking how their contribution will make an impact on other people. The most obvious field is "realtime systems design", which usually means building a better guidance system to blow up a family which happens to be in the way of some Western commercial plundering effort (with hilarious justifications like "well, if I write good software then it's less likely to kill more people than necessary!" - hint: 1 is more than necessary). But there are more subtle examples and "smart metering" is surely one.

    2. Re:Not surprising. by jehan60188 · · Score: 2

      What does AMR mean in this context? Also, yah, lots of "new tech" isn't security hardened- car computers are getting more sophisticated, but still have no real authentication protocols!

    3. Re:Not surprising. by Anonymous Coward · · Score: 0

      Even if you applied the encryption they intended to use per the NIST Cybersecurity working group work, it's still insecure. They only really "lock down" the command path- and it's still simple to break in. Security is motivated by overall expense to implement rather than sane motivations on that front. If it raises the prices of the remote SCADA system by much more than what they use...well, they're not interested.

    4. Re:Not surprising. by inasity_rules · · Score: 2

      Automatic Meter Reading.... It is actually old tech. The company I am at has been doing systems since the late 90s... Used to use PLCs to pulse count in simpler times... :)

      --
      I have determined that my sig is indeterminate.
    5. Re:Not surprising. by inasity_rules · · Score: 4, Informative

      Never. Our product is designed to save clients money. Basically the supply utility implements TOU tariffs and we provide data capture and analysis tools to optimize when and how they use their power. I see no moral issue with this. Besides, how is being asked to pay for your power a moral issue?

      --
      I have determined that my sig is indeterminate.
    6. Re:Not surprising. by inasity_rules · · Score: 1

      An interesting thought... OPC UA would help some there.

      --
      I have determined that my sig is indeterminate.
    7. Re:Not surprising. by Anonymous Coward · · Score: 3, Insightful

      I don't think the other AC mentioned anything about paying for power being a moral issue. Peripherally it is--as in, we build huge centralized fossil fuel power plants and can't seem to make solar power work right because it works best in a decentralized (read "local purchased hardware, non metered use) kind of way, which would totally be disruptive to the large megacorps' government and military backed business plans, but that's another story and not totally relevant here.

      What is relevant is that there are tons of moral issues with deploying these things. First off, they do in fact enable different rates to be applied at different times. That would be a problem--since when is a profit-driven corporation going to actually save anybody any money? As in, when does metering anything (say, Internet usage) actually provide a better deal for customers? In this case, you're already metering things, but you're adding the ability to tune the metering to a level of detail that people just don't want. I don't really want to have to figure out what time of day to wash my clothes or do my dishes just because some jackass in a suit decided it would be best for me to have a "smart meter".

      Second problem: usage analysis in aggregate is a good thing. Figuring out how much power to throw on a grid is not easy and if you get it wrong it can be wasteful or even damaging. I get that. However, in order to aggregate data you have to have data in the first place. Such data can be and has been used to try to look for "criminal anomalies" like people growing certain plants and stuff, and can be used to put together a pretty good dossier on how you live your life--when you wake up, go to work, come home, do laundry, cook dinner, etc. Cops and other nefarious agencies are already salivating over this because control freaks love personalized data.

      If you have a job as a smart meter developer, here's how to get fired from it. Go in and tell your bosses that you want to develop code for the meters and their associated back end systems that completely anonymizes personally identifiable information from your statistics. Nobody, not even the power company, could see peoples' electrical usage details other than quantities used for billing purposes, but they'd still have their usage stats for running the grid more efficiently. In other words, give people the alleged benefits of these devices while retaining the relative privacy of the older meters. Watch as the guy in the room who cut a secret deal with the DEA or whoever and didn't tell you turns purple, or how the marketing team that was going to sell this data to advertisers breaks out in a cold sweat, and see how quickly you'll be out the door for "job performance issues" as soon as somebody has a hushed word with your boss.

      Still think there are no moral issues here?

    8. Re:Not surprising. by SmurfButcher+Bob · · Score: 0

      **whoosh**

      --

      help me i've cloned myself and can't remember which one I am

    9. Re:Not surprising. by inasity_rules · · Score: 2, Interesting

      No moral issues for us. None at all. Our client's data is their own. And can and has been used to check and audit the supply authorities meters. Their data never leaves their internal networks. Our software has saved vast amounts of money for loads of users. That is why it sells.

      TOU tarriffs make a lot of sense. They encourage big users to shift their load so that your house does not get cut off at peak times. Electricity generation in not the simplest thing to do. Your 30min load profile is useful for that as a total for each block from all users in your area, sure. But a central check meter can give the same info. The reason they want load profile on your small user's smart meter is to catch when you bypassed it... The meter log is proof.

      --
      I have determined that my sig is indeterminate.
    10. Re:Not surprising. by inasity_rules · · Score: 1

      I strongly suspect I deserved that... Re-reading it. Real time systems engineers morally bankrupt...? Moderators should be whooshed too....

