Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Power Security Privacy Software The Almighty Buck Hardware Technology

Smart Electricity Meters Can Be Dangerously Insecure, Warns Expert (theguardian.com) 163

An anonymous reader quotes a report from The Guardian: Smart electricity meters, of which there are more than 100 million installed around the world, are frequently "dangerously insecure," a security expert has said. The lack of security in the smart utilities raises the prospect of a single line of malicious code cutting power to a home or even causing a catastrophic overload leading to exploding meters or house fires, according to Netanel Rubin, co-founder of the security firm Vaultra. If a hacker took control of a smart meter they would be able to know "exactly when and how much electricity you're using," Rubin told the 33rd Chaos Communications Congress in Hamburg. An attacker could also see whether a home had any expensive electronics. "He can do billing fraud, setting your bill to whatever he likes [...] The scary thing is if you think about the power they have over your electricity. He will have power over all of your smart devices connected to the electricity. This will have more severe consequences: imagine you woke up to find you'd been robbed by a burglar who didn't have to break in. "But even if you don't have smart devices, you are still at risk. An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode." The problems at the heart of the insecurity stem from outdated protocols, half-hearted implementations and weak design principles. To communicate with the utility company, most smart meters use GSM, the 2G mobile standard. That has a fairly well-known weakness whereby an attacker with a fake mobile tower can cause devices to "hand over" to the fake version from the real tower, simply by providing a strong signal. In GSM, devices have to authenticate with towers, but not the other way round, allowing the fake mast to send its own commands to the meter. Worse still, said Rubin, all the meters from one utility used the same hardcoded credentials. "If an attacker gains access to one meter, it gains access to them all. It is the one key to rule them all."
This discussion has been archived. No new comments can be posted.

Smart Electricity Meters Can Be Dangerously Insecure, Warns Expert

Comments Filter:
  • by Frosty Piss ( 770223 ) * on Friday December 30, 2016 @07:53PM (#53582067)

    When "smart" meters first hit the scene a few years ago, people brought up these very issues. I'm surprised that in that time they have not been addressed, though I know I shouldn't be surprised...

    • by Darinbob ( 1142669 ) on Friday December 30, 2016 @11:17PM (#53583021)

      They HAVE been addressed. They were addressed before he brought up the issues. There is more than one maker of smart meters out there, you don't judge all autos based on the Yugo, so why brand all smart meters based upon the worst ones?

      I've been in this industry for 7 years, and the way the uses "most" in every other paragraph is silly. But then you could count cheap Chinese mobile phones sold by the bucket to claim that most smart phones were poorly made, unreliable, and liable to catch fire.

      We have security penetration testers sniffing through our source code and coming up with very obscure bugs which we're required to fix before release. We've had to cajole customers into turning on security (there's a bit of fear of being locked out). Yes good security is expensive but it brings in revenue also as it's a major selling feature. It's may be easier to hack the utility's back office than to hack the meters.

      This is not to say that security is good enough. Of course, we need to do better. We need to do better at everything as far as security goes.

      • Re: (Score:1, Troll)

        Of course, we need to do better.

        In this case the most obvious way to do better is not use 'smart' meters. They're not saving us any money. And without seeing that spinning wheel, I can't tell how fast I'm consuming the electricity. The old meters are secure and robust. Why try to 'fix' what ain't broke?

        • It's up to the utility to save you money. It does indeed save the utility money. It also gives information the utility needs which they've never had before. It used to be that they didn't even know where all the electricity went until the end of the month meter reading. They don't know when the power is out unless people phone in, they don't even know if the right voltage is getting to a neighborhood.

          • It does indeed save the utility money.

            Well, that's my point. It's for their benefit, not ours. But they tell us the same lie as the insurance industry. *If not for the 'theft', our rates would be lower.*

            • California has a regulation that the utility gets a fixed rate estimated each year by the PUC. This provides an incentive for the utility to try and reduce consumption. Before this the incentive was to encourage the consumers to keep on consuming, because that's what the unrestricted free market wants. Of course the utilities grumble and whine about it, but since they've got such a horrible reputation the citizens don't have any sympathy for the fat cats. Today I get told in my electric bill how much I

          • They don't know when the power is out unless people phone in

            So what? They still don't replace the worn-out, unreliable equipment that makes the power go out all the damn time (even on calm, sunny days) in the first place!

