Security Holes Found In "Smart" Meters

Hugh Pickens writes "In the US alone, more than 8 million smart meters, designed to help deliver electricity more efficiently and to measure power consumption in real time, have been deployed by electric utilities and nearly 60 million should be in place by 2020. Now the Associated Press reports that smart meters have security flaws that could let hackers tamper with the power grid, opening the door for attackers to jack up strangers' power bills, remotely turn someone else's power on and off, or even allow attackers to get into the utilities' computer networks to steal data or stage bigger attacks on the grid. Attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them, or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc, a vendor-independent consultant that performs penetration tests and security risk assessments."

"Wright says that his firm found 'egregious' errors, such as flaws in the meters and the technologies that utilities use to manage data (PDF) from meters. For example, smart meters encrypt their data but the digital 'keys' needed to unlock the encryption are stored on data-routing equipment known as access points that many meters relay data to so stealing the keys lets an attacker eavesdrop on all communication between meters and that access point (PDF). 'Even though these protocols were designed recently, they exhibit security failures we've known about for the past 10 years,' says Wright."

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[RAMMS+EIN]

I was about to write a similar post.

Although this is certainly bad, it doesn't surprise me at all.

And the fact that we've come to _expect_ such vulnerabilities in widely deployed systems is very, very sad.

Re:

[poetmatt]

Smart meters rely on (among other things) - FIPS. [wikipedia.org] Clearly the wrong level of it. Meanwhile, even FIPS isn't that reliable. /I just started to do work involving the stuff //FIPS is in basically everything in the US

Re:Security holes found...

[Sique]

Where do you see the government involved here? As far as I understood the article those meters are to be distributed by the utilities, and those (at least in California) are privately owned.
So I call that a cheap shot from someone who wants his prejudices confirmed.

Re:

[DarkKnightRadick]

While utilities are privately owned, they are still the most heavily regulated businesses in the country.

I do agree blaming the government in this case is a straw man.

Re:

[pnewhook]

It's heavily regulated for a reason (essential service, safety, etc) just like medicine and nuclear. Some things should be regulated.

In fact if it wasn't regulated, more screwups like this would happen.

Re:

[commodore64_love]

I consider electricity to be regulated because it's a monopoly. Ditto cable television. And natural gas providers.

If they were not monoplies then there'd be no need to regulate them. If a company sucked customers would simply walk away, and thereby drive the company into bankrupcty (as they did to Circuit City).

Re:

[pnewhook]

Regulation should be a last resort. The last thing I want is the government interfering with my right to make a living. And what I do on my own time is my own business.

But regulation is a set of rules, and are there for safety. Utilities, nuclear, medical, all have the ability to kill someone if standards are not maintained. Regulation should exist in these areas. What part of that don't you agree with?

And if you think heath care which is a social program, and socialism is the same thing, then you d

Re:

[DarkKnightRadick]

The only thing I'm going to respond to (because I don't have the time for all your other points right now) is that about Fox News.

I actually don't watch it at all. I don't watch CNN or it's ilk either. I get my news from whatever source is presented to me on any particular issue (and if I'm presented with several sources, I tend to look at them all).

Re:

[pnewhook]

Thats good that you dont listen to Fox. Because Roger Ailes (chief of Fox news) has publicly stated that he's not interested in accuracy, only ratings. This results in things like with the heath care debate, where Fox creates the controversy to create a story for ratings.

Re:

[pnewhook]

Is the police force socialism too? Or the justice system? Firefighters? All funded by taxpayers for the 'public good'. Same thing in your eyes apparently.

Re:

[pnewhook]

One of the strategies of someone who is about to lose an argument is to avoid the real issue by attacking the presenter on unrelated issues.

So clearly you don't know the meanings of the words, and think they are equivalent. Must be the Fox news / fundamentalist education.

Re:

[pnewhook]

Wow thats a great attitude. Lets completely deregulate everything. If I wanted to make my own nuclear power source and run it without shielding and bury the waste in the backyard, that would be ok with you. Genius.

Re:Security holes found...

[ZDRuX]

Typical slashdot comment I suppose? Don't RTFA and post assumptions? I dunno :)

Re:

[FatdogHaiku]

Typical slashdot comment I suppose? Don't RTFA and post assumptions? I dunno :)

Or slightly on topic weak jokes, don't forget those!

