Easy Tiger

How privacy-conscious consumers are fooling, hacking smart meters

14 posts in this topic

How privacy-conscious consumers are fooling, hacking smart meters http://www.naturalnews.com/036476_smart_meters_hacking_privacy.html

(NaturalNews) The recent roll out of smart meters has brought about mixed reactions from consumers. On one hand, there are activist groups broadcasting the health and privacy concerns that smart meters may potentially have. On the other, the utility companies are championing the advantages of smart meters in the face of a $3.4 billion fund stimulus given by the government for smart grid technologies (it sure is nice of them to be advocating energy savings while they line their pockets with all that money from the government).

Curiously, in all this haste to accomplish the government's energy program, no federal safeguards seem to have been designed to protect customer information from being accessed by others - information that smart meters could be sending (the activist group may have a point on this one). Worse, it appears that smart meters themselves are not an impregnable fortress - the meter can be subject to hacking.

Smart meters hacked in Puerto Rico

In 2009, the Federal Bureau of Investigation investigated widespread incidents of power thefts in Puerto Rico believed to be related to smart meter deployment. The FBI believed that former employees of the meter manufacturer and employees of the utility company were tampering with the meters charging between $300 to $1,000 to reprogram residential meters and $3,000 to reprogram commercial meters.

The perpetrators were said to have hacked into the smart meters using an optical converter device connected to a laptop, allowing smart meters to connect with the computer. The hackers were able to change the settings for recording power consumptions using software available on the internet after making a connection. This method does not require the removal, alteration or disassembly of the meter.

Another recent example of smart meter hacking was demonstrated by Mike Davis, a security consultant. He reverse-engineered a meter bought on Ebay and installed a computer program that replicated itself across the wireless network and blocked the utility company as it went. Jack Bode, writing for Canada.com, made the wry observation that we won't have to worry about getting bombed if ever we go to war again. The enemy only has to "hack us and turn off the power."

Fooling smart meters

The old ways of tampering with analog meters may no longer apply to smart meters. One of the reasons smart meters were employed was to curb electricity theft. In fact, it is estimated that millions of dollars are annually lost due to electricity theft.

Nevertheless, the Puerto Rico incident demonstrates that a smart meter can still be vulnerable to attack using a simple laptop, an optical converter device and a program that can be downloaded from the internet. To date, this is probably the best proven way to fool a smart meter.

At the cost of sounding unscrupulous, the following are some suggestions made by experts on how to fool a smart meter:

1) Attacking a smart meter's memory-through hardware - If a smart meter hasn't been built with protective features, inserting a needle on each side of the device's memory chip can do the trick. The needle intercepts the electrical signals in the memory chip. From these signals, a device's programming can be determined. If security features are in place, it is still possible to obtain the data through customized tools.

2) Using a digital radio - The two-way radio chip in a smart meter allows the device to be read remotely and receive commands over the network. A hacker, who has cracked the meter's programming, can use security codes from the software in the chip to get on the network and issue commands.

3) Accessing the meter - Another method of hacking the smart meter is through a wireless device. Using a software radio programmed to mimic a variety of communication devices, a hacker can listen in on wireless communications in the network and guess over time how to communicate with the meter. Another method is to steal a meter and reverse-engineer it; although inexpensive, the process would require a good knowledge of integrated circuits.

4) Spreading malware to the network - With access to the smart meter's programming codes, it is possible to connect with all other meters in the network that have the same brand. David Baker, director of services for IOActive, a Seattle-based research company , demonstrated this possibility when he designed a virus that could replicate itself in other meters and enable a hacker to shut down the system remotely. In simulations, Davis was able to show that if his malware were to be released in a location where all the houses were fitted with the same brand of meter, it could spread to 15,000 homes in 24 hours.

5) Measuring electrical consumption - Inside smart meters are sensors that measure energy consumption. Under the old mechanical meters, interfering with the meter's ability to report accurately has been the means of many unscrupulous individuals to save money on electricity, like by the use of magnets. The old method used with analog meters may not be difficult to use in fooling the old meters but the new generation of smart meters were designed to protect against such automated methods.

Caveat

If only for the sake of discussion, the main point in discussing how to fool a smart meter is only for the purpose of guarding privacy in the home. This article is not intended to aid or abet criminal activity.

Fooling your meter so you get to save on the electricity bill is illegal and down right unethical.

I should imagine a Faraday type cage would work as well?