            • They do though. Meters of course, the ones from the fifties were just awful things, using gears to measure watt usage. Thing is, when gears wear down it favor the customer instead of the utility, so there was a vested interest in upgrading to something more accurate. And in many states with regulation the utility makes more profit if they conserve electricity so there's a motivation to get rid of the old crappy equipment. They're also making the local grid smarter by monitoring what's happening, reclose

              • by dcw3 ( 649211 )
                • Mechanical meters were indeed just a small part of the problem, but still a problem. A bigger problem for commercial meters than residential ones though. Most rate increases were due to other things. For instance there was a big backlash in Kern Country, California. Mpnthly bills had gone way up at the same time people were seeing the new meters installed. After a PUC review though it was found that the consumption had also gone way up due to high temperatures, and the PG&E utility has also raised r

        • by tlhIngan ( 30335 ) <slashdotNO@SPAMworf.net> on Saturday December 31, 2016 @06:06AM (#53583949)

          In this case the most obvious way to do better is not use 'smart' meters. They're not saving us any money. And without seeing that spinning wheel, I can't tell how fast I'm consuming the electricity. The old meters are secure and robust. Why try to 'fix' what ain't broke?

          Well, the reason is several.

          First, in places where there's electricity theft, smart meters allow for detection - if you measure the power consumed in a neighbourhood, the sum of the power consumed by each house should tally up. If not, then they investigate.

          As for seeing how much you consume, it's actually easy. Most meters have a "virtual wheel" or a blinking light. The virtual wheel is on the display and just moves like the old wheel does, though it is a bit smaller. If it's a light, then each blink represents a fixed unit of kWh - you need to refer to the meter to find the metrological number which tells you how much kWh each pulse represents.

          And if not that, a log into the website often can tell you your current usage. Some even sell you a device that lets you remotely monitor the meter - which can tell you your current usage, the current reading, etc.

          Most smart meters are properly designed - the reason it's a light is because the measurement board just gives a pulse every fixed kWh consumed and that's the only communications available. The electronics board tallies up the count and displays it. Hack the meter and ...? There's no connection to the measurement board - it just receives pulses.

          As for the communications options, some use a proprietary WiFi that's 802.11g-based, but at 900MHz, others are using a 3G cellular network. Others use regular WiFi. So "da evil smart meter waves" are basically cordless phones/garage door/etc (900MHz ISM shared military radar), cellphone or WiFi.

          Granted, there are probably some options used in other parts of the world - though a full power disconnect is rare because of the cost of ab appropriate contactor (usually either a liquid or gas insulated contactor) but those are usually separate devices due to cost.

          • Looks like 'smart' maters are strictly for the utility's benefit, not the consumers'. Thing is, I've seen smart meters go on the fritz and start smoking, buzzing, clicking, etc, requiring a service call that will cost me hours, if not days waiting around for the guy to show up. I have yet to see a dumb meter ever do that. The 'smart' mater is not ready for prime time yet. I shouldn't need a circuit board when a simple wire winding will do. It is unnecessary complexity. And to tell the truth, electricity is

            • by dcw3 ( 649211 )

              Public utilities are regulated...some more highly than others, depending upon your local government. Since I've owned stock in a couple of electric utilities (Detroit Edison & American Electric Power) over the years, I've seen rate hikes denied by the regulators (as it should be) when they can't be justified. If the company has lower expenses, and the regulators are doing their jobs, it should be to everyone's benefit.

      • and the way the uses "most" in every other paragraph is silly

        Heck if most companies used the same attacks he mentioned then the grid would get dumb before it even gets smart. Many places around the world have lifecycled their 2G networks already. They won't be around in a few years.

    • If this is so simple, and it's been an issue for years, then why not even one single proof of concept. Nobody wants to control their power bill? ISIS just waiting for the right time to kill us all? In terms of credibility this is right up there with "Hackers can turn your home computer into a BOMB... & blow your family to smithereens! [vice.com]".
    • When "smart" meters first hit the scene a few years ago, people brought up these very issues. I'm surprised that in that time they have not been addressed, though I know I shouldn't be surprised...