Oh, All your lights are belong to us!

Wow, almost forgot that...

Re:

[BronsCon]

You left out the most important!

In soviet russia, power meter turns YOU on.

Re:

[FatdogHaiku]

Well, technically once it's hacked it "turns on you"...

Re:

[BronsCon]

Bravo, kind sir, bravo.

Re:

[vegiVamp]

That should bring back the spark in your relationship, yeah.

Re:

[feepness]

Utilities are government granted and regulated monopolies, so the line blurs.

That said, security issues aren't just the province of government.

Re:

[shentino]

I'd say the government is at fault for allowing shoddy meters to get hooked up in the first place.

I thought utilities were supposed to be regulated.

Re:

[feepness]

Would be a big surprise if this was done by a private firm. But not getting things right when it's the government?... You're right, nothing surprising.

I'm not a big fan of government waste either, but security problems seem to be a universal evil.

Re:

[Anonymous Coward]

Uhh, it is pretty obvious. These meters are very screwed up, so the government has to be behind it. Government always screws things up, private industry is perfect. This is a well known fact, with centuries of experience to prove it.

Don't believe me? Check this out! "Government always screws things up, private industry is perfect" -- Ronald Reagan

I bet you feel stupid now that you know that God disagrees with you!

Normally, I wouldnt recomend this...

[Tepshen]

...but there really should be a minimum security standard for infrastructure items like any city's power grid (or voting machines, or traffic systems, or water supplies, or any number of things you dont want folks monkeying with). Its really insane to hear about this considering how power stations and utilities are tightly regulated. It doesnt matter that the system is only open on the far end of the line because eventually someone will mess with it and show just why its a bad idea. Either make the system secure or dont make them so accessable.

How to interface with a 'smart meter'

[knarf]

Let me take this opportunity to dig up my attempt at an 'Ask Slashdot' from more than 3 years ago:

How to monitor your electricity meter [slashdot.org]

This question was never published and thus never answered. Anyone out there with experience in this field? That IR-interface currently sits on front of the meter doing nothing at all while it would create the possibility to eg. create an accurate power use graph, power quality data - I'm on the far end of a long air cable so that is sometimes an issue - and more interesting things. I guess I'm not the only one interested in these things?

Re:How to interface with a 'smart meter'

[Minupla]

Not sure what things are like on your meter, a fellow at my local hacklab determined that the IR interfaces on the ones we have here strobe upon power usage much like the 'wheel' in old meters.

Also worth checking to see if your utility offers a website to interface to yours. My wife said "they should put up a web interface to so you can see how much electricity you're using" I agreed and looked at their website and lo and behold they had. Hadn't advertised it yet, maybe still in soft launch.

Min

Re:

[broomer]

The IR is also using a simple RS232 interface (9600,8,n,1) with some fixed password XOR encryption.
I did program(move program into device, set clock, set tarifs)/analyse(= read fault reports)/readout (check readings) these some years ago in a factory which made them for the european market.

I did not have the time to break the encryption, but had some work on coupling these things to GPRS modems. wired connection used the same encryption back then.

just using a breakoutbox and a second PC-port sniffing the se

Re:How to interface with a 'smart meter'

[orangesquid]

I'm not sure about the wireless hacking from a laptop mentioned in TFS, but, as far as RF transmissions, these things can generate plenty of spread-spectrum modulation EMF when modulating the 240kHz signal carrier on wire.
There's a good discussion about eliminating ground loops so as to avoid broadcasting the signal as a source of interference at the Technical Library [techlib.com]; I suppose one could always use an induction [techlib.com] receiver [techlib.com] to go the other direction, using a loop [techlib.com] antenna [hard-core-dx.com]. Obviously, modification of the above designs is needed for target frequency band. AM radio circuits might be a good place to start, too.
Actually, there are tons of good MW box loop [brneurosci.org] designs that already go well below 240kHz; that page includes a calculator [brneurosci.org], and playing with some quick numbers suggests a 48cmX65cm frame [=56.5cm side length] for a 16-turn coil extending 21cm in length in parallel with four 470pF caps gives us resonance at 245kHz. Of course, with 20% tolerance ceramic discs, you may want to replace one of the 470's with a 4-40pF variable cap in parallel with anywhere from a 150pF to a 39pF paralleled with a 560pF, depending on how low or high the 470's are measuring.

