Slashdot Mirror
Smart Electricity Meters Can Be Dangerously Insecure, Warns Expert (theguardian.com)
An anonymous reader quotes a report from The Guardian: Smart electricity meters, of which there are more than 100 million installed around the world, are frequently "dangerously insecure," a security expert has said. The lack of security in the smart utilities raises the prospect of a single line of malicious code cutting power to a home or even causing a catastrophic overload leading to exploding meters or house fires, according to Netanel Rubin, co-founder of the security firm Vaultra. If a hacker took control of a smart meter they would be able to know "exactly when and how much electricity you're using," Rubin told the 33rd Chaos Communications Congress in Hamburg. An attacker could also see whether a home had any expensive electronics. "He can do billing fraud, setting your bill to whatever he likes [...] The scary thing is if you think about the power they have over your electricity. He will have power over all of your smart devices connected to the electricity. This will have more severe consequences: imagine you woke up to find you'd been robbed by a burglar who didn't have to break in. "But even if you don't have smart devices, you are still at risk. An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode." The problems at the heart of the insecurity stem from outdated protocols, half-hearted implementations and weak design principles. To communicate with the utility company, most smart meters use GSM, the 2G mobile standard. That has a fairly well-known weakness whereby an attacker with a fake mobile tower can cause devices to "hand over" to the fake version from the real tower, simply by providing a strong signal. In GSM, devices have to authenticate with towers, but not the other way round, allowing the fake mast to send its own commands to the meter. Worse still, said Rubin, all the meters from one utility used the same hardcoded credentials. "If an attacker gains access to one meter, it gains access to them all. It is the one key to rule them all."
Trump is right, these darn cyber-puters are too fast and nobody knows what they are doing.
http://time.com/4619337/donald...
Table-ized A.I.
When "smart" meters first hit the scene a few years ago, people brought up these very issues. I'm surprised that in that time they have not been addressed, though I know I shouldn't be surprised...
If you want news from today, you have to come back tomorrow.
Nothing should need software.
The future is analog.
How on earth is software going to make a meter explode?
How can issuing a command (any command) possibly cause a meter to overload? You do know how they work, don't you? Only people who think electricity is magic and watch to many movies and too much tv would be alarmed, the rest of us not so much.
Except when it isn't
So, a house fire traced back to a faulty meter means that they can be 'hacked to literally explode'. Excellent extrapolation there guys.
Smart meters may - or may not - have a relay to control loads on a different tariff than the usual "always on 24/7" one. They may possibly be hacked to turn this relay on - or off, making them a bit of a nuisance.
But explosions? Or house fires even? A bit hard to believe.
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
The meter isn't much more than a hall sensor and some support electronics connected to a microcontroller.
ELI5: How can an attacker see whether a home had any expensive electronics.
"Repeatedly referring to a potential hacker as a "he" is completely unacceptable in this day and age."
I do agree with you.
A problem I'm running into myself, however, is what word to use instead. ..." even though it's about a single person.
In a text you can't constantly repeat "the potential hacker" and the person is not a thing so "it" won't work.
Writing "he/she" or "(s)he" constantly is - in my opinion - an ugly solution.
But, then what should we use?
I noticed that Valve is using "they" on Steam, e.g. "They added
But using "they" in such a text when referring to a potential hacker, that also doesn't sound right.
So, tell us, what should we use instead of "he"?
Life works differently outside your college safe space, snowflake.
An attacker could also see whether a home had any expensive electronics.
He will have power over all of your smart devices connected to the electricity.
An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode.
How did this kind of chicken-little the-sky-is-falling FUD make its way onto Slashdot?
You should be ashamed for posting this "article".
Unless you are a meta-troll you just bit one of the more obvious ones I have seen here, and this is slash-dot some people don't do subtle.
As we near 2017, I have to ask this question, as some of us have been browsing this site for nearly 20 years. Remember when not only was tech discussed, but it was discussed on a level that was beyond sensationalism?