      That's the main reason to get freaked out when something of this nature gets rolled out - it will NOT get addressed after deployment. Some serious flaws are baked in and won't be improved without an incompatible upgrade, meaning two systems deployed in parallel - who's going to pay for that? Nobody, until there is a demonstrated need.

  • How on Earth (Score:4, Interesting)

    by MasseKid ( 1294554 ) on Friday December 30, 2016 @08:01PM (#53582107)
    How on earth is software going to make a meter explode?
    • by Anonymous Coward

      That depends on how the meter functions, which part of it are under software control, and if the engineers added safety features to prevent disasters even when the software tries to make the hardware do something dangerous.

      Blowing things up spectacularly would certainly be an option if, say, there's a way to command the hardware to short circuit the various phases of a three phase 400 V line.

      • Blowing things up spectacularly would certainly be an option if, say, there's a way to command the hardware to short circuit the various phases of a three phase 400 V line.

        I'll bite. What use could a smart meter possibly have for this kind of activity. What use could possibly exist for doing this upstream of protection systems? These are installed by utilities which have upstream protection for downstream devices, i.e. you short the meter and all that happens is you blow the pole fuse / distribution fuse. Not to mention that shorting systems are never engaged remotely (not to mention they do not exist for residential properties) and are nearly always interlocked.

    • by Anonymous Coward

      The meter isn't much more than a hall sensor and some support electronics connected to a microcontroller.

      • by Anonymous Coward

        Cut of your power yes, as a standard feature too, for the power companies convenience or maliciously for personal disruption and even nation scale blackout regardless of the grids functioning. Depending on the exact design it might be an easy fix but this part of the design isn't regulated, it might require nation scale hardware replacement if the firmware re-set wont clear the "upgrade" or if re-infection is to fast from turn on (yay for mesh networking). Of course explode is an exaggeration, assuming the

      • by redelm ( 54142 )

        Yep. Do you have any idea how big a 100+A relay is? (~1 cm contacts) The cooling? And you'd need a duplex for std N.American service (230V hot-hotinv). Look at a 50A AC relay. Smaller & fewer for UK/EU. But meters are buss-bar straddle devices. You have to physically pull the meter out of it's socket to cut power.

        Now a malefactor certainly could interfere with the power usage signals, and potentially confuse higher (optimizing) layers of the grid load-balancing system. Even that should not result

        • by mysidia ( 191772 )

          Yep. Do you have any idea how big a 100+A relay is? (~1 cm contacts) The cooling?

          Various smart meters DO have the ability to do a remote shutdown / remote restore. It's one of the major selling features to the utilities.

          They DON'T NECESSARILY contain standard-design relays.

          The components in a Smart meter are also determined by the manufacturer and the utility; They can engineer the sizes of the relays to whatever will work, and they're not beholden to anyone else's safety margins or requirements regard

          • ...the remote Shut-off/Shut-On is not a frequent duty-cycle application like an industrial relay.

            Exactly. So when a hacker gains access to a smart meter and orders it to switch the power off and on repeatedly, he can destroy the relay, possibly causing fire in the process.

            • he can destroy the relay, possibly causing fire in the process.

              False. Your situation is relying on a lot of "IFs". IF you can open and shut it without an interlock. IF the relay is under load. IF the devices under load get back to full load before you go for your next break cycle. IF the upstream protection doesn't trip first.

              IF you're lucky then maybe you can cause an issue with the relay. IF you're really unlucky you can cause the really to stick. IF you're really really unlucky and the moon is aligned just right then it may go bang.

              • True. That's why I wrote: "...when a hacker gains access...".
                That includes that he can monitor your current electricity consumption, wait for the electric water heater to be switched on (a script can do this), and then have the meter repeatedly cycle the interruptor relay.
                And yes, assuming there's no locking mechanism preventing this, which would surprise me if it were present.
        • by Cramer ( 69040 )

          At those power levels, you aren't talking about "relays", but "contactors". Look in any electric vehicle to find several. (I have a box of them out of chevy volt battery packs. ~400v/350A about the size of an apple. it takes a few watts to keep the contacts closed.)