[Disclaimer: I am an RF amateur.]

Re:

[IonOtter]

My wife said "they should put up a web interface to so you can see how much electricity you're using"

Wait...you're on Slashdot, yet you have a wife? And she's a geek too?

That's awesome, but isn't that like, one of the signs of the Apocalypse?

Re:

[jeff4747]

Wait...you're on Slashdot, yet you have a wife? And she's a geek too?

That's awesome, but isn't that like, one of the signs of the Apocalypse?

No, a wife that's a geek and a gamer is a sign of the Apocalypse.

So the Apocalypse will be happening sometime after my wedding in July.

Re:

[pnewhook]

My utility company gave me web access to my smartmeter, so I can check my daily consumption whenever I want, just like they can.

Is that the capability you are looking for?

Re:

[John Hasler]

> My utility company gave me web access to my smartmeter...

To the meter itself or to a Web page on their server presenting what they read from it? I'd object if my meter itself was on the Net at all.

Re:

[pnewhook]

My access goes to their server presenting what was read. The meter itself is on their own proprietary wireless network and not accessible from the web directly (thankfully).

Re:How to interface with a 'smart meter'

[a_ghostwheel]

Not really a direct answer to your question, but I use TED-5000 from http://www.theenergydetective.com/index.html [theenergydetective.com]. So far I found a rather precise correlation between data from it and bills from electric company.

Very meticulous methodology report...

[Securityemo]

I've read through both PDFs, and they really go into a lot of detail on the experimental methodology. The main thing they seem to be concerned about (and the only vulnerability they detail) are extracting the encryption keys from the meter firmware ("some" meters) and reverse-engineering the command protocol. While this could be a threat, being able to turn off/manipulate individual home meters isn't going to have any far-ranging effects beyond that. It also, obviously, requires a lot of reverse-engineering skill. I'd be more concerned with someone packaging this into a bluebox-style solution for manipulating your own meter, giving you free power? Earlier in the methodology report they talk about IR ports and similar being unsecured due to the perceived unlikelihood of attacking them, but they don't detail anything about that in the presentation PDF. That would be easier to exploit, though, so they might be keeping a lid on the more critical vulns?

Re:

[feepness]

...being able to turn off/manipulate individual home meters isn't going to have any far-ranging effects beyond that.

It isn't until they turn off everyone's meters including those of the elderly, hospitals, military installations, and CTU.

Re:

[Securityemo]

All critical systems have emergency backup generators, and I doubt that major installations requiring bulk power use the same systems for supplying power as homes; the power company probably doesn't want or need the ability to cut power to places like that. Intuitively, it would be like comparing one of those ISP-provided DSL modems/routers to a Cisco backbone router.

Re:

[feepness]

All critical systems have emergency backup generators

Then why do we hear every year of people dieing in heat waves in various places around the world.

Re:

[Securityemo]

I don't see how you make that connection? All cases of death from heat stroke I've heard about have been outside of hospitals, usually involving the very old or infants dying in isolation, and from Wikipedia it seems like none of the treatment methods but (in severe cases) hemodialysis require electricity. Not to say that things wouldn't go south quickly if all the hospitals in a region lost power and the supply routes of diesel where cut, of course.

Re:

[feepness]

I'm suggesting having the average homeowner's power subject to remote third-party shutoff is unacceptable from a life-threatening point-of-view. While hospitals have backups, households generally don't, even where it may be life-threatening.

Think of the old people! Won't someone please think of the old people?!

Re:

[bbernard]

One of the beauties of finding a vulnerability and doing the reverse engineering is that, once it's been done once, you can create tools to take advantage of it. (Exhibit A: Metasploit) So the skill required to determine the vulnerabilities is quite high, while the skill to use them later is quite low.

Beyond ease of exploitation, let's think about the possible uses. The goal of smart meters is two fold: providing both you and the utility real-time info about your electrical use. The second goal is to be

Re:

[Securityemo]

Yeah, I considered that. But who in hell would go to such lengths for harassment? I've researched the methodologies of thieves a bit, and it seems like the basic philosophy is "quick, quiet 'n brutal", even in premeditated home invasions. They don't pick the lock, they drill it open or break a window. And the kind of thieves that would do that don't stick to petty home invasion.

