[Cryptography] Smart electricity meters can be dangerously insecure, warns expert

[Ben Tasker]

> You're missing the point.  Yes, customers get cut off for failure to
pay.  Does it happen often enough to make it worthwhile to build "turn off
power remotely" capabilities into meters?  The traditional method - sending
someone out there to pull the meter - continues to work just fine.

AIUI, the utilities would prefer to have a remote method so that they can
save on the cost of sending someone out, as well as the potential risk to
that person if/when they're caught by the homeowner.

In theory, it also means that once you've caught up on payments, you can be
reconnected near-instantly rather than having to wait days/weeks for an
engineer to visit and reconnect you. Whether that'll prove to be the case
is something else, but it's certainly been touted as a benefit.

> Do smart meters have a remote shutdown capability?  I don't know.

Yes, some (maybe now most?) do

> Even if they did, yes, shutting down power would be disruptive, perhaps
even dangerous - but "explosions and fires"?  No.

It's not inconceivable that flipping on/off at a high rate might damage
something (assuming the fuses don't just blow), but I'm with you, the
likelihood of causing explosions/fires is small. So long, that is, as the
physical attributes of the meter have been designed to fail safe (which is
something that's almost certain to be mandated).


> "An attacker could also see whether a home had any expensive
electronics."  From hacking the smart meter?  How, exactly?
>
> "He will have power over all of your smart devices connected to the
electricity."  How?  Yes, the protocols used for these things
> are badly insecure - but they communicate wireless, not through the power
lines.  Just what does hacking the power meter
> have to do with breaking into IoT communications?

In the IoT ... ahem.... utopia, everything will be connected, and that
includes talking to the meter (though more likely via a "hub" than each
device independently connecting). IOW, the meter will have wireless
capabilities too.

IIRC some utilities are also working on having their meters build mesh
networks to address various reliability issues they've been seeing when
using just a GSM link, so in future it _might_ be easier for someone to
gain access to your meter.

That sentence is pretty badly written though, simply being connected to the
electricity supply shouldn't be sufficient.



-- 
Ben Tasker
https://www.bentasker.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170101/d152386f/attachment.html>