          In an electrical meter, however, there will simply be "knife switch" that requires no power to stay in either closed or open position. A motorized actuator moves it between states in almost the same manner as you pulling the handle on a fuse box.

    • by Anonymous Coward

      It's obvious. A hacker gets into the meter and signals it to detonate the 7 pounds of C4 which the Illuminati installs in every meter. This in turn triggers the 5 tons of high explosive the Trilateral Commission buries under every house. Which triggers the 3 nukes buried in each city block by Obama's secret UN army. 7, 5, 3, these are Prime numbers so it must be true.

      • !! Hilarity! This was worth the rest of the bad comments! Thank you.
      • by JimMcc ( 31079 )

        Sir, I award you one internet as first prize. Unfortunately the Freemasons subverted the process before the award could be issued.

    • How on earth is software going to make a meter explode?

      Many meters have load balancing capabilities, they can switch loads on and off... big loads. I don't think it would be the meter exploding, but fairly easily your compressors, and possibly the transformer.

    • How on earth is software going to make a meter explode?

      It ALL depends on how many exclamation marks you use. If you have 11 of them -- watch out!

      #!/bin/bash

      echo "Boom!!!!!!!!!!" # DON'T ADD ANY MORE BANGS

  • How can issuing a command (any command) possibly cause a meter to overload? You do know how they work, don't you? Only people who think electricity is magic and watch to many movies and too much tv would be alarmed, the rest of us not so much.

    • Re: (Score:3, Informative)

      Thank you, Im an electrician by trade. I have had people ask me to do crazy shit.. like in tower work they want a wire going from one wall in a room to another wall in a room, the floor and ceiling is concrete. Ofcourse they dont want you to cut holes though. i have actually told customers i didnt like much, "Im an electrician not a magician" and that cant be done with out damage. i was reading the summary and wondered how in the world it could cause the meter to explode, and i cant figure out what kindof h
      • I'm thinking that flickering the power is about the worst they can do, which can damage compressors and some other stuff - potentially surge the transformer and get it to blow its breaker, but they'd have to have had a really bad risk review process to build one of these things with the capacity to do something like short two power legs.

      • Is there such a thing as a smart meter with an integrated automatic transfer switch (for a generator)?

        Or maybe a smart meter with an integrated switch used in a Wind/Solar installation that feeds back into the grid?

        Those are the only 2 scenarios I can think of.

        • Generators and Solar are actually landed into the panel just like a branch circuit is and backfeeds the panel in case of power outage. With solar it almost works like packet racing. it feeds the panel which causes less current to be used from the main wires from the meter. so there is no actual switching being done. a generator monitors the voltage being sent to it on the same wires it sends power back down, when the voltage gets below a threshold that you set, it kicks on and back feeds it with correct vol
          • There is absolutely switching involved, to avoid backfeeding into a dead line when the feed has failed. For a generator it's with a transfer switch which kills the feed and switched to the generator. For solar without battery backup, it typically just kills everything if the feed fails.

            • by Cramer ( 69040 )

              And none of that is built into the power company's meter. It's all stuff the customer adds downstream -- on the customer side -- of the meter. It's potential hackability is independent of any smart meter.

              • I wasn't suggesting it was built into the meter. But just backfeeding a generator or solar inverter into the panel without it is dangerous and generally illegal.

  • O RLY? (Score:5, Informative)

    by ColaMan ( 37550 ) on Friday December 30, 2016 @08:08PM (#53582145) Homepage Journal

    So, a house fire traced back to a faulty meter means that they can be 'hacked to literally explode'. Excellent extrapolation there guys.

    Smart meters may - or may not - have a relay to control loads on a different tariff than the usual "always on 24/7" one. They may possibly be hacked to turn this relay on - or off, making them a bit of a nuisance.

    But explosions? Or house fires even? A bit hard to believe.

    • by guruevi ( 827432 )

      I highly doubt the meters have a relay to control the load, controlling relays for 100-200A loads would be a major failure mode, you have a HUGE spark every time you turn it on and off, these relays alone would cost at least $250 if not more and they're large, very, very large.

