Announcement

Collapse
No announcement yet.

Smart power meters: Already hacked.

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Smart power meters: Already hacked.

    http://www.theregister.co.uk/2012/01..._privacy_oops/

    I recall a thread awhile back over fears of smart power meters, and them being hacked, showing basicly what kind of appliances you have and.. when your home or not.

    Well, They have already been hacked, and apparently one energy company had them misconfigured and they where sending data in plain text.

    'This meant that confidential electricity consumption data was sent in clear text. Because meter readings were sent in clear text, the researchers were able to intercept and send back forged (incorrect) meter readings back to Discovergy.'

    But wait! it gets worse:

    'In addition, the researchers discovered that a complete historical record of users' meter usage was easily obtained from Discovergy's servers via an interface designed to provide access to usage for only the last three months. The meters supplied by the firm log power usage in two-second intervals. This fine-grained data was enough not only to determine what appliances a user was using over a period of time – thanks to the power signature of particular devices – but even which film they were watching.'

    Im sure the MPAA will love that :P 'Heres a $20,000 fine in the mail, we determined you where watching an unlisenced film' 'That power signature was my CNC, not a cam movie rip' 'Good luck explaining that in coart'
    Play Brutal Nature, Black Moons free to play highly realistic voxel sandbox game.

  • #2
    "They" can hack mine all they like! I could care less.

    Comment


    • #3
      ... thanks to the power signature of particular devices – but even which film they were watching.
      Yeah, right.

      providing a warning for consumers should they, for example, have left an iron on after leaving the house
      And how, pray tell, would they know I left the house?

      I think I am safe in saying that that is BS.

      Comment


      • #4
        Originally posted by flathead4
        Yeah, right.



        And how, pray tell, would they know I left the house?

        I think I am safe in saying that that is BS.

        I suspect that one way to decide that you'd left the house is to detect the pattern of lights, TV's etc that get turned off one by one as you get ready to leave.

        Other than going to bed, there is no other time that I walk through the house and turn it all off.


        More disturbing is the fact that they were able to intercept and spoof the data that went back to the power company. There are many ways to screw with someone if you can control their power. You can make it look like they are running a pot farm, for instance. Or just run up their bill. Or shut the power off remotely.

        There are secure ways to network your equipment, but that's awfully hard to do when it is installed at a customer's site.

        Dan
        At the end of the project, there is a profound difference between spare parts and extra parts.

        Comment


        • #5
          Originally posted by danlb
          I suspect that one way to decide that you'd left the house is to detect the pattern of lights, TV's etc that get turned off one by one as you get ready to leave.

          Other than going to bed, there is no other time that I walk through the house and turn it all off.

          Dan
          Even better still is this implys that they already are filtering the data for such events (or fully admit to planing to) and building a database of 'who is home', Nodoubt combined with long term record keeping and appliance identification.

          a database that knows exactly what hours, on what week days, with what precentage of certainty that you are not home, I wonder how many break and enter thiefs would pay good money for that list? Maybe combined with a list of what appliances are 'suspected' to be running at the house? Just sort by estimated number of unique appliances and certainty of not home on monday to friday and what a wonderful time saving list you have.
          Play Brutal Nature, Black Moons free to play highly realistic voxel sandbox game.

          Comment


          • #6
            You're crediting the toothless meth-head crims with a lot more grey-matter then they have left. "They" prescribe pills for paranoia

            Comment


            • #7
              People don't fully understand the power of computing or the internet. Smart meters are a prime example. Yes, it will be possible for power companies, or anyone else with access to the data, to EVENTUALLY (big caveat here) correlate this data with the physical world and know a great deal about you and your habits. They'll know a lot more than you'd expect them to be able to figure out. But, the bigger problem is that power costs money, money is a prime motivator to human beings, and humans share stuff on the internet... stuff like the latest way to automatically hack the smart meter outside your house.

              If you want to run a grow-op now, you have to bypass the stupid meter, which is somewhat interesting when the power is live. But, with a smart meter running on an accessible communications channel, given enough time and resources it will be possible to break the cryptography and start mucking the output to your advantage. Yes, this will be very, very hard to do (assuming they bother turning on the encryption) but there are also very, very smart people out there exploring this stuff, just for fun. As soon as they figure it out, they will share with everyone on the internet. Then, even complete idiots will be able to "crack the meter" and start screwing around. Everyone from drug-growers to pissed-off Xs.

              It will wind up being a race between a very expensive installed base of smart meters and very rapidly-evolving computer resources... The odds are stacked against the slower-moving target. I'm no expert in smart meter technology but, just on general principles, I don't think the power companies really thought this one through.
              http://fixerdave.blogspot.com/

              Comment


              • #8
                They thought of one thing - here they still have mechnical dials in addition to "smart reading".

                Comment


                • #9
                  Originally posted by lakeside53
                  They thought of one thing - here they still have mechnical dials in addition to "smart reading".
                  Lets hope they bother reading those dials. When I moved, they decided to charge me for my 'estimated' power usage for the month I moved.. Instead of reading the damn meter to actualy get a final value for the account. I had to drive hours back to give them the current meter reading myself after I got the outragious bill! (The month I had been moving everything was off and I moved in the middle of the month, So I ended up paying for a couple days of the new occupant too, Grrr)
                  Play Brutal Nature, Black Moons free to play highly realistic voxel sandbox game.