Share this post


Link to post
Share on other sites

I should imagine a Faraday type cage would work as well?

Yep probably would, but then they will just make it an estimated read and come round later to check it out.

Smartmeters are designed to do this as it allows for automated software updates to be rolled out.

4) Spreading malware to the network - With access to the smart meter's programming codes, it is possible to connect with all other meters in the network that have the same brand. David Baker, director of services for IOActive, a Seattle-based research company , demonstrated this possibility when he designed a virus that could replicate itself in other meters and enable a hacker to shut down the system remotely. In simulations, Davis was able to show that if his malware were to be released in a location where all the houses were fitted with the same brand of meter, it could spread to 15,000 homes in 24 hours.

Share this post


Link to post
Share on other sites

Smartmeters are designed to do this as it allows for automated software updates to be rolled out.

Windows is designed to do this as it allows for automated software updates to be rolled out.

oh.

Share this post


Link to post
Share on other sites

Windows is designed to do this as it allows for automated software updates to be rolled out.

oh.

If I have access to the root password can I do stuff?

4) Spreading malware to the network - With access to the smart meter's programming codes,

Does windows have control over the network?

Edited by wim

Share this post


Link to post
Share on other sites

What does any of this have to do with privacy?

I was wondering that myself, if somebody goes to all the effort to hack into my electricity meter then they are most welcome to see how much I use.

I would be more concerned about privacy if my bathroom mirror could be hacked into.

Share this post


Link to post
Share on other sites

If I have access to the root password can I do stuff?

Does windows have control over the network?

With IPSec or SSL they could.

Share this post


Link to post
Share on other sites

What does any of this have to do with privacy?

Your electricity usage is your information (you created it).

From a malicious sense it could be used to profile your residence for when it is a good time to commit robbery.

From a less malicious sense it could be sold to third parties without your consent.

I've heard that the smart meters have something similar to a telnet session... though haven't verified it. Surely the wireless comms will be encrypted...

Share this post


Link to post
Share on other sites
At the cost of sounding unscrupulous, the following are some suggestions made by experts on how to fool a smart meter:

And to prove this it is more difficult to fool a smartmeter.

5) Measuring electrical consumption - Inside smart meters are sensors that measure energy consumption. Under the old mechanical meters, interfering with the meter's ability to report accurately has been the means of many unscrupulous individuals to save money on electricity, like by the use of magnets. The old method used with analog meters may not be difficult to use in fooling the old meters but the new generation of smart meters were designed to protect against such automated methods.

Where is the more amusing stuff:

- smartmeter can sometimes be audible and neighbour's dog goes crazy

- smartmeter is the same frequency as the doorbell/garage door

Share this post


Link to post
Share on other sites

With IPSec or SSL they could.

The smartmeter can be the actual network and not just the software/protocol controlling it.

Share this post


Link to post
Share on other sites

The smartmeter can be the actual network and not just the software/protocol controlling it.

Is it cost effective duplicating the infrastructure though? Why not just reuse the existing?

I'm not a fan of black box implementations of software or security. They could sign their code to prevent unauthorised code from running. It sounds like they made the classic mistake of security through obscurity. Although the OP article mentions a vulnerability akin to Van Eck phreaking. (that requires a good knowledge of integrated circuits :sadwalk: )

Share this post


Link to post
Share on other sites

Is it cost effective duplicating the infrastructure though? Why not just reuse the existing?

I'm not a fan of black box implementations of software or security. They could sign their code to prevent unauthorised code from running. It sounds like they made the classic mistake of security through obscurity. Although the OP article mentions a vulnerability akin to Van Eck phreaking. (that requires a good knowledge of integrated circuits :sadwalk: )

Have a look at the SP Ausnet implementation and see what make sense.

Share this post


Link to post
Share on other sites

smartmeter is the same frequency as the doorbell/garage door

This is more insidious than you think.

We had an automatic roller door that opened whenever someone rang our doorbell.

Apparently it was on the same frequency.

It was not very convenient!

Share this post


Link to post
Share on other sites

Have a look at the SP Ausnet implementation and see what make sense.

I'd like to see their implementation. I have no specific criticism as I haven't seen it. Wireless, however is inherently less secure as it's broadcast. Two way traffic means you have to do security right and at least make the technology much harder to hack. Security AFAIK has been an optional extra in software development. If you create a situation where the risk versus payoff is in the favour of the criminal then they will take advantage. Business hates security.

Disclamer: I work in this space and have every reason to big it up.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now