      IF they had these relays, you could turn it on and off quickly, that may cause major malfunctions in devices and perhaps even start fires but again, such relay is not practical nor necessary. On the other hand, relays sometimes malfun

      • There are load control devices. These aren't smart meters. But they are things to trip the circuit to things like water heaters and such. Some meters have this built in but it's relatively new (more common in countries where electricity prices are relatively high).

      • by ColaMan ( 37550 )

        Smart meters here in Australia have a set of contacts that are switchable by the utility. Typically they are used for off-peak hot water, a load of 15 or so amps.

        • by guruevi ( 827432 )

          Yes, 15 or so amps is do-able, that's a single circuit. But the OP was talking about turning an entire house on and off.

    • by mysidia ( 191772 )

      They may possibly be hacked to turn this relay on - or off, making them a bit of a nuisance.

      Well, if they cycle a relay fast enough from software, they may very well destroy equipment at the other end.

      Also.... if the meter hardware has the capability to cycle it in the range of Milliseconds, then software can select an average voltage and create a sustained undervoltage condition.

  • What The Fuck?? (Score:4, Insightful)

    by Anonymous Coward on Friday December 30, 2016 @08:20PM (#53582219)

    An attacker could also see whether a home had any expensive electronics.

    He will have power over all of your smart devices connected to the electricity.

    An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode.

    How did this kind of chicken-little the-sky-is-falling FUD make its way onto Slashdot?

    You should be ashamed for posting this "article".

    • by bidule ( 173941 )

      I don't know, but I think he forgot to take his pills.

    • How did this kind of chicken-little the-sky-is-falling FUD make its way onto Slashdot?

      Because it fits neatly into the vast conspiracy theory mentality and technology is going to destroy the world mindset.

      There is an ongoing furor in a neighboring city over the installation of the mind-destroying radio-signal transmitters in the smart meters the local electric company has installed. Now they can all worry about waking up to find all their stuff has been stolen by crooks who didn't need to break in. Not sure how you steal stuff from a locked house by controlling the electric meter, but it mus

    • Slashdot has been posting these anti smart meter articles for a decade. They calmed down once we got rid of some of the more fanciful editors, but...

    • by NoKaOi ( 1415755 )

      How did this kind of chicken-little the-sky-is-falling FUD make its way onto Slashdot?

      You should be ashamed for posting this "article".

      You must be new here...

  • does this douchebag "Netanel Rubin, co-founder of the security firm Vaultra" have any evidence for this end of the world scenario? Perhaps, I don't know, evidence of hacking one in a lab?
  • by gemtech ( 645045 ) on Friday December 30, 2016 @10:38PM (#53582863)
    is a load of crap. These are state machines, typically written in embedded C. There are typically current transformers that have a large winding ratio, even if the electronics/firmware screws up there is no back driving the power line. And no relays. This guy has been watching too much Hollywood.
  • Considering the state of industrial control systems, I would be surprised if they have much in the way of security at all.
  • Ah, no. Just no. (Score:4, Insightful)

    by buss_error ( 142273 ) on Saturday December 31, 2016 @03:24AM (#53583701) Homepage Journal
    An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode."

    .

    No. Just no. Look them up, at most what they have is remote disconnect relays with a cycle time of 30 to 120 seconds. The aren't solenoids (wire coil relays) but stall motors that move the contanctor open or closed and are not fast acting. That is their only active function. The rest are passive. So they might be able to fiddle the bill, or turn your power on and off. But make the meter explode? I've not seen any designs that would fail in that way. Admittedly, I've not seen every design, but most use a stall motor to move a spring loaded armature/contactor set open or closed.

    • by dj245 ( 732906 )

      An attacker who controls the meter also controls the meter's software, allowing him to cause it to literally explode."

      .

      No. Just no. Look them up, at most what they have is remote disconnect relays with a cycle time of 30 to 120 seconds. The aren't solenoids (wire coil relays) but stall motors that move the contanctor open or closed and are not fast acting. That is their only active function. The rest are passive. So they might be able to fiddle the bill, or turn your power on and off. But make the meter explode? I've not seen any designs that would fail in that way. Admittedly, I've not seen every design, but most use a stall motor to move a spring loaded armature/contactor set open or closed.

      Consider these devices to be like a home router. You can hack one router, possibly cause someone some grief, but it generally won't affect them much even if their router is part of a big botnet.