From a wireless network standpoint: Yes, when performing HO's, the BS (in GSM case) is what authenticates the UE. Lets say the attach is successful, and you get PDP context as well. Ok, now you need to communicate with the Utility provider. Not only do you need their IP, but you need to know how to communicate with them via whichever protocol they choose. If you attach and get PDP, you're about as far as being on the same network as the provider, IE: You're on the internet, congrat-u-fucking-lations.
So, you want to target GSM as well? I'd welcome you to also read the news as well. GSM is EOL as of this coming year (as far as AT&T is concerned). But if these mysterious "handovers" are the fear, *every* technology uses them. How do you expect to be walking/driving from point A to point B and maintain service? When signal strength from your current cell begins to degrade, and another in range becomes stronger, your cellular device will switch to the most powerful node.
I swear people are acting as if cell technology is some type of magic. If providers don't have any sense of security then blame that, but leave fucking wireless tech out of this in this case. Once you're on the internet, you're on the internet.
Perhaps this is the same expert who warned of the dangers of the year 2000.
Yes electric meters can explode with much more power than cell phones & alarm clocks! Phones & clocks are limited by chemical explosives but the meter has a whole power company as driving force.
If you do not believe, go watch more action movies!
Cut of your power yes, as a standard feature too, for the power companies convenience or maliciously for personal disruption and even nation scale blackout regardless of the grids functioning. Depending on the exact design it might be an easy fix but this part of the design isn't regulated, it might require nation scale hardware replacement if the firmware re-set wont clear the "upgrade" or if re-infection is to fast from turn on (yay for mesh networking). Of course explode is an exaggeration, assuming they designed it right, but using the cut of to cause electric fires in at least some buildings with dodgy wiring or the wrong cheep phone chargers, by flickering their power, is a given. Also this tactic could cause blackout or damage to the grid by causing surges, remember when you turn on a warm fridge or a cold electric bulb they both use more to get started.
Worse from a plausibility perspective the suggested future use of smart meters in demand smoothing is to allow the grid to continue without being able to tolerate the unregulated demand of it's users, just a denial of service attack on communications will cause blackouts, no matter how it happens.
In older English, they was the valid pronoun for an individual of unknown gender.
How could a current transformer tied to an analog input cause a fire?
I can see messing with somebody's billing. But what's the point?
I think the article is some covert piece against continuing 2G cellphone communication.
"An attacker could also see whether a home had any expensive electronics." -- hillarious, that or some really old, highly wasteful power sucking devices.
Up here in Canada, they rolled out these turds everywhere about two years ago. Ours work off a semi-proprietary wireless mesh network though, which all eventually connect to a node somewhere near the head of the community that actually bridges to the hydro company's network so they can talk to them.
Breaking into the mesh network requires a $20 SDR dongle and a little bit of patience. You can do many thing you want at that point. The security is laughably weak. They've even got commands for flashing the units remotely- and they'll accept anything you throw at them, so long as the checksums are correct (there's zero firmware encryption anywhere).
What really boggled my mind was something nobody ever mentions in the context of a "smart meter"- the built-in termination switch. All our units have a fairly beefy solenoid inside them that actuates a mechanical lever that can disconnect your entire house from the grid. You can use this to kill the power to an entire house remotely- and they do, all the time. Our neighbour was on the receiving end of that recently when he invested in some equipment to keep some of his plants growing throughout the winter. Power company noticed a suspicious increase in power consumption, probably in line with a grow op, and flipped the switch remotely. His whole house just clicked off, and 25 minutes later the cops rolled around with a hydro van in tow. They turned it back on pretty quickly once he gave them a tour of his "grow op". I'm pretty sure he gave the cops and hydro guy a bag of tomatoes too, which I always thought was pretty funny (we now joke that the power co is going to kill his power whenever tomato prices go up).
Anyways, I digress.
