Your smart meter is very secure (against you) and very insecure (against hackers)


#1

Originally published at: http://boingboing.net/2016/12/31/your-smart-meter-is-very-secur.html


#2

My guess is that its more likely to be hackers against the gas/electric companies.

Wardriving, sending out large readings, small readings, any readings but the right ones.

Then people end up suing the companies for fraud.

The hackers just blackmail the companies into handing over cash.


#3

What exactly does EUCD article 6 have to do with the energy industry?


#4

SaskPower installed 100,000 itron smart meters in 2014 and immediately several burned. They didn’t know why they burned and no report was ever made public. All the meters have been removed at cost of $40 million. Same meters had been installed elsewhere with same problem.

SaskPower to remove 105,000 smart meters following fires


#5

It doesn’t make sense to call me the “owner” of the electric meter in my house. It’s the property, and the responsibility, of the utility.

That doesn’t excuse the utility from their responsibility to secure the device. But the common, and persuasive, argument that “I bought and paid for this (car / computer / thermostat / toothbrush) and therefore have a right to see and modify its software” does not apply. Unless you’re an electric utility.


#6

One of these things was recently installed on my house. I meant to opt out but missed the deadline. So I’m waiting to see what, if anything, changes on my bill. And also hoping it doesn’t burn the place down in the meantime.


#7

So, hack “your own” = the meter in your house over the 'net, problem solved.


#8

Not surprised. Customers are the enemies of corporations, not hackers.

There are meters that turn off your air conditioner’s compressor when electricity gets scarce in the summer. I’ve often thought about securing the cabling with 5/8" stainless steel barriers that will prevent the contractors from around mucking with the wiring (often without asking permission).


#9

Wouldn’t it be possible to install your own meter (smart or otherwise) between the circuit breaker and the power company’s meter? I could think of several advantages to this, first being that the power company couldn’t regulate how you use your power. From their perspective, it would be either on or off. Secondly, you’d have a way to dispute any irregularities that arise with their meters.

It doesn’t even seem like it would cost all that much. But then, I’m not a home owner. I could be missing something.


#10

But don’t worry, it certainly won’t be the Russians! That would be impossible according to the same author of a post literally two articles away from this one.


#11

That’s not what that article actually said, it’s just saying ‘russian made malware anyone could buy is not evidence of the russian government being the one who hacked a thing’


#12

Odd. Did your power company make you buy your own electric meter? PG&E owns mine. They also own my gas meter. My water company owns my water meter. Heck, the city owns my trash cans.

Why would the power company be regulating how you use power? Smart meters are so the power company can do time-based pricing for consumption or generation of power. As far as I know, they have nothing to do with the power company regulating how you use power.


#13

security really comes down to lazy developers. there is no reason why even an Arduino UNO cannot be secure… in fact, i just finished a series of blog posts where i took the liberty to create a secure Arduino UNO library - using elliptic curve crypto and AES. you can read the series here:

http://ardiri.com/blog/utls_defining_lightweight_security_for_iot_part_1
… through to
http://ardiri.com/blog/utls_defining_lightweight_security_for_iot_part_10


#14

Possible? Sure. Probably not cheap, though. You’d need a device capable of not blowing up under a full household current load (say, 250+ amps). You’d need to install it at or before the panel. Definitely a job for an electrician.


#15

I’m sure it would violate either building code or the utility company’s policies.


#16

Hmm. I was needing an excuse to get a Zigbee module or two for my Pis. (Strictly for real-time monitoring of power use, of course.)


#17

For some apartment buildings this is standard practice. This is usually done for sub-metering for tenants when the landlord pays for the main building meter usage.

Using this concept, the homeowner is sub-metering for their one tenant (eg themselves.)

If the main panel is not near the meter (eg inside the dwelling,) the utility would not be aware a second tandem meter exists to audit their metered power usage.


#18

You know, all those power meters using Zigbee could be re-purposed into a real cool communications mesh, so long as each meter could hit the neighbor’s, and there were Internet gateways in the mesh.

It wouldn’t be fast, but fine for old school UUCP, email and Usenet.


#19

You can put in what is called a submeter for sure. I have been involved in putting in tens of thousands. You just need to do to it according to the local electrical code. It is really a job for an electrician. The utility doesn’t mind if you do this as long as you don’t go near their meter.


#20

But they can

Often there are options to kill your Air Conditioning during peak usage. Sure, this is an Opt in service (now) but what other options are in the pipeline?