Re:

[Securityemo]

You seem to have mistaken the methodology description for the report; the report is basically the slides in the second PDF. The methodology report is obviously written after the research phase but before testing. And there's not really much of anything in there that could be taken as FUD or unprofessional behavior, in my opinion... keeping in mind that I've never worked professionally in the field.

Re:

[jeffstar]

where are these PDFs?

Re:

[Securityemo]

Eh... linked directly from the summary. :P

Re:

[Securityemo]

Also, they where hired by the companies themselves to conduct the testing. As a professional, you release only what the client wants/allows you to release, or you're both breaching contract and burning your chances at ever working in the field again, especially with such a high-profile client. Isn't that obvious?

Smart meter

[Anonymous Coward]

So would that be 39.37 smart inches?

why?

[DaveGod]

I'm confused, why is it physically possible for anyone to remotely turn power on and off? That doesn't have anything to do with "help deliver electricity more efficiently and to measure power consumption in real time". Surely the entire software and circuity surrounding those features should be able to fail completely with the core system (supply of electricity) completely unaffected and oblivious? I'm tempted to assume someone has other, less marketable objectives for the smart meters such as being able to cheaply disconnect people who aren't paying the bill, and therefore the root of the problem is those inherently risky objectives.

Re:

[Animats]

why is it physically possible for anyone to remotely turn power on and off?

To make customers pay their bill.

(Remember Mr. Burns doing this on the Simpsons? Now it's real. Excellent!)

Not what they're used to considering

[russotto]

The traditional problems utilities have had to deal with are of physical intrusion, either by customers or by neighbors, looking to bypass the meter, modify the readings, or steal electricity. They solve this (or at least reduce it to a manageable level) mostly with intrusion detection -- basically, seals so they know the meter has been tampered with. In this model, the only loss is money and so preventing it at high cost doesn't make sense; detecting and stopping it reasonably quickly is more important.

With meters which do more than metering, that's just not good enough. Significant effort must be made to prevent malicious people from surreptitiously turning power off, otherwise assholes will do it just for lols. It's not like ripping a meter off the wall, which will have the same effect but carries high likelyhood of getting caught.

Re:

[sjames]

If it can be done fully remotely, it might be done en-mass to destabilize the grid. Generators do NOT react well to suddenly having their load disconnected.

More FUD and shoddy security analysis

[tark.dom]

Great, first it was IOActive frothing non-stop about smart meters, now we have Inguardians turning the froth up to 11. This whole smart grid security issue never addresses the probability of an attacker actually being able to carry out a serious attack in real life. The PDF talks about theoretical attacks. It describes possible weaknesses. It does not assign any probability or likelihood to those attacks. As such, this is faulty and misleading security work. Its the kind of FUD "security gurus" resort to wh

Re:

[jeff4747]

You developed Assassin's Creed 2's DRM system, didn't you? [/snark]

You VASTLY underestimate the probability. Since the prize is so big, if it can be hacked, it will.

I Smell A Rat

[anorlunda]

I was an engineering consultant for 40 years. I'm well familiar with the politics and ethics of engineering studies. Something is fishy here.

The AP says that Wright's firm was hired by three utilities. The web material suggests that it was actually ucaiug.org (an association of both vendors and utilities) Presumably, they financed the security study to expose vulnerabilities so that they could fix them. They did it openly and allowed the report to be published. That's laudable and responsible behavior. It is the opposite of denial and secrecy.

Normally, Wright and his team write the report and the vendors and utilities fix the problems. However, Wright is going pubic in a big way. He, with cooperation from the media, is mongering fear and suggesting that the vendors and utilities don't care about security. He's acting in a way that brings maximum bad publicity to his financial sponsors. That is extraordinary behavior for a consultant. If it was I that hired him, I would feel betrayed.

I really can't tell if he's doing it for shameless and unethical purposes of self promotion, or whether there was a breakdown in relations between the consultant and the clients. Somewhere there is an enormous untold back story.

Re:

[shentino]

However, Wright is going pubic in a big way.

...do I even want to know?

What about water meters?

[gsarnold]

Anyone found any similar useful hacks with them newfangled radio water meters?

My city put 'em in last year and this dude comes out to the house to install it and I'm like, "...so this let you drive past the house and pick up the meter reading without coming to the side of the house, right?" And the dude is like, "No. This radios your water usage directly to the central office every twelve hours."