                  Comment


                  • #10
                    Hard to do? Not at all. Power signatures are easy to decode. I can do it with the temperature patterns of my hot water storage tank using a 1 minute sample rate. It shows when clouds go over, when the furnace runs and when we take showers or run the dishwasher and washing machine. All that is reflected by the changes in energy input both from outside or from my furnace run times and the amount of hot water used, how long and at what times.

                    The smart meter will be able to record changes of a watt or less with precise timing. It doesn't need access to smart appliances to build a very complete profile. What film did you watch? Your TV turned on at 20:00 and you ran the microwave at 20:21 which was 30 seconds after the commercial started for the XYZ network offering that night. Then the fridge light came on for 8 seconds. The fridge light came on again at 20:49, 21:17 and 21:44 which was when you opened it to get a beer at another commercial. Correlation complete.
                    Free software for calculating bolt circles and similar: Click Here

                    Comment


                    • #11
                      http://www.google.com.au/#sclient=ps...w=1280&bih=542

                      This is pretty well correct for smart meters which are being progressively installed in the State of Victoria in Australia.

                      Apparently, they can be set (with the owners approval) to start/stop some appliances such as large electrical energy-using appliances such as air-conditioners etc. They can be used for selective "load-shedding" ("brown-outs") in case of real or potential over-load or damage to the electrical reticulation system.

                      There are other "benefits" such as varying time tarrifs and/or the ability to remotely read the client/customer useage or to limit or disconect supply for non-payment of bills etc.

                      Thus far - putting aside the usual over-hyped potential "problems" by the "usual suspects" - I have no concerns.

                      I am quite prepared to pay extra if I use high-load machines in my shop (or the house/property) during high-load and high(er) tarrifs as I am a strong believer in the principle of "user pays".

                      I daresay there may be some glitches but so far the progresive installation seems to be going well - with an acceptable/small "hiccups".

                      Comment


                      • #12
                        Originally posted by lakeside53
                        They thought of one thing - here they still have mechnical dials in addition to "smart reading".
                        Yes, and then they'll have to pay the smuck to come read it - so now we have no cost savings. They should have run a more secure communications channel. I mean, they literally have wire running everywhere; they routinely have to go around and service this infrastructure. They could have started laying a high-frequency network on that wire - point to point, over a few years until they had something to connect into, something instead of wireless. Why does a power company need wireless?

                        It would have been a slower roll-out, but the end results would have been a lot more dependable. As it stands, they will eventually get to a point where the people that want to steal power or otherwise muck the system will be able to do so, and they will need to do so to cover their own meter-bypass activities, and they will need to do so in a random area around theirs to mask their particular area. So now, instead of the grow-op down the street being a "fire hazard," your meter will get hacked to generate artificially high readings to cover off the bypassed power. Of course, if you don't know, I don't suspect the power company is going to tell you, even if they catch the other guy.

                        I don't know... maybe the wireless technology is obscure enough to make it slightly prohibitive to hack... something to make hacking the signal more hassle than it's worth. I'm just thinking that, to the right people, it's worth a lot.
                        http://fixerdave.blogspot.com/

                        Comment


                        • #13
                          BC Hydro and I are having a discussion. I will allow them to install a smart meter but NOT a radio transmitter. They have no legal force of law that allows them to install a radio and they cannot make it a condition of service since that is the domain of the utilities commission. The utilities commission is provincial and cannot mandate transmitters since that is solely a federal responsibility and the federal law has no provision for requiring the installation of a transmitter on private property.

                          We shall see what happens.

                          Free software for calculating bolt circles and similar: Click Here

                          Comment


                          • #14
                            Originally posted by Evan
                            BC Hydro and I are having a discussion. I will allow them to install a smart meter but NOT a radio transmitter. They have no legal force of law that allows them to install a radio and they cannot make it a condition of service since that is the domain of the utilities commission. The utilities commission is provincial and cannot mandate transmitters since that is solely a federal responsibility and the federal law has no provision for requiring the installation of a transmitter on private property.

                            We shall see what happens.
                            Nice! They have thier security tag guarding the meter. And you have yours.

                            Somehow I think they would have less problems with bypassing if they adopted your design!
                            Play Brutal Nature, Black Moons free to play highly realistic voxel sandbox game.

                            Comment


                            • #15
                              Smart meters have already been hacked. The Itron meters that are being installed here run on a Cisco IPv6 network and are very similar to the power control systems targeted by the StuxNet worm.

                              There are serious national security implications to being able to take over the power networks in a country. The StuxNet worm is incredibly sophisticated and was able to destroy thousands of uranium centrifuges in Iran by tampering with the power control systems for the machines. Taking down a network of smart meters is trivial in comparison.
                              Free software for calculating bolt circles and similar: Click Here

                              Comment

                              Working...
                              X