Smart Electricity Meters Can Be Dangerously Insecure, Warns Expert (theguardian.com) 163
An anonymous reader quotes a report from The Guardian: Smart electricity meters, of which there are more than 100 million installed around the world, are frequently "dangerously insecure," a security expert has said. The lack of security in the smart utilities raises the prospect of a single line of malicious code cutting power to a home or even causing a catastrophic overload leading to exploding meters or house fires, according to Netanel Rubin, co-founder of the security firm Vaultra. If a hacker took control of a smart meter they would be able to know "exactly when and how much electricity you're using," Rubin told the 33rd Chaos Communications Congress in Hamburg. An attacker could also see whether a home had any expensive electronics. "He can do billing fraud, setting your bill to whatever he likes [...] The scary thing is if you think about the power they have over your electricity. He will have power over all of your smart devices connected to the electricity. This will have more severe consequences: imagine you woke up to find you'd been robbed by a burglar who didn't have to break in. "But even if you don't have smart devices, you are still at risk. An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode." The problems at the heart of the insecurity stem from outdated protocols, half-hearted implementations and weak design principles. To communicate with the utility company, most smart meters use GSM, the 2G mobile standard. That has a fairly well-known weakness whereby an attacker with a fake mobile tower can cause devices to "hand over" to the fake version from the real tower, simply by providing a strong signal. In GSM, devices have to authenticate with towers, but not the other way round, allowing the fake mast to send its own commands to the meter. Worse still, said Rubin, all the meters from one utility used the same hardcoded credentials. "If an attacker gains access to one meter, it gains access to them all. It is the one key to rule them all."
Re: (Score:1)
Life works differently outside your college safe space, snowflake.
Re: (Score:2)
Taking offense to something that wasn't intended to be offensive makes you the asshole.
Re: Sexist (Score:1)
In older English, they was the valid pronoun for an individual of unknown gender.
Re: (Score:1)
Re: (Score:3)
It's more sensible than French, where everything is either a he or a she, even if it doesn't have any gonads.
Re: (Score:2)
The male gender is the default generic in English and has been so for a couple of hundred years or so. Unless you are going for fringe edge sociological theory and claiming dozens of gender pronouns; "he" is correct generic singular pronoun in formal English.
Re: (Score:2)
We don't cotton to prescriptive linguists in these parts, pardner.
Seriously, there have been complaints about "he" as singular sex-neutral pronoun for at least a century and a half, and I've seen "they" used for about that long. It doesn't take fringe-edge sociology to believe that "he" makes a lousy generic and to want an alternative.
Similarly, "Mrs. Mike Smith" was the proper formal way to address Mike's wife. It's not used that much anymore.
Old news is still news... (Score:4, Insightful)
When "smart" meters first hit the scene a few years ago, people brought up these very issues. I'm surprised that in that time they have not been addressed, though I know I shouldn't be surprised...
Re:Old news is still news... (Score:5, Informative)
They HAVE been addressed. They were addressed before he brought up the issues. There is more than one maker of smart meters out there, you don't judge all autos based on the Yugo, so why brand all smart meters based upon the worst ones?
I've been in this industry for 7 years, and the way the uses "most" in every other paragraph is silly. But then you could count cheap Chinese mobile phones sold by the bucket to claim that most smart phones were poorly made, unreliable, and liable to catch fire.
We have security penetration testers sniffing through our source code and coming up with very obscure bugs which we're required to fix before release. We've had to cajole customers into turning on security (there's a bit of fear of being locked out). Yes good security is expensive but it brings in revenue also as it's a major selling feature. It's may be easier to hack the utility's back office than to hack the meters.
This is not to say that security is good enough. Of course, we need to do better. We need to do better at everything as far as security goes.
Re: (Score:1, Troll)
Of course, we need to do better.
In this case the most obvious way to do better is not use 'smart' meters. They're not saving us any money. And without seeing that spinning wheel, I can't tell how fast I'm consuming the electricity. The old meters are secure and robust. Why try to 'fix' what ain't broke?