Every twelve hours.

I know slashdot makes you paranoid, but this bothers me. I simply cannot imagine how it could be useful to monitoring this frequently when they still bill my usage monthly. Plus, any dude with access to the database can hack together an SQL query to find out which houses have a total water usage under a gallon over the past three days and know who's not home.

Re:

[osgeek]

Water and gas meter technologies lag behind electric meters because of the simple fact that water and gas meters aren't hooked up to power... so they require long-life batteries to be functional. Since they're on battery, lots of frills are eliminated, like the ability to receive transmissions.

Most deployed water and gas meters these days are transmit only. There are some coming to market that will listen too, but the corresponding limited functionality will make hacking into them much harder.

Too much functionality

[Animats]

The trouble with "smart meters" and the "smart grid" is that it's too easy to put in excess functionality that can cause trouble. The ability to do remote firmware upgrades is an example. The ability of meters to communicate with each other is another.

The "smart grid" has way too much centralized control in it. All that's really needed is remote meter reading, plus some broadcast signals to indicate how scarce power is at the moment. The customer should have read-only access to their meter from their side of the meter. High-current appliances should be able to query the meter to find out if it's OK to draw heavy power right now. The power company should have no data path to appliances.

Incidentally, some "smart meters" support pre-paid service, where customers have to pay in advance and are turned off automatically when their pre-payment runs out. There's also wattage-limited service, where the power turns off if a maximum load is exceeded. This can be used for collection purposes; if you get behind on your electric bill, your consumption is limited. There's a whole new range of ways for screwing poor people going in. It's like "check cashing" stores.

How do I know if I am using a smart meter or not?

[antdude]

This place is from the 70s, so I assume it is a not a smart type?

similar in Italy

[Luke_22]

we had a similar problem in Italy. basically the new electricity meters were infrared-accessibile. password protected, of course. no need to hack anything trough, just use '0000', '1234' or '3635' ("enel as written with a cellphone, it's the company name). ta-da! full access. so what did we do? nothing. but we're in italy after all...

with apologies to Peter Graves

[davek]

we have a new vector, victor!

Re:Same same but different

[peragrin]

um no. with the old meters you can't jack up someone's power bill without shattering the glass globe which surrounds it. and you can't use a laptop to shut off their power. you have to physically cut the cables which leaves marks.

So it isn't the same situation. breaking a physical lock leaves traces. using a laptop to hack the meter and kill power to each house. doesn't leave a lot of marks that can be traced.

Re:

[ShakaUVM]

um no. with the old meters you can't jack up someone's power bill without shattering the glass globe which surrounds it. and you can't use a laptop to shut off their power. you have to physically cut the cables which leaves marks.

So it isn't the same situation. breaking a physical lock leaves traces. using a laptop to hack the meter and kill power to each house. doesn't leave a lot of marks that can be traced.

Heh, if you think that police actually investigate crimes like this, you're very optimistic. They w

Re:

[budgenator]

My Grandfather swore by cow-magnets on the meter enclosure, and he worked for Detroit Edison. If the old fashioned cow-magnets worked imagine what the new niobium-rear-earth magnets of today would do. Personally I think it;s an old-wives tail, but I've never checked it empirically.

Re:

[Jedi Alec]

Those were only effective on meters that use a spinning disc. All the new ones are digital and either the magnetism won't do shit or mess them up completely.

Re:

[nospam007]

"um no. with the old meters you can't jack up someone's power bill without shattering the glass globe which surrounds it."

Sure you can, just put the plug of your dryer in your neighbors cellar when he's away and you'll drive up his power bill in no time.

Re:

[jonpublic]

I find this whole thread amusing since I commented that I didn't like the idea of smart meters, that I was worried about them being hackable in a slashdot post last week and everyone commented in response to me that I shouldn't be worried about this kind of thing. That they couldn't be hacked and if they were, there was nothing they could do except get my power information.

I wonder what those folks are saying today in this thread.

Re:

[WrongSizeGlass]

Sure you can! I saw it in a movie once! AND, the geek was able to tap into the air traffic control, credit card bureaus, all the police cars, the President's phone and an alien space ship with their Mac!

But the Mac was running Linux via VMWare, so it was really Linux that saved us all ... and fixed my credit score.