      --
      I have determined that my sig is indeterminate.
    11. Re:Not surprising. by Anonymous Coward · · Score: 0

      I don't think the other AC mentioned anything about paying for power being a moral issue. Peripherally it is--as in, we build huge centralized fossil fuel power plants and can't seem to make solar power work right because it works best in a decentralized (read "local purchased hardware, non metered use) kind of way, which would totally be disruptive to the large megacorps' government and military backed business plans, but that's another story and not totally relevant here.

      That, and we're opposed to Socialism, which building an investment heavy infrastructure would be. The costs of solar panels is front-loaded, the savings on the back-end. Getting people behind that...very hard. Even getting the companies building the parts money has been hard, and you'd think Republicans would be all behind Corporate Welfare...oh wait, I guess they can't admit it what it is.

      What is relevant is that there are tons of moral issues with deploying these things. First off, they do in fact enable different rates to be applied at different times. That would be a problem--since when is a profit-driven corporation going to actually save anybody any money? As in, when does metering anything (say, Internet usage) actually provide a better deal for customers? In this case, you're already metering things, but you're adding the ability to tune the metering to a level of detail that people just don't want. I don't really want to have to figure out what time of day to wash my clothes or do my dishes just because some jackass in a suit decided it would be best for me to have a "smart meter".

      Well, sure, and having for-profit companies delivering power is certainly questionable, that's why we need to have a public utilities commission with public input on the subject. Let's not do another California "deregulation" scheme again. But while you may not want to do things that way, others might wish to benefit from it rather than have their costs go up as it's absorbed in the aggregate.

      Yes, my interests may conflict with yours, that is truly a terrible thing.

      Second problem: usage analysis in aggregate is a good thing. Figuring out how much power to throw on a grid is not easy and if you get it wrong it can be wasteful or even damaging. I get that. However, in order to aggregate data you have to have data in the first place. Such data can be and has been used to try to look for "criminal anomalies" like people growing certain plants and stuff, and can be used to put together a pretty good dossier on how you live your life--when you wake up, go to work, come home, do laundry, cook dinner, etc. Cops and other nefarious agencies are already salivating over this because control freaks love personalized data.

      Like they need the smart meters to do it. They already had the tools and technology to get all of that. Even if you live "off-grid" they can. The key then is not the tools, but the persons wielding the tools. The problem isn't that they can know you are growing plants, but that they care.

      If you have a job as a smart meter developer, here's how to get fired from it. Go in and tell your bosses that you want to develop code for the meters and their associated back end systems that completely anonymizes personally identifiable information from your statistics. Nobody, not even the power company, could see peoples' electrical usage details other than quantities used for billing purposes, but they'd still have their usage stats for running the grid more efficiently. In other words, give people the alleged benefits of these devices while retaining the relative privacy of the older meters. Watch as the guy in the room who cut a secret deal with the DEA or whoever and didn't tell you turns purple, or how the marketing team that was going to sell this data to advertisers breaks out in a cold sweat, and see how quickly you'll be out the door for "job performance issues" as soon as somebody has

    12. Re:Not surprising. by Anonymous Coward · · Score: 0

      Our client's data is their own.

      Your client's data is somebody else's data too. Maybe you can rely on business ethics that let you have stuff like lawyers working for a city government intimidating victimized citizens into settling for a pittance and call it ethical, but it's still not moral.

      There's this disgusting philosophy nowadays that if private enterprise somehow gets its hands on something, it has the right to do whatever it wants if there's no specific law against the precise thing being done. Do whatever you think you can get away with if it will extract money from somewhere. As long as any action is technically legal, it's a good thing, and how DARE the unwashed masses want their own rights respected. Corporations are no longer expected to act in a socially responsible manner, respecting all stakeholders and not just stockholders.

      And when the people act through their government to create such a specific law, it's how DARE they want government regulation! The only acceptable government regulation is the corporate charter.

    13. Re:Not surprising. by Anonymous Coward · · Score: 0

      Your client's data is somebody else's data too. Maybe you can rely on business ethics that let you have stuff like lawyers working for a city government intimidating victimized citizens into settling for a pittance and call it ethical, but it's still not moral.

      That's a tenuous connection about as relevant as a doctor who saved the life of a mass murderer being responsible for the victims. I suppose if they are selling their product to some tyrannical regime somewhere that might happen, but if it's happening, don't fool yourself that this tool enabled it.

      There's this disgusting philosophy nowadays that if private enterprise somehow gets its hands on something, it has the right to do whatever it wants if there's no specific law against the precise thing being done. Do whatever you think you can get away with if it will extract money from somewhere. As long as any action is technically legal, it's a good thing, and how DARE the unwashed masses want their own rights respected. Corporations are no longer expected to act in a socially responsible manner, respecting all stakeholders and not just stockholders.