Re: (Score:3)
It's up to the utility to save you money. It does indeed save the utility money. It also gives information the utility needs which they've never had before. It used to be that they didn't even know where all the electricity went until the end of the month meter reading. They don't know when the power is out unless people phone in, they don't even know if the right voltage is getting to a neighborhood.
Re: (Score:1)
It does indeed save the utility money.
Well, that's my point. It's for their benefit, not ours. But they tell us the same lie as the insurance industry. *If not for the 'theft', our rates would be lower.*
Re: (Score:2)
California has a regulation that the utility gets a fixed rate estimated each year by the PUC. This provides an incentive for the utility to try and reduce consumption. Before this the incentive was to encourage the consumers to keep on consuming, because that's what the unrestricted free market wants. Of course the utilities grumble and whine about it, but since they've got such a horrible reputation the citizens don't have any sympathy for the fat cats. Today I get told in my electric bill how much I
Re: (Score:2)
My utility (ComEd, a division of Exelon) did the opposite. And they want to raise it even more based on "peak consumption". If there are benefits to smart meters, the subjects of Illinois certainly haven't seen any.
Re: (Score:2)
So what? They still don't replace the worn-out, unreliable equipment that makes the power go out all the damn time (even on calm, sunny days) in the first place!
Re: (Score:2)
They do though. Meters of course, the ones from the fifties were just awful things, using gears to measure watt usage. Thing is, when gears wear down it favor the customer instead of the utility, so there was a vested interest in upgrading to something more accurate. And in many states with regulation the utility makes more profit if they conserve electricity so there's a motivation to get rid of the old crappy equipment. They're also making the local grid smarter by monitoring what's happening, reclose
Re: (Score:2)
https://www.greentechmedia.com... [greentechmedia.com]
Re: (Score:2)
Mechanical meters were indeed just a small part of the problem, but still a problem. A bigger problem for commercial meters than residential ones though. Most rate increases were due to other things. For instance there was a big backlash in Kern Country, California. Mpnthly bills had gone way up at the same time people were seeing the new meters installed. After a PUC review though it was found that the consumption had also gone way up due to high temperatures, and the PG&E utility has also raised r
Re:Old news is still news... (Score:4, Informative)
Well, the reason is several.
First, in places where there's electricity theft, smart meters allow for detection - if you measure the power consumed in a neighbourhood, the sum of the power consumed by each house should tally up. If not, then they investigate.
As for seeing how much you consume, it's actually easy. Most meters have a "virtual wheel" or a blinking light. The virtual wheel is on the display and just moves like the old wheel does, though it is a bit smaller. If it's a light, then each blink represents a fixed unit of kWh - you need to refer to the meter to find the metrological number which tells you how much kWh each pulse represents.
And if not that, a log into the website often can tell you your current usage. Some even sell you a device that lets you remotely monitor the meter - which can tell you your current usage, the current reading, etc.
Most smart meters are properly designed - the reason it's a light is because the measurement board just gives a pulse every fixed kWh consumed and that's the only communications available. The electronics board tallies up the count and displays it. Hack the meter and ...? There's no connection to the measurement board - it just receives pulses.
As for the communications options, some use a proprietary WiFi that's 802.11g-based, but at 900MHz, others are using a 3G cellular network. Others use regular WiFi. So "da evil smart meter waves" are basically cordless phones/garage door/etc (900MHz ISM shared military radar), cellphone or WiFi.
Granted, there are probably some options used in other parts of the world - though a full power disconnect is rare because of the cost of ab appropriate contactor (usually either a liquid or gas insulated contactor) but those are usually separate devices due to cost.
Re: (Score:2)
Looks like 'smart' maters are strictly for the utility's benefit, not the consumers'. Thing is, I've seen smart meters go on the fritz and start smoking, buzzing, clicking, etc, requiring a service call that will cost me hours, if not days waiting around for the guy to show up. I have yet to see a dumb meter ever do that. The 'smart' mater is not ready for prime time yet. I shouldn't need a circuit board when a simple wire winding will do. It is unnecessary complexity. And to tell the truth, electricity is
Re: (Score:2)
Public utilities are regulated...some more highly than others, depending upon your local government. Since I've owned stock in a couple of electric utilities (Detroit Edison & American Electric Power) over the years, I've seen rate hikes denied by the regulators (as it should be) when they can't be justified. If the company has lower expenses, and the regulators are doing their jobs, it should be to everyone's benefit.