      The problem I worry about is if someone were to hack hundreds or thousands of these smart meters and started cycling large numbers of them simultaneously in a nefarious way. Electricity grids are generally managing a predictable demand. To do that, calculations are performed which consider time of day, forecaste

  • I get that there are a lot of AMI meters out there that were installed with the old 2G protocol and should be upgraded, which probably means a meter by meter physical upgrade (though perhaps additional encryption software running over 2G could be installed in firmware, which could also take care of hard coded passwords).

    But more modern meters are using 3G or 4G, and overall security has been upgraded. The article only covers the older installs without saying that more modern meters and software have addres

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Saturday December 31, 2016 @06:49AM (#53584005) Homepage

    these devices allow remote monitoring of power usage with granularity of a day or better. How hard would it be for a power company sys-admin, who is a little short of cash, to write a script to find customers who's usage had dropped by 50% or more since a few days ago ? Then sell that list to his house burglar friend who would like to know about homes who's owners might be away on holiday.

  • so its not just one cert for all.

    but meters have IR optical comms too, with 8 char passwords.

  • I put a homemade Faraday Cage around mine. As long as it doesn't TOUCH their meter Public Service can't do anything about it. Public Service tried to make me take mine off. I told them they can't make me, it's not touching their meter. I just gave them my middle finger. They haven't said anything to me in 6 years now since I put it on. I put it on the day after they installed the thing.

  • Time to put my pedantic hat on. A smart meter can not cause any damage as a meter is a device to measure, not modify or control. A quick Internet search suggests the word comes from the Greek word métron, to measure.

    The devices being argued about are not smart meters, they are controllers. If you have a smart energy controller then I guess you may be at risk, but if like me, you have a smart meter then you can write code until the cows come home and still have zero effect on my power.
    • by Shoten ( 260439 )

      Time to put my pedantic hat on. A smart meter can not cause any damage as a meter is a device to measure, not modify or control. A quick Internet search suggests the word comes from the Greek word métron, to measure.

      The devices being argued about are not smart meters, they are controllers. If you have a smart energy controller then I guess you may be at risk, but if like me, you have a smart meter then you can write code until the cows come home and still have zero effect on my power.

      The devices being argued about actually are smart meters. One vendor cited...Sensus...doesn't even make "smart energy controllers." I don't know what you mean by that phrase, exactly...I assume you mean devices used for WAMPAC (Wide Area Monitoring, Protection And Control)...but Sensus does not manufacture anything that would fit the meaning of that phrase. Also, everything described here aligns with meters, not reclosers or synchrophasors or other WAMPAC-related devices.

      • by ukoda ( 537183 )
        My argument is simple. A meter measures, nothing else (ignoring quantum physics). A device that controls the power in a house is not a meter. If such a device is called a meter is is incorrectly named, probably the handy work of a marketing department. Yes, I am being pedantic, but where I come from (New Zealand), smart meters are immune to the risk of property damage because they are meters and only meters.
        • by Shoten ( 260439 )

          My argument is simple. A meter measures, nothing else (ignoring quantum physics). A device that controls the power in a house is not a meter. If such a device is called a meter is is incorrectly named, probably the handy work of a marketing department. Yes, I am being pedantic, but where I come from (New Zealand), smart meters are immune to the risk of property damage because they are meters and only meters.

          Gee, that's swell...but you know these are real things we're talking about, being done by real people, yes? You don't get to just redefine the whole power grid to suit your ignorance of the industry because you could technically argue that something is no longer a "meter" because it has an on/off switch. Remote disconnect is an option on every major meter for sale today, and pretty much all of the minor ones as well...and it's an option that almost every meter in the field has because it's incredibly use

  • What the "expert" has done here is taken the worst features of multiple meters, and put them together as though every meter is this way. And even then, he's overstating things...this "they can tell if you're home by how much electricity you're using!" bullshit has been around forever, and it's ridiculous.

    Let's see, where to start. One, almost no meters use GSM. GSM is expensive on a per-device basis (the target upper limit for hardware costs is about $100/meter), poorly-supported by cellular providers...

If I set here and stare at nothing long enough, people might think I'm an engineer working on something. -- S.R. McElroy

Working...