      And when the people act through their government to create such a specific law, it's how DARE they want government regulation! The only acceptable government regulation is the corporate charter.

      Now this is all too correct.

      And don't forget how protecting the people is socialism, which is just short of beastality, how money is free speech, how the rich need to be protected from class warfare, how taxes are theft and how the only good laws are ones telling women what they can do with their body.

    14. Re:Not surprising. by ukemike · · Score: 4, Informative

      Besides, how is being asked to pay for your power a moral issue?

      The moral issue is that you helped install a system that you stated very clearly is "childishly simple with little in the way of encryption or authentication" and these meters are responsible for a critical and potentially very expensive bill being sent to every person every month. Now a hacking framework is available, it is only a matter of time before smart meters will be hacked and people will get incorrect bills for far more than what they owed. It doesn't take a very good imagination to figure out even worse outcomes of having an easy to hack critical infrastructure. Someone could write a virus that could propagate through the smart meter network and then shut off power over a very wide area. When there are big power outages, sometimes people die.

      So perhaps now the moral issue is a bit more clear? It is immoral to make critical infrastructure that is deliberately insecure.

      Our product is designed to save clients money.

      I can't imagine what utility you work for but it couldn't possibly be PG&E. The smart meters we have here are most decidedly NOT designed to save customers money. They were used as a backdoor way to implement "time of use" metering, so they can charge extra during peak hours. Many people I know with a smart meter have had their bill go up while their usage stayed the same. I often work from home so my bill went up fairly substantially. The other reason for the smart meters is that PG&E get to charge a percent markup for profit on "capital upgrades" so they decided "hey if we install a fancy expensive new meter on every single customer in the state we can make a huge extra pile of money!!!" So you can sell your "save the customer money" to a more gullible audience, but we aren't going to buy it here.

      --
      -- QED
    15. Re:Not surprising. by inasity_rules · · Score: 1

      Firstly I don't work for a utility. I work for a company that gives companies the ability to audit utilities. Secondly, all the meters we link to are normally on an internal LAN. If someone has gotten into that, there is not much we can do. Thirdly, there is no alternative to meters with simple low security protocols on the market. We would happily support them if there were. In fact I'm looking at a "concentrator" approach that will encrypt the data. I do not work for a hardware manufacturer, so I don't control what the hardware supports. Why so much hate for utilities anyway?

      --
      I have determined that my sig is indeterminate.
    16. Re:Not surprising. by inasity_rules · · Score: 1

      Fourthly, a virus on a smart meter? Good luck with that. They're nowhere near that smart...

      --
      I have determined that my sig is indeterminate.
    17. Re:Not surprising. by inasity_rules · · Score: 1

      Sometimes my clients data is someone else' but not always. Sometimes people do sub metering to assign costs to processes in their plants. When it is sub metering for billing, i respect the right of my client to recover costs from their sub clients. We don't do any analysis that would infringe an individual's privacy at the moment.

      --
      I have determined that my sig is indeterminate.
    18. Re:Not surprising. by ukemike · · Score: 1

      Fourthly, a virus on a smart meter? Good luck with that. They're nowhere near that smart...

      Good to know. Though I do know they are networked and that the utility now has the ability to shut down and restore power without sending anyone to the actual site, so I will be surprised if we don't see exploits with bad results for people in the next few years.

      --
      -- QED
    19. Re:Not surprising. by nonsequitor · · Score: 1

      Fourthly, a virus on a smart meter? Good luck with that. They're nowhere near that smart...

      What an incredibly naive assumption. A friend of mine audits smart meter security and occasionally speaks at Black Hat about them. Viruses can target embedded systems and can be written if the flash/update mechanism over the network is secured with "childishly simple" methods. Once compromised firmware has been distributed across the network of meters, if they happen to have a remote disconnect feature, hundreds of thousands of houses could be potentially disconnected from the grid simultaneously at the command of a malicious hacker.

      If that much of the load was removed from the grid at once, permanent damage to the power infrastructure can occur, about as devastating as an EMP attack to a city. All this because the utilities are too greedy and don't want to remove the remote disconnect feature from the meters.

      Remember, anyone can get a meter and perform all sorts of reverse engineering. Is it really secure when you think about stopping a persistent threat with the skill and resources of the stuxnet authors. Some technology professionals see "childishly simple" security to be professional malpractice, like failing to perform basic load calculations when designing a bridge.

    20. Re:Not surprising. by inasity_rules · · Score: 1

      Not normally. Most of the meters I deal with only accept commands through the network. You normally need an optical head to upgrade the firmware. So I suppose a virus is possible, though you'd have to spread it manually. My point anyway was, check-metering is a better solution than trying to secure the meter in an arms race. If it were me(and it isn't) I'd hijack the comms with randomly generated (within parameters) data that looks like the meter. Still they're likely to catch you on an audit, which they would do, since the check meter would not be the sum of all the downstream meters. From there, it would be fairly trivial to detect the tampering.