Re: (Score:2)
and the way the uses "most" in every other paragraph is silly
Heck if most companies used the same attacks he mentioned then the grid would get dumb before it even gets smart. Many places around the world have lifecycled their 2G networks already. They won't be around in a few years.
I call hogwash (Score:3)
Re: (Score:3)
When "smart" meters first hit the scene a few years ago, people brought up these very issues. I'm surprised that in that time they have not been addressed, though I know I shouldn't be surprised...
That's the main reason to get freaked out when something of this nature gets rolled out - it will NOT get addressed after deployment. Some serious flaws are baked in and won't be improved without an incompatible upgrade, meaning two systems deployed in parallel - who's going to pay for that? Nobody, until there is a demonstrated need.
Re: (Score:2)
no one uses 2g, the open market 3g/4g devices are so damn cheap from china.
Re: (Score:2)
"Finally, they start talking about at least one feature us technically literate folks can appreciate...."
GTFO
How on Earth (Score:4, Interesting)
Re: (Score:1)
That depends on how the meter functions, which part of it are under software control, and if the engineers added safety features to prevent disasters even when the software tries to make the hardware do something dangerous.
Blowing things up spectacularly would certainly be an option if, say, there's a way to command the hardware to short circuit the various phases of a three phase 400 V line.
Re: (Score:2)
Blowing things up spectacularly would certainly be an option if, say, there's a way to command the hardware to short circuit the various phases of a three phase 400 V line.
I'll bite. What use could a smart meter possibly have for this kind of activity. What use could possibly exist for doing this upstream of protection systems? These are installed by utilities which have upstream protection for downstream devices, i.e. you short the meter and all that happens is you blow the pole fuse / distribution fuse. Not to mention that shorting systems are never engaged remotely (not to mention they do not exist for residential properties) and are nearly always interlocked.
Exactly (Score:1)
The meter isn't much more than a hall sensor and some support electronics connected to a microcontroller.
Explode mayybe not (Score:1)
Cut of your power yes, as a standard feature too, for the power companies convenience or maliciously for personal disruption and even nation scale blackout regardless of the grids functioning. Depending on the exact design it might be an easy fix but this part of the design isn't regulated, it might require nation scale hardware replacement if the firmware re-set wont clear the "upgrade" or if re-infection is to fast from turn on (yay for mesh networking). Of course explode is an exaggeration, assuming the
Re: (Score:2)
Yep. Do you have any idea how big a 100+A relay is? (~1 cm contacts) The cooling? And you'd need a duplex for std N.American service (230V hot-hotinv). Look at a 50A AC relay. Smaller & fewer for UK/EU. But meters are buss-bar straddle devices. You have to physically pull the meter out of it's socket to cut power.
Now a malefactor certainly could interfere with the power usage signals, and potentially confuse higher (optimizing) layers of the grid load-balancing system. Even that should not result
Re: (Score:2)
Yep. Do you have any idea how big a 100+A relay is? (~1 cm contacts) The cooling?
Various smart meters DO have the ability to do a remote shutdown / remote restore. It's one of the major selling features to the utilities.
They DON'T NECESSARILY contain standard-design relays.
The components in a Smart meter are also determined by the manufacturer and the utility; They can engineer the sizes of the relays to whatever will work, and they're not beholden to anyone else's safety margins or requirements regard
Re: (Score:1)
...the remote Shut-off/Shut-On is not a frequent duty-cycle application like an industrial relay.
Exactly. So when a hacker gains access to a smart meter and orders it to switch the power off and on repeatedly, he can destroy the relay, possibly causing fire in the process.
Re: (Score:2)
he can destroy the relay, possibly causing fire in the process.
False. Your situation is relying on a lot of "IFs". IF you can open and shut it without an interlock. IF the relay is under load. IF the devices under load get back to full load before you go for your next break cycle. IF the upstream protection doesn't trip first.
