Slashdot Mirror
Smart Electricity Meters Can Be Dangerously Insecure, Warns Expert (theguardian.com)
An anonymous reader quotes a report from The Guardian: Smart electricity meters, of which there are more than 100 million installed around the world, are frequently "dangerously insecure," a security expert has said. The lack of security in the smart utilities raises the prospect of a single line of malicious code cutting power to a home or even causing a catastrophic overload leading to exploding meters or house fires, according to Netanel Rubin, co-founder of the security firm Vaultra. If a hacker took control of a smart meter they would be able to know "exactly when and how much electricity you're using," Rubin told the 33rd Chaos Communications Congress in Hamburg. An attacker could also see whether a home had any expensive electronics. "He can do billing fraud, setting your bill to whatever he likes [...] The scary thing is if you think about the power they have over your electricity. He will have power over all of your smart devices connected to the electricity. This will have more severe consequences: imagine you woke up to find you'd been robbed by a burglar who didn't have to break in. "But even if you don't have smart devices, you are still at risk. An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode." The problems at the heart of the insecurity stem from outdated protocols, half-hearted implementations and weak design principles. To communicate with the utility company, most smart meters use GSM, the 2G mobile standard. That has a fairly well-known weakness whereby an attacker with a fake mobile tower can cause devices to "hand over" to the fake version from the real tower, simply by providing a strong signal. In GSM, devices have to authenticate with towers, but not the other way round, allowing the fake mast to send its own commands to the meter. Worse still, said Rubin, all the meters from one utility used the same hardcoded credentials. "If an attacker gains access to one meter, it gains access to them all. It is the one key to rule them all."
When "smart" meters first hit the scene a few years ago, people brought up these very issues. I'm surprised that in that time they have not been addressed, though I know I shouldn't be surprised...
If you want news from today, you have to come back tomorrow.
How on earth is software going to make a meter explode?
How can issuing a command (any command) possibly cause a meter to overload? You do know how they work, don't you? Only people who think electricity is magic and watch to many movies and too much tv would be alarmed, the rest of us not so much.
So, a house fire traced back to a faulty meter means that they can be 'hacked to literally explode'. Excellent extrapolation there guys.
Smart meters may - or may not - have a relay to control loads on a different tariff than the usual "always on 24/7" one. They may possibly be hacked to turn this relay on - or off, making them a bit of a nuisance.
But explosions? Or house fires even? A bit hard to believe.
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
The meter isn't much more than a hall sensor and some support electronics connected to a microcontroller.
Life works differently outside your college safe space, snowflake.
An attacker could also see whether a home had any expensive electronics.
He will have power over all of your smart devices connected to the electricity.
An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode.
How did this kind of chicken-little the-sky-is-falling FUD make its way onto Slashdot?
You should be ashamed for posting this "article".
Cut of your power yes, as a standard feature too, for the power companies convenience or maliciously for personal disruption and even nation scale blackout regardless of the grids functioning. Depending on the exact design it might be an easy fix but this part of the design isn't regulated, it might require nation scale hardware replacement if the firmware re-set wont clear the "upgrade" or if re-infection is to fast from turn on (yay for mesh networking). Of course explode is an exaggeration, assuming they designed it right, but using the cut of to cause electric fires in at least some buildings with dodgy wiring or the wrong cheep phone chargers, by flickering their power, is a given. Also this tactic could cause blackout or damage to the grid by causing surges, remember when you turn on a warm fridge or a cold electric bulb they both use more to get started.
Worse from a plausibility perspective the suggested future use of smart meters in demand smoothing is to allow the grid to continue without being able to tolerate the unregulated demand of it's users, just a denial of service attack on communications will cause blackouts, no matter how it happens.
In older English, they was the valid pronoun for an individual of unknown gender.
Aye - it is referred to as singular they
Insecurity of these devices is not something the language used to program can fix. Whether it's in Rust or in C, you can write very insecure code on any platform, Rust just tries to prevent common mistakes in C so buffer overflows are 'caught', Java or Objective C has similar safeguards as Rust resulting in similar problems.
Both Perl and Ruby have very strict tainted variable constructs for example, it's almost impossible to not clean the data received from outside the program but that doesn't make your code invincible to SQL injection.
Custom electronics and digital signage for your business: www.evcircuits.com
There is so many things wrong with this article its like they have no fucking idea how anything actually works. i want to know how they rob you without even breaking inside your house..
does this douchebag "Netanel Rubin, co-founder of the security firm Vaultra" have any evidence for this end of the world scenario? Perhaps, I don't know, evidence of hacking one in a lab?
How.
Also chemical fires are way worse, produce dangerous fumes, electrical fires only start something on fire.
Incoming current is limited, you dont have all electricity in your city readily available to be used from your small wires feeding the panel, and the transformers can only produce so many watts.
is a load of crap. These are state machines, typically written in embedded C. There are typically current transformers that have a large winding ratio, even if the electronics/firmware screws up there is no back driving the power line. And no relays. This guy has been watching too much Hollywood.
Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
If this is so simple, and it's been an issue for years, then why not even one single proof of concept. Nobody wants to control their power bill? ISIS just waiting for the right time to kill us all? In terms of credibility this is right up there with "Hackers can turn your home computer into a BOMB... & blow your family to smithereens!".
Human Rights, Article 12: Freedom from Interference with Privacy, Family, Home and Correspondence
Many meters have partial load cutoff capability - so they might shut down your A/C and water heater during peak loads, without causing the rest of your stuff to lose power.
These devices have issues on a MUCH "higher level", SQL injections are the least of their issues. GMS, grid-wide passwords...I'm assuming no encryption at all for the signals. It looks like one doesn't even need to get into any code-specific exploits...just a 2G GSM transmitter and some protocals, and maybe a list of commands. Pull up next to someone's house, hijack the signal and probably get the meter itself to just explode.
If properly exploited, this will be a "virtual" WMD in WWIII. A bit of code, replicated out across the tower network, once triggered could potentially start millions of simultaneous house fires across the USA, and knock out most urban power grids. A few minutes later, trigger other code at the power plants to do something similar. Like a STUXNET but aimed at the electrical grid and smart meters.
Lets not go totally hyperbolic here. Overloading a meter is going to cause the .20 wacko Chinese capacitor to fizz out, turning the stupid thing off. It is very unlikely to burn the house down. There will be SOME security that will likely be effective at minimizing major damage from the meters. You can't start WWIII with this method.
Faster! Faster! Faster would be better!
Considering the state of industrial control systems, I would be surprised if they have much in the way of security at all.
.
No. Just no. Look them up, at most what they have is remote disconnect relays with a cycle time of 30 to 120 seconds. The aren't solenoids (wire coil relays) but stall motors that move the contanctor open or closed and are not fast acting. That is their only active function. The rest are passive. So they might be able to fiddle the bill, or turn your power on and off. But make the meter explode? I've not seen any designs that would fail in that way. Admittedly, I've not seen every design, but most use a stall motor to move a spring loaded armature/contactor set open or closed.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
I get that there are a lot of AMI meters out there that were installed with the old 2G protocol and should be upgraded, which probably means a meter by meter physical upgrade (though perhaps additional encryption software running over 2G could be installed in firmware, which could also take care of hard coded passwords).
But more modern meters are using 3G or 4G, and overall security has been upgraded. The article only covers the older installs without saying that more modern meters and software have addressed the security concerns outlined in the article.
these devices allow remote monitoring of power usage with granularity of a day or better. How hard would it be for a power company sys-admin, who is a little short of cash, to write a script to find customers who's usage had dropped by 50% or more since a few days ago ? Then sell that list to his house burglar friend who would like to know about homes who's owners might be away on holiday.
a shit?
A: No one.
so its not just one cert for all.
but meters have IR optical comms too, with 8 char passwords.
Liberty freedom are no1, not dicks in suits.
no one uses 2g, the open market 3g/4g devices are so damn cheap from china.
Liberty freedom are no1, not dicks in suits.
I put a homemade Faraday Cage around mine. As long as it doesn't TOUCH their meter Public Service can't do anything about it. Public Service tried to make me take mine off. I told them they can't make me, it's not touching their meter. I just gave them my middle finger. They haven't said anything to me in 6 years now since I put it on. I put it on the day after they installed the thing.
The Truth is a Virus!!!
Not "starting WWIII", but would make an excellent "distraction" attack. Even just knocking out the power to millions of homes and businesses at the start of a conflict would be an amazingly effective attack both tactically and physiologically. Even if it's just a small over-all percentage, this would be just another prong in the electronic / cyber side of the next major conflict and will seriously freak out any population. Other attacks would include massive DDOSing, BGP router attacks, corruption of any reachable firmware, "cyber" attacks on drones / UAVs, etc.
It's more sensible than French, where everything is either a he or a she, even if it doesn't have any gonads.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
The question is how you would turn off items on the grid by hacking a meter? These meters do not contain any relays or controllable switches, the most that you can do with some advanced meters is perhaps control a side load (a 15A circuit) there is just too much that could go wrong and it would be way too expensive to have these things contain 200A/400V relays, if they did, a few switches on and off and the contacts weld themselves shut.
Custom electronics and digital signage for your business: www.evcircuits.com
Time to put my pedantic hat on. A smart meter can not cause any damage as a meter is a device to measure, not modify or control. A quick Internet search suggests the word comes from the Greek word métron, to measure.
The devices being argued about are not smart meters, they are controllers. If you have a smart energy controller then I guess you may be at risk, but if like me, you have a smart meter then you can write code until the cows come home and still have zero effect on my power.
What the "expert" has done here is taken the worst features of multiple meters, and put them together as though every meter is this way. And even then, he's overstating things...this "they can tell if you're home by how much electricity you're using!" bullshit has been around forever, and it's ridiculous.