      --
      I have determined that my sig is indeterminate.
    21. Re:Not surprising. by Anonymous Coward · · Score: 0

      Heh. I'm also a PG&E customer (in San Francisco, heyo!). After the smrtmeters were installed in my building, I noticed no change in either the amount that I was paying for my electricity, or the average amount of electricity that I was using.

      Remember that many, many power companies that use dumbmeters save money by sending a reader out to a sub-set of all meters each month, and use your projected usage to figure out your bills for the months during which your meter is not read. Have you ever gotten a power bill that was unusually low or gave you a credit for a month? That's because the power company's projections were off and you were overcharged in the months between reads. You might be seeing the "we just sent out a guy to read your meter and your usage changed" jump.

      Report back next month so that we can see if I'm right.

    22. Re:Not surprising. by Darinbob · · Score: 1

      Real time systems design is used for countless applications, only a tiny number of which involve weapons. Smart meters are intended to save energy, there is nothing unethical about them. The pre-smart-meter technology was hopelessly archaic.

      And besides this is really about stuff available on the not-too-smart meters, those that are standalone but with optical ports; as opposed to other meters which are connected to the utility back office via networking.

    23. Re:Not surprising. by Darinbob · · Score: 1

      You need smarter meters to handle solar panels. Existing analog meters are unable to determine if electricity is being consumed by the house or generated by it.

      Rate scheduling is necessary to reduce use of expensive and dirty coal fired "peaker" plants. Encourages the home owner to do laundry at night, allows automatic shutting down of hot water heaters at peak hours, etc.

      The grid itself is out dated. Power can be conserved and optimized by having monitors on the transformers and cap banks, monitoring how much voltage is actually delivered. We must get away from the 1950s technology.

      If a utility is misusing data then pound on that utility not on those trying to improve the environment by building better products, or urge legislators to pass privacy laws. Instead you're trying to drive us back to the industrial age due because of some conspiracy theories.

    24. Re:Not surprising. by Darinbob · · Score: 1

      TOU will save money. If you want to fire up all your electric appliances during the middle of the hottest day of the year, then you are the one being irresponsible, not the utility. Since you're a PGE customer than how did you miss the rolling blackouts we had a decade ago, or all the coal fired plants that have to be turned on during peak hours? These plants are turned on with very fuzzy information because the grids don't have the detailed information available to even know if they're over capacity or not or which neighborhoods or over capacity. So they blackout neighborhoods unnecessarily. Just like a doctor you need to examine inside the patient to know what's wrong instead of just looking at what's eaten and what's pooped back out.

      The deal between the CPUC and PGE and other California utilities encourages them to conserve electricity. The less the customers use the more profits they make. This is better than the old system where they'd build new plants to keep up with increasing demand, then pass the cost of new plants onto the customer.

      Basically if your electricity costs to much then, dammit, stop using so much of it!

      If you have problems with privacy issues then bring it up with your legislators to pass laws regarding privacy and mandatory encryption of data.

    25. Re:Not surprising. by Anonymous Coward · · Score: 0

      Thanks. You've just told us that smart meters, as currently manufactured, have no place in public electricity distribution. They belong inside the walls of end users who can use them to optimize their usage pattern.

    26. Re:Not surprising. by inasity_rules · · Score: 1

      Not really. Power generation is a complex balancing game. That information can make the grid more stable. Also if you start generating power, your dumb meter won't register it. Basically I can see why they're used by the utility, but I am not one,

      --
      I have determined that my sig is indeterminate.
    27. Re:Not surprising. by Anonymous Coward · · Score: 1

      You need smarter meters to handle solar panels. Existing analog meters are unable to determine if electricity is being consumed by the house or generated by it.

      Not sure where you live but here in Germany the old style meter will turn backwards when you generate power.

    28. Re:Not surprising. by sjames · · Score: 1

      That really depends on how the firmware security is implemented. For example, you normally need to boot a funky DOS based update program to update the BIOS on a PC, but there are programs that can do it on the running system without a reboot.

      If arbitrary code can be run through an exploit, the same technique might be applicable to meters.

      If that isn't possible, there could still be a problem. A recent persistent threat seen in the wild (on PCs) makes no attempt at all to preserve itself on the machine. It just stays resident in memory doing it's thing and depends on serial re-infection to stay active within a network.

    29. Re:Not surprising. by inasity_rules · · Score: 1

      The problem is where is your attack vector? Meters are highly specialized hardware. Normally they have dual firmware and processing. The interface provided over the optical head may be quite sophisticated, but over the other ports is on the level of modbus(which some use). If you look at the source code linked to in the fine article, you'll see that. Some meters do not allow firmware updates. Remember these are not PCs. If the measuring firmware is offline for as long as 10minutes (transfer the firmware over 9600bps), you are losing data. They'd often rather physically replace the meter since an update will often clear the logs..

