FBI: Smart Meter Hacks Likely to Spread

Though a little over a year old, this post concerning the security of smartmeters is particularly valuable considering the rapid adoption of the technologies throughout Canada. Particularly pertinent:

Citing confidential sources, the FBI said it believes former employees of the meter manufacturer and employees of the utility were altering the meters in exchange for cash and training others to do so. “These individuals are charging $300 to $1,000 to reprogram residential meters, and about $3,000 to reprogram commercial meters,” the alert states.

The FBI believes that miscreants hacked into the smart meters using an optical converter device — such as an infrared light — connected to a laptop that allows the smart meter to communicate with the computer. After making that connection, the thieves changed the settings for recording power consumption using software that can be downloaded from the Internet.

“The optical converter used in this scheme can be obtained on the Internet for about $400,” the alert reads. “The optical port on each meter is intended to allow technicians to diagnose problems in the field. This method does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact.”

The bureau also said another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage, while still providing electricity to the customer.

So, this suggests that insider threats and poor shielding enable significant fraud. Can’t say it’s surprising given how often these meters have been compromised when deployed in other jurisdictions.


Wireless Interference and Smart Meters?

Apparently folks in the DSLReports Forums are reporting some issues with their new smart meters:

Users in our forums direct our attention to claims that at least one small WISP has had their service put out of commission due to electric utility smart meters operating in the 900 MHz band. We’ve previously noted how utility smart meters are interfering with residential Wi-Fi routers, and we’re seeing agrowing number of complaints about the meters interfering with other residential gear as well. The solution from utilities so far appears to be the hope that all consumers migrated to 2.4GHZ and 5.8 GHZ bands so they don’t have to change. However, some smart meters also use the 2.4 GHz range.

I hadn’t really considered interference as one of the issues with smart meters – most of my time has been spent looking at the privacy, payment, and security issues that these meters have exhibited over the past decade – but I guess I shouldn’t be surprised. If consumers are being forced to adopt the next-gen electrical surveillance kit I have to wonder: can at least negotiate for a free router to go with their electrical update?


Sony’s Smartgrid Micropayment System

Sony is promoting a product concept: smart electric outlets that enable micro payments and authentication for energy usage at the device level. As described by The Verge:

Sony is developing power outlet technology that uses IC chips to determine a user’s identity or permissions. Possible use case scenarios include managing energy usage in large buildings, device theft prevention, and — yes — the potential for paid access to power. Sony says it expects the technology to be employed in cafes, restaurants, airport waiting lounges, and other public places. The outlets have an IC chip built-in, and send authentication information down the power line itself — this can come from an IC chip built into the plug, or potentially inside an NFC-equipped device or payment card.

This isn’t a surprising new concept – contemporary ‘smart systems’ are largely sold on these kinds of logic – but it’s telling that we would be moving payment and identity authentication into integrated ICs on the devices that we use in daily life. I’ll be incredibly curious to see the threat models and risk assessments associated with these next-generation smart systems: if they are deployed as imagined, payment security and electrical privacy issues would be incredibly serious, and challenging, issues to adequately address.