My point is that there's this huge mesh network out there... Running on fairly common and well understood hardware, with absolutely no security, and there's the ability to shut off the power to any house you want, and *then* you could even flash the unit (which leeches off the utility side for power) and permanently brick it, forcing the power company to replace the affected unit before restoring power to that residence.
Remind me why this was a good idea?
Oh, yeah, and they're doing the exact same goddam thing with the gas lines too. Digital smart meter, built-in shit off valve, 99% unencrypted, just waiting for someone to cause a small disaster (though up here, most of our utilities are electric, so I don't know how many people would care if their hybrid gas/electric stoves suddenly stopped working).
It seems like something's gonna have to happen before they'll do anything about it. I can only pray that when something does happen (when, not if)- people don't get hurt because of it.
Aye - it is referred to as singular they
Insecurity of these devices is not something the language used to program can fix. Whether it's in Rust or in C, you can write very insecure code on any platform, Rust just tries to prevent common mistakes in C so buffer overflows are 'caught', Java or Objective C has similar safeguards as Rust resulting in similar problems.
Both Perl and Ruby have very strict tainted variable constructs for example, it's almost impossible to not clean the data received from outside the program but that doesn't make your code invincible to SQL injection.
Custom electronics and digital signage for your business: www.evcircuits.com
The purpose behind the current smart meter roll-outs, aside from delusional hype, is to cut the number of expensive staff the meter company needs, not just in obvious meter reeding roles but also in cut-off situations. As such this is a feature baked into a number of meter modules, though not always turned on. It might not be in yours but it is one of the financial driving factors behind role-outs in some places, including the UK from what I have read previously.
So TLDR the cutoff switch is *not* still a manual device
A lot of people won't notice the changes to their paperless automatic withdrawl, and "dissidents" and "whistleblowers" of all kinds can rest assured their deaths will be a tragic accident.
does this douchebag "Netanel Rubin, co-founder of the security firm Vaultra" have any evidence for this end of the world scenario? Perhaps, I don't know, evidence of hacking one in a lab?
SMETS (1&2) the industry backed standard for UK smart meters includes remote "disablement functions", cut off functionality is not just possible but standard and standardised, along with all the consequences thereof.
The era of the God Emperor is dawning; away with your silly SJW foolishness!
is a load of crap. These are state machines, typically written in embedded C. There are typically current transformers that have a large winding ratio, even if the electronics/firmware screws up there is no back driving the power line. And no relays. This guy has been watching too much Hollywood.
Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
They are purely measurement devices, measuring the current through an internal shunt. That shunt is a thick, short and fixed conductor.
The ability to switch that much power would require a quite expensive switching element that is not present in any meter design I've seen.
Not that there aren't security issues with measurements as detailed as smart meters produce, and there are vulnerable switching devices elsewhere in the grid, but there isn't one per customer.
Electric meters are designed to allow the meter to be read remotely. Thats it. They dont have a self destruct function, they dont magically give control of smart devices in the home ( whatever that means ) they dont give the ability to inventory the expensive electronics in the house. They allow the attacker to see and possibly modify the total number of kilowatt hours consumed. Thats it. They can mess with your bill. Maybe.
If this is so simple, and it's been an issue for years, then why not even one single proof of concept. Nobody wants to control their power bill? ISIS just waiting for the right time to kill us all? In terms of credibility this is right up there with "Hackers can turn your home computer into a BOMB... & blow your family to smithereens!".
Human Rights, Article 12: Freedom from Interference with Privacy, Family, Home and Correspondence
Q: Why is starting a comment in the Subject: line incredibly irritating?
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
These devices have issues on a MUCH "higher level", SQL injections are the least of their issues. GMS, grid-wide passwords...I'm assuming no encryption at all for the signals. It looks like one doesn't even need to get into any code-specific exploits...just a 2G GSM transmitter and some protocals, and maybe a list of commands. Pull up next to someone's house, hijack the signal and probably get the meter itself to just explode.