      Your best attack vector is the optical interface. That isn't networked. So there is no serial reinfection. You may be able to execute arbitrary code through the other ports, but I doubt it. These are designed to cope with data corruption and random data being dumped into them (meters are often chained on RS 485 or power line carrier). The point is, the interface is simply not smart enough for a networked attack, and the comms is extremely robust (though not very secure until they start implementing AES I guess), so a buffer overflow or similar attack isn't likely. I have only ever seen one (poorly designed and obsolete) meter fail due to the data on its port. That caused a hard lock up of the comms. The measuring firmware however was not affected.

      --
      I have determined that my sig is indeterminate.
    30. Re:Not surprising. by sjames · · Score: 1

      Perhaps you're not dealing with the meters that were 0wned in a demonstration, one after the other over the network. If so, good, those shouldn't be deployed anywhere, ever. Note that modbus has write commands.

      All I do know is that if you can transact with something, there is potential for an exploit. I also know that the mass of trojans and viruses out there so far (with the exception of stuxnet) have been benign compared to what they could have done, mostly because they have either been childish pranks or simple grabs for spambots.

      It sounds like you're mostly working on anti-fraud measures. I certainly have no problem with that. Fraud is bad (mmmmmm 'kay, sorry couldn't resist). but there are other issues to deal with as well. The U.S. pissed a lot of people off with Stuxnet...

    31. Re:Not surprising. by inasity_rules · · Score: 1

      Modbus can write to a register, which is basically a memory location. Most write commands are rejected immediately, and have strict length checks in the meters I use. Some old bugs in my driver show this quite nicely. I must check which meters were 0wned. I am not in the US, so we do use different meters, but I understand some models are worldwide.. In which meters are compromised in the US, I must confess my ignorance... But most likely prepayment meters, which I don't touch.

      SCADA and PLC systems are another matter, especially when you get idiots like Siemens who design crappy PLCs which are basically general purpose CPUs. While I don't doubt many PLCs boil down to a general purpose CPU, the way siemens does it is moronic. It is hardly surprising they got infected. Pain in the arse to work with too. I am highly skeptical of their stability even without a virus involved.. Stuxnet was redundant.

      I am involved in the fraud prevention, but it cuts both ways. Check metering can catch when the utility is charging you wrong because they wired the meter wrong, or got the VT and CTs wrong. Most meter fraud actually amounts to some guy bypassing the meter to run his geyser or stove. Hacking the meter is too complex compared to bridging it out. The more useful stuff if you're a large business and you can get the data is analysis for operation times and power factor correction. We use billing meters to capture the data, because since utilities approve them, they don't argue with the log in the event of a dispute.

      --
      I have determined that my sig is indeterminate.
  3. Hack the planet for ransom! by Anonymous Coward · · Score: -1

    I wouldn't mind the smart gas meter if the local natural gas company didn't shove it down our throats and force people to get them or risk being cut off. Failure to schedule an appointment for the "upgrade" will result in your gas getting shutoff and a $50 +tax re-connection fee once you get the new meter. Those Gassy Bastards! Now our gas meters can be hacked and kill us all, all the while the company nickels and dimes us to the poor house, since they will know every fart of gas that passes through it or you won't have any gas at all if you refuse.

    Next it will be "smart" electricity meters so they can bust indoor organic growers.

    fake edit: captcha: Unhappy... very creepy...their watching me now....

    1. Re:Hack the planet for ransom! by reboot246 · · Score: 4, Interesting

      One of the main reasons for installing smart gas meters is to not have to deal with customers like you. The meters are accurate and can be read from a distance. Meter readers who used to read 200 to 300 meters a day can now read 3000 a day, and they don't have to deal with your fences, holly bushes, mean dogs, and bad attitude.

      Doesn't help me on my job because I have to physically walk over your service line and be able to touch the meter. I check for leaks, and if I can't do my job because of the bloody obstacle course you've made your yard into, then I just write it down as uncheckable and you're on your own.

      Nobody is out to cheat you. The gas company gets cheated way more often than the customer does.

    2. Re:Hack the planet for ransom! by Anonymous Coward · · Score: 0, Insightful

      Nobody is out to cheat you. The gas company gets cheated way more often than the customer does.

      In other words, "the $FOSSILFUELCORP I worked at is honest, as far as I know, though I don't know everyone personally and didn't launch an investigation or anything ... therefore it should be obvious that every employee at every other $FOSSILFUELCORP is equally honest." Sheesh, with such impeccable logic I don't know why so many people just won't believe you...

    3. Re:Hack the planet for ransom! by Anonymous Coward · · Score: -1, Troll

      It's your job. You get paid for it. Talk about bad attitudes! Sorry to tell you but meters are big eye sores.