Let's see, where to start. One, almost no meters use GSM. GSM is expensive on a per-device basis (the target upper limit for hardware costs is about $100/meter), poorly-supported by cellular providers...with future-state being no support at all...and renders the utility dependent upon an outside provider for all of their network backhaul from the meters. This is why, if you look at any of the major meter manufacturers (Itron, Elster, Landis + Gyr, etc.) you will find that they all use a very different architecture that does not at all rely on GSM, or any other cellular protocol. They use mesh networking and collectors.
Second...okay, let's talk about what you can do with the meters. Yes, theoretically (it's never been done), you can figure out if someone is home. You would need to be in their neighborhood to begin with since you have to speak directly with the meter. You would need to reverse engineer their specific approach to frequency agility, and break the crypto so that you could then impersonate the head-end and do meter data requests. With that, you could do data sampling to determine what normal peak and low usage numbers were, and from that you could derive whether or not they were probably home at any point in time. Or...you could simply walk near the house and see if the lights were on or there were less cars in the driveway/garage than usual. Which thieves already do, as a best practice that works pretty well.
Then, let's talk this "house fire" over "overload" bullshit. Meters do not regulate power. Let me say that again. METERS DO NOT REGULATE POWER. They can turn power on and off, and that is it. They cannot modulate voltage, wattage, frequency, or amperage. And while in the early days of AMI adoption it was feared that a compromised head-end (or impersonation thereof) could permit an attacker to issue enough remote disconnects to cause what's known as a "bulk load shedding event," it turns out that the meters and their communications networks are too slow. That network architecture I described above with collectors and mesh networks? Every approach in broad use acts as an inherent throttle on communications in bulk. So you couldn't even destabilize the grid; the effect would happen too slowly. And just as the attacker could turn the meters off, the utility could just turn them back on..so this would not be what you would consider a "blackout." They cleverly cite a house fire, though that was the result of a meter vendor changing the polymer used in the meter backing; the replacement polymer had the dual properties of 1, not being ablative (so it could catch fire) and 2, being more brittle...so if the meter wasn't seated the right way, it would crack. An arc would form eventually, setting the meter's base on fire...and there's your house fire. Nothing to do with hacking in the least.
This guy Rubin is a wanna-be with a new company, and he's decided to look at devices which are widely used without really learning about the industry they belong to, or getting the experience needed to know how all of this stuff really works in detail. He's not a widely-recognized "expert" in cyber security, neither in general nor within the power industry.
For your security, this post has been encrypted with ROT-13, twice.
The male gender is the default generic in English and has been so for a couple of hundred years or so. Unless you are going for fringe edge sociological theory and claiming dozens of gender pronouns; "he" is correct generic singular pronoun in formal English.
NRRPT/RCT
I was thinking more of turning off the electricity to the house itself, then changing the password on the meter to some giant randomized string if possible so the utility company can't just turn it back on easily. TFA says "hard-coded credentials". Still, the psychological effects of cutting off your enemies civilian population's electricity could be tremendous. Think of the propaganda..."even in the middle of the USA, you are not safe" especially if there was a larger conflict going on.
We don't cotton to prescriptive linguists in these parts, pardner.
Seriously, there have been complaints about "he" as singular sex-neutral pronoun for at least a century and a half, and I've seen "they" used for about that long. It doesn't take fringe-edge sociology to believe that "he" makes a lousy generic and to want an alternative.
Similarly, "Mrs. Mike Smith" was the proper formal way to address Mike's wife. It's not used that much anymore.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
How's it supposed to cause house fires? Part of code is making sure that sort of thing doesn't happen. If there's too much current gong through a breaker, it trips the breaker and shuts down.
Also, the amount of electrical power available for houses is limited. The power distribution system has physical limits, after all.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Taking offense to something that wasn't intended to be offensive makes you the asshole.
Just another day in Paradise
If you live in an area that gets below freezing, and don't have a plan B for when the power or your normal source of home heating goes out, then you're doing it wrong.
Just another day in Paradise
You win the first Over Your Head award for 2017.
Just another day in Paradise
my lawn.
Just another day in Paradise
Actually, it's single digit dollars... a motor, gear, and relay (times 100,000) -- the mechanical equivalent of pulling the breaker handle. Even commercially available (single count) marine grade DC disconnects are less than $40. (DC is harder to disconnect than AC)
Many are. And yet, there have been no riots. In fact, you don't even know your meter is capable of disconnection.
(The one's around here - CP&L / NC - aren't, btw.)
Customer self-reporting?!? No. Just no. The only amazing part is the stupidity of the entire idea. The only way to have a trustable number is to read it yourself. (even then, you're relying on humans to get it right, and they won't)
HAH. No. That's not how it works. Any savings in operational costs will go in some executive's pocket.
oh.. now that i looked at it again with your input. i do see i must have missed the sarcasm. To think I love to talk shit and make fun of shit with sarcasm. The shame I have brought upon myself! lol thanks for the heads up though