If properly exploited, this will be a "virtual" WMD in WWIII. A bit of code, replicated out across the tower network, once triggered could potentially start millions of simultaneous house fires across the USA, and knock out most urban power grids. A few minutes later, trigger other code at the power plants to do something similar. Like a STUXNET but aimed at the electrical grid and smart meters.
Lets not go totally hyperbolic here. Overloading a meter is going to cause the .20 wacko Chinese capacitor to fizz out, turning the stupid thing off. It is very unlikely to burn the house down. There will be SOME security that will likely be effective at minimizing major damage from the meters. You can't start WWIII with this method.
Faster! Faster! Faster would be better!
Considering the state of industrial control systems, I would be surprised if they have much in the way of security at all.
.
No. Just no. Look them up, at most what they have is remote disconnect relays with a cycle time of 30 to 120 seconds. The aren't solenoids (wire coil relays) but stall motors that move the contanctor open or closed and are not fast acting. That is their only active function. The rest are passive. So they might be able to fiddle the bill, or turn your power on and off. But make the meter explode? I've not seen any designs that would fail in that way. Admittedly, I've not seen every design, but most use a stall motor to move a spring loaded armature/contactor set open or closed.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
Even the average fat, lazy US citizen would riot if our "smart meters" were able to remotely cut off power entirely.
Canadians why you so stupid?
I get that there are a lot of AMI meters out there that were installed with the old 2G protocol and should be upgraded, which probably means a meter by meter physical upgrade (though perhaps additional encryption software running over 2G could be installed in firmware, which could also take care of hard coded passwords).
But more modern meters are using 3G or 4G, and overall security has been upgraded. The article only covers the older installs without saying that more modern meters and software have addressed the security concerns outlined in the article.
maybe that's why the police have started to kill people on spot instead of sending them through a lengthy process in the justice system where they might actually survive?
these devices allow remote monitoring of power usage with granularity of a day or better. How hard would it be for a power company sys-admin, who is a little short of cash, to write a script to find customers who's usage had dropped by 50% or more since a few days ago ? Then sell that list to his house burglar friend who would like to know about homes who's owners might be away on holiday.
To quote
For the US
https://it.slashdot.org/comments.pl?sid=10062519&cid=53582761
"The Utilities and their meters are not regulated by the government or required to be listed by a testing agency"
"a couple years ago, Portland General Electric had to recall 70,000 meters to get a problem repaired with the remote Shut-off function that was supposedly causing fires....."
For the UK
"SMETS (1&2) the industry backed standard for UK smart meters includes remote "disablement functions", cut off functionality is not just possible but standard and standardised."
and for Canada
https://it.slashdot.org/comments.pl?sid=10062519&cid=53582597
"Breaking into the mesh network requires a $20 SDR dongle and a little bit of patience. You can do many thing you want at that point. The security is laughably weak. They've even got commands for flashing the units remotely- and they'll accept anything you throw at them, so long as the checksums are correct (there's zero firmware encryption anywhere)."
"All our units have a fairly beefy solenoid inside them that actuates a mechanical lever that can disconnect your entire house from the grid. You can use this to kill the power to an entire house remotely- and they do, all the time. Our neighbour was on the receiving end of that"
So minimum damage in an actual competent attack is a blackout of all homes and forced manual fix of all meters to get power back, maybe even replacement. Depending on the actual design you might be able to cause occasional electrical fires if the homes served have bad wiring, but seating fires in even 0.01 percent of houses is a huge amount of damage, even if they mostly don't catch, more so where houses are tightly packed. Ransom-ware or targeted attacks are also possible.
So literal detonation no, but worth the risk, given the near zero return on investment from a consumer perspective, also no.
a shit?
A: No one.
Quote: "An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode."