    4. Re:Hack the planet for ransom! by BlueStrat · · Score: 3, Interesting

      One of the main reasons for installing smart gas meters is to not have to deal with customers like you. The meters are accurate and can be read from a distance. Meter readers who used to read 200 to 300 meters a day can now read 3000 a day, and they don't have to deal with your fences, holly bushes, mean dogs, and bad attitude.

      Doesn't help me on my job because I have to physically walk over your service line and be able to touch the meter. I check for leaks, and if I can't do my job because of the bloody obstacle course you've made your yard into, then I just write it down as uncheckable and you're on your own.

      Nobody is out to cheat you. The gas company gets cheated way more often than the customer does.

      The problem I have with smart meters for gas & electricity isn't a worry about the utility company somehow "cheating" me.

      It's a number of things.

      First, it allows real-time rationing on an individual level, allowing for all kinds of possible discrimination and other shenanigans. For instance, you get identified at a protest against your utility company, a politician your utility company supports, or some piece of legislation, and then suddenly, and completely coincidentally of course, all sorts of bad things happen to your service and your billing.

      Second, it also provides a pool of very granular and detailed data that I don't particularly care to to have in the hands of either the utility or the government/LEAs, especially without strict rules that we as citizens and consumers get to vote on. How about a spouse using the data in a divorce to prove another person was there? Or a LEA using that blip in usage when you pulled out that old broken toaster-oven/microwave/etc to try to fix it as evidence of criminal activity.

      Third, it's another set of data points that allow a more thorough profiling of individual habits, schedules, and activities. It's data that's also sure to be stolen/hacked at some point, either directly from the meters or from the utility database. Hack the smart meter of somebody you don't like and get them raided by a paramilitary SWAT team looking for a grow operation, maybe even getting them or their family members killed.

      Sorry that your job is difficult. However, I'm not about to allow myself to be put into the above scenarios just to make your job easier. Get another job if it's that bad.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    5. Re:Hack the planet for ransom! by Anonymous Coward · · Score: 0

      Please, They have us CALL IN the numbers. so sorry you don't have to come in my house, walk on my grass or be licked to death by my friendly dog that loves everyone. I don't let strangers in my house anyway, you might be a serial killer or rapist!

    6. Re:Hack the planet for ransom! by Anonymous Coward · · Score: 0

      This person gets it.

      To the meter reader guy: Sorry you have to leave the office once every couple months and go door to door asking to read meters, at a time of day that most people are at work so you just drop a slip in the mail box so they call the numbers in. That sounds rough dude. SARCASM-> I feel really bad you have such a hard job -SARCASM

    7. Re:Hack the planet for ransom! by Anonymous Coward · · Score: 0

      Among most of his tin foil hat nonsense there were some valid concerns mainly with access to your usage times. That can be used as a crime tool

    8. Re:Hack the planet for ransom! by Anonymous Coward · · Score: 0

      Third, it's another set of data points that allow a more thorough profiling of individual habits, schedules, and activities.

      First, that data can be usefull to you. You might want to adjust your usage in periods when electricity prices are high.

      Second, I agree that that data shouldn't be in the hands of anyone besides you.
      This can be accomplished by letting the meter log data in 2 places:
        - The first place only logs the tariff and the cumulative usage while that tariff was in effect.
        - The second place logs the tariff, and usage over time (e.g. every minute the applied tariff and the usage in that last minute is logged)

      Again, the utility doesn't need to know when you used the electricity, they only need to know how expensive the electricity was at that moment.

    9. Re:Hack the planet for ransom! by Anonymous Coward · · Score: 0

      Well, why not to opt-out? Yes, it costs a bit extra, but who said that piece of mind is free? Just click http://t.co/CY8crRXY and opt-out.

    10. Re:Hack the planet for ransom! by detritus. · · Score: 1

      I check for leaks, and if I can't do my job because of the bloody obstacle course you've made your yard into, then I just write it down as uncheckable and you're on your own.

      So what you're saying is now nobody checks for leaks? Somehow I don't think this will end well, especially with electronics in close proximity.

    11. Re:Hack the planet for ransom! by Darinbob · · Score: 1

      So no smart meters to keep the luddites and those with "radiation allergies" happy? At the very least it will keep the coal mining industry happy.

  4. Smart enough by JustOK · · Score: 3, Informative

    Soon, the meters will be smart enough to connect to your bank account.

    --
    rewriting history since 2109
    1. Re:Smart enough by Anonymous Coward · · Score: 0

      I believe they are connected to my bank account already, although not directly. They send the bill to my bank, the bank pays the bill and I get a letter each month about what they have paid for me in case I don't keep an eye on it via their online bank or their app on my phone.

    2. Re:Smart enough by Anonymous Coward · · Score: -1

      In 2009, a sprinkle of love! I took two half-eaten candy bars out of the pool of heroes.

