[Cryptography] Smart electricity meters can be dangerously insecure, warns expert

Michael Kjörling michael at kjorling.se
Sun Jan 1 11:34:48 EST 2017


On 1 Jan 2017 08:10 -0500, from allenpmd at gmail.com (Allen):
>> A smart electric meter provides a way to read electricity used
>> remotely. It might, I suppose, have a way to shut off current
>> remotely - but I rather doubt it - how often do electric companies
>> need to cut off the power to a subscriber?
> 
> I'm glad to hear that in your experience it is almost inconceivable
> that someone is unable to pay their electric bill, but in the real
> world, this happens all the time.

So a smart meter perhaps has a way to shut off electricity remotely.
Personally, I can see the validity of such a use case from the power
company's point of view. But that also implies that it has (or at the
very least a very strong _should_ have) a way to turn the power back
on remotely.

Unless the meter is bricked, assuming that the disconnection was
illegitimate, a quick phone call to the power company should be enough
to get the ball rolling on getting power restored in short order. If a
malicious actor (Mallory, say) is able to shut off power again after
that, then it is to a very large degree the power company's problem.

As for a fire being tracked back to a malfunctioning smart meter, I'm
with Jerry; that has nothing to do with whether the meter is smart or
dumb. A malfunctioning dumb meter, given the same set of
circumstances, could all but certainly fail in the same manner. That's
why we have fuses, which are designed and intended to cut the power
before an excessive current flow causes excessive additional damage.
They don't always succeed, but really, they tend to succeed more often
than not. (And I don't know what is customary in the US, but every
electrical installation I've had the opportunity to look at, including
that to my own house, has incoming feed fuses _before_ the meter, so
even if there's a dead short in the meter, there's a limit to how much
current can be drawn before the fuses trip.)

I think it was Bruce Schneier who said it, but it doesn't really
matter who did: _It's in the news because it barely ever happens._
Don't worry about what's in the news, worry about everything that
_isn't_ in the news but still happens.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the cryptography mailing list