Methinks this guy has watched too many movies where, when a computer goes bad, lights flash, flames leap out, and smoke pours out. Most electronics dies so quietly, the only evidence of failure is that it doesn't work any more.
so its not just one cert for all.
but meters have IR optical comms too, with 8 char passwords.
Liberty freedom are no1, not dicks in suits.
"They" has a very long history of this use (think Chaucer)
I put a homemade Faraday Cage around mine. As long as it doesn't TOUCH their meter Public Service can't do anything about it. Public Service tried to make me take mine off. I told them they can't make me, it's not touching their meter. I just gave them my middle finger. They haven't said anything to me in 6 years now since I put it on. I put it on the day after they installed the thing.
The Truth is a Virus!!!
PGE mostly uses unlicensed, part15 communications devices on a meshnet instead of GSM/2G. (often at illegal ERP levels)
One advantage to no license is no FCC fee for using license spectrum. Disadvantage is that PGE meters do not have priority use of the spectrum and cannot operate interference-free. They also cannot expect any privacy or security unlike GSM/2G/Licensed spectrum.
Just sayin'.
Not "starting WWIII", but would make an excellent "distraction" attack. Even just knocking out the power to millions of homes and businesses at the start of a conflict would be an amazingly effective attack both tactically and physiologically. Even if it's just a small over-all percentage, this would be just another prong in the electronic / cyber side of the next major conflict and will seriously freak out any population. Other attacks would include massive DDOSing, BGP router attacks, corruption of any reachable firmware, "cyber" attacks on drones / UAVs, etc.
It's more sensible than French, where everything is either a he or a she, even if it doesn't have any gonads.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
The question is how you would turn off items on the grid by hacking a meter? These meters do not contain any relays or controllable switches, the most that you can do with some advanced meters is perhaps control a side load (a 15A circuit) there is just too much that could go wrong and it would be way too expensive to have these things contain 200A/400V relays, if they did, a few switches on and off and the contacts weld themselves shut.
Custom electronics and digital signage for your business: www.evcircuits.com
Time to put my pedantic hat on. A smart meter can not cause any damage as a meter is a device to measure, not modify or control. A quick Internet search suggests the word comes from the Greek word métron, to measure.
The devices being argued about are not smart meters, they are controllers. If you have a smart energy controller then I guess you may be at risk, but if like me, you have a smart meter then you can write code until the cows come home and still have zero effect on my power.
What the "expert" has done here is taken the worst features of multiple meters, and put them together as though every meter is this way. And even then, he's overstating things...this "they can tell if you're home by how much electricity you're using!" bullshit has been around forever, and it's ridiculous.
Let's see, where to start. One, almost no meters use GSM. GSM is expensive on a per-device basis (the target upper limit for hardware costs is about $100/meter), poorly-supported by cellular providers...with future-state being no support at all...and renders the utility dependent upon an outside provider for all of their network backhaul from the meters. This is why, if you look at any of the major meter manufacturers (Itron, Elster, Landis + Gyr, etc.) you will find that they all use a very different architecture that does not at all rely on GSM, or any other cellular protocol. They use mesh networking and collectors.
Second...okay, let's talk about what you can do with the meters. Yes, theoretically (it's never been done), you can figure out if someone is home. You would need to be in their neighborhood to begin with since you have to speak directly with the meter. You would need to reverse engineer their specific approach to frequency agility, and break the crypto so that you could then impersonate the head-end and do meter data requests. With that, you could do data sampling to determine what normal peak and low usage numbers were, and from that you could derive whether or not they were probably home at any point in time. Or...you could simply walk near the house and see if the lights were on or there were less cars in the driveway/garage than usual. Which thieves already do, as a best practice that works pretty well.
