Security Holes Found In "Smart" Meters 224
Hugh Pickens writes "In the US alone, more than 8 million smart meters, designed to help deliver electricity more efficiently and to measure power consumption in real time, have been deployed by electric utilities and nearly 60 million should be in place by 2020. Now the Associated Press reports that smart meters have security flaws that could let hackers tamper with the power grid, opening the door for attackers to jack up strangers' power bills, remotely turn someone else's power on and off, or even allow attackers to get into the utilities' computer networks to steal data or stage bigger attacks on the grid. Attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them, or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc, a vendor-independent consultant that performs penetration tests and security risk assessments."
"Wright says that his firm found 'egregious' errors, such as flaws in the meters and the technologies that utilities use to manage data (PDF) from meters. For example, smart meters encrypt their data but the digital 'keys' needed to unlock the encryption are stored on data-routing equipment known as access points that many meters relay data to so stealing the keys lets an attacker eavesdrop on all communication between meters and that access point (PDF). 'Even though these protocols were designed recently, they exhibit security failures we've known about for the past 10 years,' says Wright."
didn't the Chinese warn us? (Score:1, Informative)
Re:Same same but different (Score:5, Informative)
um no. with the old meters you can't jack up someone's power bill without shattering the glass globe which surrounds it. and you can't use a laptop to shut off their power. you have to physically cut the cables which leaves marks.
So it isn't the same situation. breaking a physical lock leaves traces. using a laptop to hack the meter and kill power to each house. doesn't leave a lot of marks that can be traced.
Re:Completely useless (Score:3, Informative)
Locally they brought time of day usage, so if I do my laundry at night, I pay less then half what I do if I run it in prime time. Arguably this is a benefit all around:
* Consumers win with the option of lower pricing
* The Power generators win because their loads are more balanced, and they need to build fewer power plants (locally we have 3 nukes that only run for 3 days of the year for peaks)
* The environment wins as an offshot of point #2
Min
Very meticulous methodology report... (Score:5, Informative)
Re:Why aren't these things read-only? (Score:2, Informative)
Authentication is still needed, otherwise some funny guys can pump up your bills.
Re:How to interface with a 'smart meter' (Score:2, Informative)
The IR is also using a simple RS232 interface (9600,8,n,1) with some fixed password XOR encryption.
I did program(move program into device, set clock, set tarifs)/analyse(= read fault reports)/readout (check readings) these some years ago in a factory which made them for the european market.
I did not have the time to break the encryption, but had some work on coupling these things to GPRS modems. wired connection used the same encryption back then.
just using a breakoutbox and a second PC-port sniffing the serial data.
Re:How to interface with a 'smart meter' (Score:4, Informative)
Re:What I want to know (Score:2, Informative)
Which begs the question, why are they not gettin up off their ass's and building more power generation plants as opposed to whining and crying which eventually leads to these stupid hair brained ideas in the first place.
Save money by cycling your AC indeed. The MONEY *IS* the incentive, not the SAVING.
The problem we have is our leaders have sold us out, instead of pre-planning ahead, and taking actions to prevent destruction, they scam the system, their lives revolve around re-election finance, the ONLY time they take action is when it's forced because something breaks (because they had NO PLAN AT ALL) and we have another disaster which has to be fixed with another fucking OVER budget debt.
Then they get out there and say they didn't know. They KNOW, they are ENCOURAGING this crap.
Re:Security holes found... (Score:3, Informative)
Thats good that you dont listen to Fox. Because Roger Ailes (chief of Fox news) has publicly stated that he's not interested in accuracy, only ratings. This results in things like with the heath care debate, where Fox creates the controversy to create a story for ratings.
Re:How to interface with a 'smart meter' (Score:4, Informative)
I'm not sure about the wireless hacking from a laptop mentioned in TFS, but, as far as RF transmissions, these things can generate plenty of spread-spectrum modulation EMF when modulating the 240kHz signal carrier on wire.
There's a good discussion about eliminating ground loops so as to avoid broadcasting the signal as a source of interference at the Technical Library [techlib.com]; I suppose one could always use an induction [techlib.com] receiver [techlib.com] to go the other direction, using a loop [techlib.com] antenna [hard-core-dx.com]. Obviously, modification of the above designs is needed for target frequency band. AM radio circuits might be a good place to start, too.
Actually, there are tons of good MW box loop [brneurosci.org] designs that already go well below 240kHz; that page includes a calculator [brneurosci.org], and playing with some quick numbers suggests a 48cmX65cm frame [=56.5cm side length] for a 16-turn coil extending 21cm in length in parallel with four 470pF caps gives us resonance at 245kHz. Of course, with 20% tolerance ceramic discs, you may want to replace one of the 470's with a 4-40pF variable cap in parallel with anywhere from a 150pF to a 39pF paralleled with a 560pF, depending on how low or high the 470's are measuring.
[Disclaimer: I am an RF amateur.]
Re:Same same but different (Score:2, Informative)
Those were only effective on meters that use a spinning disc. All the new ones are digital and either the magnetism won't do shit or mess them up completely.
Re:How to interface with a 'smart meter' (Score:3, Informative)
No, a wife that's a geek and a gamer is a sign of the Apocalypse.
So the Apocalypse will be happening sometime after my wedding in July.
Re:Completely useless (Score:2, Informative)
You are close as 20% of power plants are only used 10 days a year, however I can assure you that nukes aren't being used as you describe. Nuclear power plants are base load generating plants and will always run along with hydro plants. Most peaking plants are natural gas fired as they can be turned off and on easily. Nuclear plants take better than a day just to get up to full power as do coal plants.