Re:i'm asthonished

[ascari]

There no absolute "need" but it greatly simplifies reading meters "on the fly", since the utility company personnel doesn't have to park, walk up to the house, get bitten by dogs etc. So in the end it's to save cost and presumably keep energy bills down.

Of course, if there was a way gauge energy consumption truly remotely from a central location that would be better, and also negate the "need" for wireles...

Hacking: expect lawsuits here in the US!

Re:

[TheLink]

Over here the meter readers use binoculars or a mini telescope. The meter has to be in a spot visible from outside though, so it doesn't work for all places.

But it's "wireless" too ;).

Re:

[misexistentialist]

Of course, if there was a way gauge energy consumption truly remotely from a central location that would be better, and also negate the "need" for wireless...

If only there were wires connected to the meters, maybe a battery could be added to transmit readings over them

Re:

[John Hasler]

There have been companies pushing systems that purport to remotely read meters via the distribution system for decades. Turns out to be remarkably hard to make it work. Transformers, capacitors, switches, wildly variable transmission-line impedance...

Packet radio is simpler and more robust.

Re:

[TheMidget]

If only there were wires connected to the meters, maybe a battery could be added to transmit readings over them

If only they were connected to the mains, then you wouldn't even need batteries...

Re:

[Macgrrl]

Another potential benefit is precise outage management allowing for much faster identification of outage patterns to allow for faster rectification.

Re:

[mrjb]

What I want to know is why electricity costs money. It is just electrons, which are everywhere.

So just use the electrons which are already around you then. Rub a balloon against your hair and harvest those electrons or something. Let me know when you manage to power your laptop from that. Or perhaps it's easier to just pay someone to deliver a steady electron stream to your house?

Re:What I want to know

[WrongSizeGlass]

is why electricity costs money. It is just electrons, which are everywhere.

Electricity is free, it's the packaging and delivery that costs money. Just like water that comes out of the faucet, or comes in a plastic bottle, it's the getting it to you part that is expensive. Yes, yes, I know it's an inaccurate oversimplification ... just think of it as a metaphor.

Feel free to use all the free electricity (or water) that you can grab and take home. Heck, you can take mine too, if you can carry it.

Re:

[Anonymous Coward]

Which begs the question, why are they not gettin up off their ass's and building more power generation plants as opposed to whining and crying which eventually leads to these stupid hair brained ideas in the first place.

Save money by cycling your AC indeed. The MONEY *IS* the incentive, not the SAVING.

The problem we have is our leaders have sold us out, instead of pre-planning ahead, and taking actions to prevent destruction, they scam the system, their lives revolve around re-election finance, the ONLY ti

Re:

[feepness]

Yes, yes, I know it's an inaccurate oversimplification ... just think of it as a metaphor.

Can you rephrase that in the form of a car analogy?

Re:

[WrongSizeGlass]

Sure ...

What I just described as the engine of a Yugo is, in reality, probably closer to the complexity of a Ferrari's engine ... just think of it as taking up a metaphorical parking spot for my analogy.

Re:

[Sir_Lewk]

Cars are free, it's just the making and selling of them that costs you money.

Re:

[Shark]

Heck, you can take mine too, if you can carry it.

Dear WrongSizeGlass,

Can we move one of our data-centres next to your house?

Sincerely,
Eric Schmidt

Re:

[K. S. Kyosuke]

Is why electricity costs money. It is just electrons, which are everywhere.

You're not paying for the electrons, you're paying for the non-conservative fields propelling them around.

Re:

[__aasqbs9791]

I think it might be a severe head injury rather than drugs in this case. Not as much fun.

Re:

[Minupla]

Locally they brought time of day usage, so if I do my laundry at night, I pay less then half what I do if I run it in prime time. Arguably this is a benefit all around:

* Consumers win with the option of lower pricing
* The Power generators win because their loads are more balanced, and they need to build fewer power plants (locally we have 3 nukes that only run for 3 days of the year for peaks)
* The environment wins as an offshot of point #2

Min

Re:

[Anonymous Coward]

You are close as 20% of power plants are only used 10 days a year, however I can assure you that nukes aren't being used as you describe. Nuclear power plants are base load generating plants and will always run along with hydro plants. Most peaking plants are natural gas fired as they can be turned off and on easily. Nuclear plants take better than a day just to get up to full power as do coal plants.