IF you're lucky then maybe you can cause an issue with the relay. IF you're really unlucky you can cause the really to stick. IF you're really really unlucky and the moon is aligned just right then it may go bang.
Re: (Score:1)
That includes that he can monitor your current electricity consumption, wait for the electric water heater to be switched on (a script can do this), and then have the meter repeatedly cycle the interruptor relay.
And yes, assuming there's no locking mechanism preventing this, which would surprise me if it were present.
Re: (Score:1)
Then you give some attempt of a probabilistic risk assessment event tree, ending in some kind of a highly unlikely seemingly conspiracy-theory-inspired scenario of a C4 explosion.
Now there have been some reports of 'smart' meters catching fire and even setting houses ablaze, but nothing about C4 explosions.
Do you really want me to believe this was accid
Re: (Score:1)
At those power levels, you aren't talking about "relays", but "contactors". Look in any electric vehicle to find several. (I have a box of them out of chevy volt battery packs. ~400v/350A about the size of an apple. it takes a few watts to keep the contacts closed.)
In an electrical meter, however, there will simply be "knife switch" that requires no power to stay in either closed or open position. A motorized actuator moves it between states in almost the same manner as you pulling the handle on a fuse box.
Re: (Score:2)
Many meters have partial load cutoff capability - so they might shut down your A/C and water heater during peak loads, without causing the rest of your stuff to lose power.
Re: (Score:1)
Actually, it's single digit dollars... a motor, gear, and relay (times 100,000) -- the mechanical equivalent of pulling the breaker handle. Even commercially available (single count) marine grade DC disconnects are less than $40. (DC is harder to disconnect than AC)
Re: How on Earth (Score:3, Funny)
It's obvious. A hacker gets into the meter and signals it to detonate the 7 pounds of C4 which the Illuminati installs in every meter. This in turn triggers the 5 tons of high explosive the Trilateral Commission buries under every house. Which triggers the 3 nukes buried in each city block by Obama's secret UN army. 7, 5, 3, these are Prime numbers so it must be true.
Re: (Score:1)
Re: (Score:3)
Sir, I award you one internet as first prize. Unfortunately the Freemasons subverted the process before the award could be issued.
Re: (Score:2)
How on earth is software going to make a meter explode?
Many meters have load balancing capabilities, they can switch loads on and off... big loads. I don't think it would be the meter exploding, but fairly easily your compressors, and possibly the transformer.
Re: (Score:2)
How on earth is software going to make a meter explode?
It ALL depends on how many exclamation marks you use. If you have 11 of them -- watch out!
#!/bin/bash
echo "Boom!!!!!!!!!!" # DON'T ADD ANY MORE BANGS
Overload, really?? (Score:1)
How can issuing a command (any command) possibly cause a meter to overload? You do know how they work, don't you? Only people who think electricity is magic and watch to many movies and too much tv would be alarmed, the rest of us not so much.
Re: (Score:3, Informative)
Re: (Score:2)
I'm thinking that flickering the power is about the worst they can do, which can damage compressors and some other stuff - potentially surge the transformer and get it to blow its breaker, but they'd have to have had a really bad risk review process to build one of these things with the capacity to do something like short two power legs.
Re: (Score:2)
Is there such a thing as a smart meter with an integrated automatic transfer switch (for a generator)?
Or maybe a smart meter with an integrated switch used in a Wind/Solar installation that feeds back into the grid?
Those are the only 2 scenarios I can think of.
Re: (Score:1)
Re: (Score:2)
There is absolutely switching involved, to avoid backfeeding into a dead line when the feed has failed. For a generator it's with a transfer switch which kills the feed and switched to the generator. For solar without battery backup, it typically just kills everything if the feed fails.
Re: (Score:1)
And none of that is built into the power company's meter. It's all stuff the customer adds downstream -- on the customer side -- of the meter. It's potential hackability is independent of any smart meter.
Re: (Score:2)
I wasn't suggesting it was built into the meter. But just backfeeding a generator or solar inverter into the panel without it is dangerous and generally illegal.