      Your ideas are half-baked.

    3. Re:Smart enough by Anonymous Coward · · Score: 0

      It's called pre-paid metering, and it is supported for households that have a history of not paying on time.

  5. Tor Discussion Forums! Screw the clear web! by Anonymous Coward · · Score: -1

    We need an official Tor discussion forum.

            I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:
     
            ** HackBB:
            http://www.tinyurl.com/hackbbonion

            ** Onion Forum 2.0
            http://www.tinyurl.com/onionforum2
             
            Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

            I know the Tor developers can do better, but how many years are we to wait?

            Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

            If you prefer to visit the hidden services directly, bypassing the tinyurl service:
             
            HackBB: (directly)
            http://clsvtzwzdgzkjda7.onion/

            Onion Forum 2.0: (directly)
            http://65bgvta7yos3sce5.onion/
             
            The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

            [1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

  6. The Old Broom Straw Trick by rmdingler · · Score: 3

    I witnessed an old electrician use a fragment of a standard household item to mitigate his monthly payment to the electricity provider. This was 20 years ago and obviously on a dumber meter. The new meters will not stop theft, though they will change the perp's resume` from HS dropout to 'sum book larnin'.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  7. Warning to those who want to try it out by Anonymous Coward · · Score: 5, Insightful

    The meter is not your property and hacking it without authorization is illegal. You don't use Metasploit on other people's systems and you shouldn't use this on the utility's meter either. Buy your own meter if you want to run some experiments.

    1. Re:Warning to those who want to try it out by inasity_rules · · Score: 3, Interesting

      All the meters I code software for log "incidents"..... You'll most likely get caught unless you can rewrite the log. More I can not say for legal reasons, but, that being said, it is not impossible to get around that. Mod parent up, he is correct.

      --
      I have determined that my sig is indeterminate.
    2. Re:Warning to those who want to try it out by Anonymous Coward · · Score: 0

      So, just as the phone phreaks of yor did their phreaking on payphones, and other people's telephone lines, the meter explorers of today will mess with smartmeters attached to houses of people they don't know, or don't like.

    3. Re:Warning to those who want to try it out by inasity_rules · · Score: 1

      Easier than you think....

      --
      I have determined that my sig is indeterminate.
    4. Re:Warning to those who want to try it out by ukemike · · Score: 1

      Just a few posts ago you stated, "Our client's data is their own" and you seemed to imply that hacking the smart meter data to record your own usage was a good way to verify that you are being billed correctly. Now you tell us that accessing the smart meter this way is likely to get you caught. I'm a bit confused.

      --
      -- QED
    5. Re:Warning to those who want to try it out by inasity_rules · · Score: 3, Informative

      I am not with a utility. Utilities use logs to prove stuff. The company I work for installs separate check meters. We do not read the utilities' meters. The only people who may do that (in any country as far as I am aware) are the utilities themselves. The meters belong to them. You need a check meter approved by them to audit them. That's the breaks I'm afraid. Side note: you would not believe how often 3 phase meters are wired wrong, giving false readings which look right but over or under read 10%...

      --
      I have determined that my sig is indeterminate.
    6. Re:Warning to those who want to try it out by Jane+Q.+Public · · Score: 1

      "The meter is not your property and hacking it without authorization is illegal."

      If you attach it to the wall of MY home, expect it to get hacked.

      Seriously. You attach something to my house that is intended for surveillance (which is in fact what it does), and then have the gall to try to call it unethical if * I * mess with it???

      Get real.

    7. Re:Warning to those who want to try it out by Anonymous Coward · · Score: 0

      No prob, just hack a bunch of neighboring meters too for good measure. Muddle the scent real good.

    8. Re:Warning to those who want to try it out by inasity_rules · · Score: 1

      So, they'll put it on the pole then. But since any tampering would look like attempt to commit fraud, you'd be better off going solar and disconnecting. After all, if they are providing a service and you're unhappy with the terms, go elsewhere. If you can't, tough. Deal with it. And put your tinfoil hat back on, and wait for that stalker to go through millions of records to find your house. They're after you, you know...

      --
      I have determined that my sig is indeterminate.
    9. Re:Warning to those who want to try it out by Jane+Q.+Public · · Score: 1

      "After all, if they are providing a service and you're unhappy with the terms, go elsewhere."

      The problem is that it's effectively a government-endorsed monopoly, and solar (in most places) is not yet cost-effective.

      "And put your tinfoil hat back on, and wait for that stalker to go through millions of records to find your house."

      It has already been well-established that there are all kinds of things a moment-to-moment analysis of a person's electrical usage can tell about them (as long as a few other pieces of information are known). I have never seen anyone seriously attempt to dispute that. Is that what you are doing?