Then, let's talk this "house fire" over "overload" bullshit. Meters do not regulate power. Let me say that again. METERS DO NOT REGULATE POWER. They can turn power on and off, and that is it. They cannot modulate voltage, wattage, frequency, or amperage. And while in the early days of AMI adoption it was feared that a compromised head-end (or impersonation thereof) could permit an attacker to issue enough remote disconnects to cause what's known as a "bulk load shedding event," it turns out that the meters and their communications networks are too slow. That network architecture I described above with collectors and mesh networks? Every approach in broad use acts as an inherent throttle on communications in bulk. So you couldn't even destabilize the grid; the effect would happen too slowly. And just as the attacker could turn the meters off, the utility could just turn them back on..so this would not be what you would consider a "blackout." They cleverly cite a house fire, though that was the result of a meter vendor changing the polymer used in the meter backing; the replacement polymer had the dual properties of 1, not being ablative (so it could catch fire) and 2, being more brittle...so if the meter wasn't seated the right way, it would crack. An arc would form eventually, setting the meter's base on fire...and there's your house fire. Nothing to do with hacking in the least.
This guy Rubin is a wanna-be with a new company, and he's decided to look at devices which are widely used without really learning about the industry they belong to, or getting the experience needed to know how all of this stuff really works in detail. He's not a widely-recognized "expert" in cyber security, neither in general nor within the power industry.
For your security, this post has been encrypted with ROT-13, twice.
The male gender is the default generic in English and has been so for a couple of hundred years or so. Unless you are going for fringe edge sociological theory and claiming dozens of gender pronouns; "he" is correct generic singular pronoun in formal English.
NRRPT/RCT
I was thinking more of turning off the electricity to the house itself, then changing the password on the meter to some giant randomized string if possible so the utility company can't just turn it back on easily. TFA says "hard-coded credentials". Still, the psychological effects of cutting off your enemies civilian population's electricity could be tremendous. Think of the propaganda..."even in the middle of the USA, you are not safe" especially if there was a larger conflict going on.
I'm currently working at a dutch power company in the Netherlands. So far the smart meters are pretty awesome for a few reasons:
- The dutch versions use 3g/4g. No 2G vulnerability there
- Getting readings from customers is a messy and work- and time-intensive action. Your average utilities company will have to deal with user input when the meter readings are sent by the customer. When the customer actually sends it in time. Or correctly. You'd be amazed how much can go wrong there. With the smart meters we can get those readings and they're actually correct, on time and easily (Automatically) processed. Meaning that we can do the same work with fewer people and fewer errors. That should eventually mean a cost reduction on our side which we can use to lower our prices to customers.
- There's new services we and others can offer with the data from these meters. Those that allow us get hour-to-hour detail information on their usage next to their projected usage to see how well they are doing. Customers have more information when they want it. This is usually good
- Energy theft, loss and malfunctioning meters can be detected more easily. That means use and cost reductions at the cable companies that actually own the electricity grid and should flow back into their rates.
- Smart grid things (tm). We're going to be able to forecast and allocate power to our customers in specific grids based on usage instead of once-a-year-determined-generalized power profiles. That means less waste and variability in the grid.
But for us and customers most of all : Getting the readings. That is SUCH an improvement over cards with bad handwriting, people not knowing what a decimal comma is, reading from the wrong (water, gas) meter or even calling in readings for the wrong address.
We don't cotton to prescriptive linguists in these parts, pardner.
Seriously, there have been complaints about "he" as singular sex-neutral pronoun for at least a century and a half, and I've seen "they" used for about that long. It doesn't take fringe-edge sociology to believe that "he" makes a lousy generic and to want an alternative.
Similarly, "Mrs. Mike Smith" was the proper formal way to address Mike's wife. It's not used that much anymore.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
How's it supposed to cause house fires? Part of code is making sure that sort of thing doesn't happen. If there's too much current gong through a breaker, it trips the breaker and shuts down.
Also, the amount of electrical power available for houses is limited. The power distribution system has physical limits, after all.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Taking offense to something that wasn't intended to be offensive makes you the asshole.
Just another day in Paradise
my lawn.
Just another day in Paradise