O RLY? (Score:5, Informative)
So, a house fire traced back to a faulty meter means that they can be 'hacked to literally explode'. Excellent extrapolation there guys.
Smart meters may - or may not - have a relay to control loads on a different tariff than the usual "always on 24/7" one. They may possibly be hacked to turn this relay on - or off, making them a bit of a nuisance.
But explosions? Or house fires even? A bit hard to believe.
Re: (Score:2)
I highly doubt the meters have a relay to control the load, controlling relays for 100-200A loads would be a major failure mode, you have a HUGE spark every time you turn it on and off, these relays alone would cost at least $250 if not more and they're large, very, very large.
IF they had these relays, you could turn it on and off quickly, that may cause major malfunctions in devices and perhaps even start fires but again, such relay is not practical nor necessary. On the other hand, relays sometimes malfun
Re: (Score:2)
There are load control devices. These aren't smart meters. But they are things to trip the circuit to things like water heaters and such. Some meters have this built in but it's relatively new (more common in countries where electricity prices are relatively high).
Re: (Score:2)
Smart meters here in Australia have a set of contacts that are switchable by the utility. Typically they are used for off-peak hot water, a load of 15 or so amps.
Re: (Score:2)
Yes, 15 or so amps is do-able, that's a single circuit. But the OP was talking about turning an entire house on and off.
Re: (Score:2)
They may possibly be hacked to turn this relay on - or off, making them a bit of a nuisance.
Well, if they cycle a relay fast enough from software, they may very well destroy equipment at the other end.
Also.... if the meter hardware has the capability to cycle it in the range of Milliseconds, then software can select an average voltage and create a sustained undervoltage condition.
What The Fuck?? (Score:4, Insightful)
An attacker could also see whether a home had any expensive electronics.
He will have power over all of your smart devices connected to the electricity.
An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode.
How did this kind of chicken-little the-sky-is-falling FUD make its way onto Slashdot?
You should be ashamed for posting this "article".
Re: (Score:3)
I don't know, but I think he forgot to take his pills.
Re: (Score:2)
How did this kind of chicken-little the-sky-is-falling FUD make its way onto Slashdot?
Because it fits neatly into the vast conspiracy theory mentality and technology is going to destroy the world mindset.
There is an ongoing furor in a neighboring city over the installation of the mind-destroying radio-signal transmitters in the smart meters the local electric company has installed. Now they can all worry about waking up to find all their stuff has been stolen by crooks who didn't need to break in. Not sure how you steal stuff from a locked house by controlling the electric meter, but it mus
Re: (Score:2)
Slashdot has been posting these anti smart meter articles for a decade. They calmed down once we got rid of some of the more fanciful editors, but...
Re: (Score:2)
How did this kind of chicken-little the-sky-is-falling FUD make its way onto Slashdot?
You should be ashamed for posting this "article".
You must be new here...
Re: (Score:1)
Both claims are totally bullshit. All you can tell is the total household power usage. So you can tell when loads change, but not what caused them. As for what's on my TV??? that's less than a watt difference full white vs. full black. That's undetectable noise on the scale of the entire house. A 300W load just came on. Is that a lamp, the microwave, the TV, or did I just fire up Fallout 4?
NOTHING IN YOUR FUCKING HOUSE TALKS TO THE POWER GRID. Any "load control" modules, if you have any, aren't "your device
So... (Score:2)
I have worked on parts of power meters and this (Score:5, Informative)
Re: (Score:2)
According to his profile Netanel Rubin was in the IDF [linkedin.com], so I googled for Smart Meters in Israel [blogspot.com] and, please forgive my source because it is not highly relevant, all I wanted was the model of meter. And what's interesting about that is that it does offer an optional turn-off relay [emh-metering.com].
Re: (Score:3)
Most smart meters are like this. They consist of two boards - a measurement board and an electronics board. The measurement board consists of current transformers and measures the current draw. It provides a pulse
Q: Who gives (Score:2)
a shit?
A: No one.
Settle Down Snowflake and Get off of (Score:2)
my lawn.