Re:

[vlm]

build some fake solar cells and windmills on the roof

Building fake gadgets by hand one piece at a time, might be more expensive than buying a real one.

Most of the money in panels is in the assembly labor, the glass, the backer, waterproofing, the mounting brackets... If you're going to all that trouble, may as well stick some cells in there. Even making convincing fake cells to encapsulate into the panel is going to be tough.

On the other hand, an inverter is quite expensive and no one sees it...

Re:

[JaredOfEuropa]

No benefit? These things allow the power company to balance the grid load and "pass the savings on to you", as they say.

When I was in college, some 20 years ago, our home had a water boiler with a "smart" meter connected to it. The meter wasn't very smart and certainly not computerised, but it did allow the power company to switch on our boiler when they had some excess power capacity to get rid of. It was strictly opt-in (the boiler could be switched to manual), but if we used it we always had warm w

Re:

[flyingfsck]

"spin it backwards 24/7".

So, uhmmm, why are you complaining?

Re:

[Minupla]

Remote disconnect, and firmware upgrades - the latter being a messy one. Someone did a talk at Blackhat/Defcon last summer where they rooted a meter and installed a custom firmware that would spread worms to all other meters and give the blackhat total control over the network through remote firmware upgrades.

The firmware upgrades are a double edged sword. Meters need them in case someone finds a vulnerability (which can exist even in supposedly read only devices), but if they're not locked down enough, p

Re:

[sjames]

Actually, they DON'T need remote firmware upgradability, they need LOCAL firmware upgrades and a decent QA on the firmware. By making it remote, they raise the consequences of any security flaw by orders of magnitude.

It may seem strange in this day and age, but at one time we used to be very careful with firmware. It would be designed conservatively and then receive thorough QA. Then it would be burned into a write once PROM or even masked and run off as a purpose made ROM. And it worked! A firmware upgrade

Re:

[sjames]

Actually, they CAN. They do right now. Every single month, I see a guy walking the neighborhood in his Georgia Power vest reading the meters. Surely, sending someone around every few years is affordable since they avoid sending him around every month.

I'm not saying the firmware shouldn't be upgradable, just that it should require physical presence, as in plug in a programming lead to enable the write line on the flash. Done well, it should require just a little bit longer each than it does to read them in p

Re:

[sourcerror]

Authentication is still needed, otherwise some funny guys can pump up your bills.

Re:

[feepness]

Neither of those is good enough reason for the security risk given the danger of disconnects to paying customers during a heat/cold wave.

Re:

[budgenator]

How about my getting a reduced rate at my message parlor and strip-club so the can cut my power to keep it going to the hospital's operating room or the homes of elderly who are temperature intollerant?

Re:

[feepness]

Good idea. Though I think it's better done with a specifically internet connected individual appliance rather than cutting electricity to a site entirely.

Re:

[budgenator]

I was thinking that if the home's appliances could talk to the meter, say over the homes power-lines, like the x10 controllers [x10.com], themselves to get electric-grid condition updates, they could be programmed to operate in various degrees of power-saving modes or even have your plug-in hybrid go into a sell-back mode.

Re:

[sjames]

Fully agreed. It may not sound like a big deal to some, but there are people who really need to plug in dialysis machines or oxygen concentrators at home. During heat waves, a power failure actually can result in people dieing from the heat.

Re:

[Macgrrl]

It can also be used to remote de-energise (and subsequently re-energise) a location duing a load shedding event. The ability to do so selectively allows them to leave life support customers turned on, and the ability to bring them on in small batches reduces the chance of the network failing to come back online gracefully.

BTW the other common reason poeple have their power turned off is when there is a change of resident and the property is vacant for a period of time. This will no longer require them to se

Re:

[budgenator]

I think the idea is for the utility to be able to talk to your meter, to set peak and off-peak rates, adjust when peak and off-peak times are and to be able to do it in real time. This would be much preferable to brown-out and rolling black-outs we get in response to grid emergencies today. Eventually your appliances would be able to query the meter and respond in a reasonable manner. For example I might decide when at normal peak to have the AC set for 74, high peak 78 and emergency to shutoff completely.

Re:

[Yvan256]

If somebody starts screwing around with the lights to play Tetris on my apartment building, I'll install red lights just to fuck with his game.