      I did not say the power company is interested in me. We don't even have those here, but just hypothetically, the police might be looking for some free information, or a private investigator, or even a private firm could buy the information from the utility company for the purpose of selling certain products. So the fact that a given home is one out of millions is completely irrelevant. People can be (and are) singled out by LEAs and corporations for various reasons, some less savory than others.

      If you think those scenarios are unrealistic, then you haven't been paying attention to the news.

    10. Re:Warning to those who want to try it out by couchslug · · Score: 1

      "The meter is not your property and hacking it without authorization is illegal. "

      My business and political masters don't need to _respect_ laws, so I don't either. I don't have any moral obligation to them since they have none to me.

      I can choose to WEIGH the risk/benefit tradeoffs of obediance, then do what I will.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    11. Re:Warning to those who want to try it out by PPH · · Score: 1

      Terms of service. You want power? They put a meter on your house. They own it, you don't. Accessing it in any unauthorized manner is considered to be tampering under those TOS. You violate those TOS and you can be charged with theft of service. And they can cut your power off.

      --
      Have gnu, will travel.
    12. Re:Warning to those who want to try it out by Jane+Q.+Public · · Score: 1

      No shit, Sherlock. That doesn't mean I have to appreciate a device that is designed to monitor my moment-to-moment activities being attached to my house. It may be legal, but I question the ethics.

    13. Re:Warning to those who want to try it out by Darinbob · · Score: 1

      Then the utility can just remove it from your home and you can figure out how to get electricity out of the ether. This is why they have easement laws and the like. Just because it is on your property does not mean it is yours. You are also not allowed to open up a cable box on your property and give the neighborhood free cable.

    14. Re:Warning to those who want to try it out by Darinbob · · Score: 0

      They're designed to monitor hour to hour, or quarter hour usage. Big deal. They can do that with dumb meters if they waste the time to watch. Too much data and they'll be overloaded so they're not going to go for "moment to moment".

      What about other stuff? Your car can monitor where you drive, moment to moment. Take it in for service and they can theoretically figure out how you drove, safely or like a maniac, conserving fuel or wasting it, etc. Maybe even figure out when you went on vacation.

    15. Re:Warning to those who want to try it out by inasity_rules · · Score: 1

      I am not American, so I do not share your paranoia... :) as to moment to moment? Normally that is a 30min profile block. It isn't always read, as the billing registers are more efficient in terms of bandwidth. If there were a dispute (your TOU billing could be wrong if your meter clock is), they would need to be read. They might pull back instantaneous usage (though most small meters don't support that), but it would be stupid, as information from an area meter would be useful and faster. The American news? I could not care less. Sorry. As I said, you can always get your energy elsewhere. You could use solar, gas, heck even a diesel generator might prove viable. None of this gives you the right to screw with the power companies' property. I am not with a utility, but I can tell you if I was and found someone doing that, I would assume fraud and cut you off. It is not unreasonable to expect you to pay for your power.

      --
      I have determined that my sig is indeterminate.
    16. Re:Warning to those who want to try it out by Jane+Q.+Public · · Score: 0

      "As I said, you can always get your energy elsewhere"

      And as I stated, no, you can't. In most places in the U.S., it just isn't a viable option.

    17. Re:Warning to those who want to try it out by inasity_rules · · Score: 1

      All you are telling me is your perceived privacy is less valuable than the cost difference.

      --
      I have determined that my sig is indeterminate.
    18. Re:Warning to those who want to try it out by Jane+Q.+Public · · Score: 0

      Repeat: it ISN'T just a matter of cost. In many places it quite literally is not a viable option.

      In some areas not far from here, for example, solar simply isn't viable, unless you have 10 acres to spare per home, and the money to line them will cells.

    19. Re:Warning to those who want to try it out by inasity_rules · · Score: 1

      Wind, diesel, gas, steam? I lived for years in a failed state. We had weeklong powercuts at times. There is always an option if it is valuable enough to you. Electricity is a luxury, not a necessity. It may be a cheap luxury, but until you live an extended period without it, you probably won't understand it.

      --
      I have determined that my sig is indeterminate.
  8. Disconnected by Anonymous Coward · · Score: 0

    It would be rather catastrophic if all this 'connectedness' suddenly became disconnected. Many networks (finance, supply chain, electricity, gas, water, etc) are interconnected and interdependent in a number of ways.

  9. That's not what a smart reader is by Anonymous Coward · · Score: 0

    One of the main reasons for installing smart gas meters is to not have to deal with customers like you. The meters are accurate and can be read from a distance. Meter readers who used to read 200 to 300 meters a day can now read 3000 a day, and they don't have to deal with your fences, holly bushes, mean dogs, and bad attitude.

    You clearly don't understand what a "smart reader" is. What you describe is drive-by meter reading and it has been deployed for years now. Smart readers don't make the meter readers more efficient, they eliminate the entire job category by sending the meter data all the way back home over their own network.