Not surprised (Score:2)
Ah, no. Just no. (Score:4, Insightful)
.
No. Just no. Look them up, at most what they have is remote disconnect relays with a cycle time of 30 to 120 seconds. The aren't solenoids (wire coil relays) but stall motors that move the contanctor open or closed and are not fast acting. That is their only active function. The rest are passive. So they might be able to fiddle the bill, or turn your power on and off. But make the meter explode? I've not seen any designs that would fail in that way. Admittedly, I've not seen every design, but most use a stall motor to move a spring loaded armature/contactor set open or closed.
Re: (Score:2)
An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode."
.
No. Just no. Look them up, at most what they have is remote disconnect relays with a cycle time of 30 to 120 seconds. The aren't solenoids (wire coil relays) but stall motors that move the contanctor open or closed and are not fast acting. That is their only active function. The rest are passive. So they might be able to fiddle the bill, or turn your power on and off. But make the meter explode? I've not seen any designs that would fail in that way. Admittedly, I've not seen every design, but most use a stall motor to move a spring loaded armature/contactor set open or closed.
Consider these devices to be like a home router. You can hack one router, possibly cause someone some grief, but it generally won't affect them much even if their router is part of a big botnet.
The problem I worry about is if someone were to hack hundreds or thousands of these smart meters and started cycling large numbers of them simultaneously in a nefarious way. Electricity grids are generally managing a predictable demand. To do that, calculations are performed which consider time of day, forecaste
GSM / 2G (Score:2)
I get that there are a lot of AMI meters out there that were installed with the old 2G protocol and should be upgraded, which probably means a meter by meter physical upgrade (though perhaps additional encryption software running over 2G could be installed in firmware, which could also take care of hard coded passwords).
But more modern meters are using 3G or 4G, and overall security has been upgraded. The article only covers the older installs without saying that more modern meters and software have addres
Remote monitoring is insecure ... (Score:3)
these devices allow remote monitoring of power usage with granularity of a day or better. How hard would it be for a power company sys-admin, who is a little short of cash, to write a script to find customers who's usage had dropped by 50% or more since a few days ago ? Then sell that list to his house burglar friend who would like to know about homes who's owners might be away on holiday.
Re: (Score:2)
Why would he need to bypass encryption ? He has access to the servers to which your power usage data was uploaded. All he then needs to do is to write a bit of SQL/... and print some addresses that he gives to his mate with the crow bar - Burglar Bill. It matters not how secure the Smart meter is, nor how well encrypted the data upload is; the data will end up on a server that someone will be able to query. Given how well (ahem) many corporates seem to protect customer data I would expect to see some of thi
openssl supports client certs too (Score:2)
so its not just one cert for all.
but meters have IR optical comms too, with 8 char passwords.
Faraday Cage (Score:2)
I put a homemade Faraday Cage around mine. As long as it doesn't TOUCH their meter Public Service can't do anything about it. Public Service tried to make me take mine off. I told them they can't make me, it's not touching their meter. I just gave them my middle finger. They haven't said anything to me in 6 years now since I put it on. I put it on the day after they installed the thing.
Time to be pedantic (Score:2)
The devices being argued about are not smart meters, they are controllers. If you have a smart energy controller then I guess you may be at risk, but if like me, you have a smart meter then you can write code until the cows come home and still have zero effect on my power.
Re: (Score:2)
Time to put my pedantic hat on. A smart meter can not cause any damage as a meter is a device to measure, not modify or control. A quick Internet search suggests the word comes from the Greek word métron, to measure.
The devices being argued about are not smart meters, they are controllers. If you have a smart energy controller then I guess you may be at risk, but if like me, you have a smart meter then you can write code until the cows come home and still have zero effect on my power.
The devices being argued about actually are smart meters. One vendor cited...Sensus...doesn't even make "smart energy controllers." I don't know what you mean by that phrase, exactly...I assume you mean devices used for WAMPAC (Wide Area Monitoring, Protection And Control)...but Sensus does not manufacture anything that would fit the meaning of that phrase. Also, everything described here aligns with meters, not reclosers or synchrophasors or other WAMPAC-related devices.
Re: (Score:2)
Re: (Score:2)
My argument is simple. A meter measures, nothing else (ignoring quantum physics). A device that controls the power in a house is not a meter. If such a device is called a meter is is incorrectly named, probably the handy work of a marketing department. Yes, I am being pedantic, but where I come from (New Zealand), smart meters are immune to the risk of property damage because they are meters and only meters.
Gee, that's swell...but you know these are real things we're talking about, being done by real people, yes? You don't get to just redefine the whole power grid to suit your ignorance of the industry because you could technically argue that something is no longer a "meter" because it has an on/off switch. Remote disconnect is an option on every major meter for sale today, and pretty much all of the minor ones as well...and it's an option that almost every meter in the field has because it's incredibly use
Sales pitches can be dangerously overblown (Score:2)
What the "expert" has done here is taken the worst features of multiple meters, and put them together as though every meter is this way. And even then, he's overstating things...this "they can tell if you're home by how much electricity you're using!" bullshit has been around forever, and it's ridiculous.
Let's see, where to start. One, almost no meters use GSM. GSM is expensive on a per-device basis (the target upper limit for hardware costs is about $100/meter), poorly-supported by cellular providers...
Re:Would the Rust programming language help? (Score:4, Interesting)
Insecurity of these devices is not something the language used to program can fix. Whether it's in Rust or in C, you can write very insecure code on any platform, Rust just tries to prevent common mistakes in C so buffer overflows are 'caught', Java or Objective C has similar safeguards as Rust resulting in similar problems.
Both Perl and Ruby have very strict tainted variable constructs for example, it's almost impossible to not clean the data received from outside the program but that doesn't make your code invincible to SQL injection.
Re:Would the Rust programming language help? (Score:4, Interesting)
If properly exploited, this will be a "virtual" WMD in WWIII. A bit of code, replicated out across the tower network, once triggered could potentially start millions of simultaneous house fires across the USA, and knock out most urban power grids. A few minutes later, trigger other code at the power plants to do something similar. Like a STUXNET but aimed at the electrical grid and smart meters.
Re: (Score:2)
Lets not go totally hyperbolic here. Overloading a meter is going to cause the .20 wacko Chinese capacitor to fizz out, turning the stupid thing off. It is very unlikely to burn the house down. There will be SOME security that will likely be effective at minimizing major damage from the meters. You can't start WWIII with this method.
Re: (Score:2)
Re: (Score:2)
The question is how you would turn off items on the grid by hacking a meter? These meters do not contain any relays or controllable switches, the most that you can do with some advanced meters is perhaps control a side load (a 15A circuit) there is just too much that could go wrong and it would be way too expensive to have these things contain 200A/400V relays, if they did, a few switches on and off and the contacts weld themselves shut.
Re: (Score:2)
Re: (Score:2)
How's it supposed to cause house fires? Part of code is making sure that sort of thing doesn't happen. If there's too much current gong through a breaker, it trips the breaker and shuts down.
Also, the amount of electrical power available for houses is limited. The power distribution system has physical limits, after all.
Re: (Score:1)
Re: (Score:2)
If you live in an area that gets below freezing, and don't have a plan B for when the power or your normal source of home heating goes out, then you're doing it wrong.
Re: (Score:1)
How.
Also chemical fires are way worse, produce dangerous fumes, electrical fires only start something on fire.
Incoming current is limited, you dont have all electricity in your city readily available to be used from your small wires feeding the panel, and the transformers can only produce so many watts.
Re: (Score:2)
You win the first Over Your Head award for 2017.
Re: (Score:1)
Re: (Score:1)
Many are. And yet, there have been no riots. In fact, you don't even know your meter is capable of disconnection.
(The one's around here - CP&L / NC - aren't, btw.)
Re: (Score:1)
Customer self-reporting?!? No. Just no. The only amazing part is the stupidity of the entire idea. The only way to have a trustable number is to read it yourself. (even then, you're relying on humans to get it right, and they won't)
HAH. No. That's not how it works. Any savings in operational costs will go in some executive's pocket.