Sunday, July 15, 2012

How privacy-conscious consumers are fooling, hacking smart meters

How privacy-conscious consumers are fooling, hacking smart meters

 (NaturalNews) The recent roll out of smart meters has brought about mixed reactions from consumers. On one hand, there are activist groups broadcasting the health and privacy concerns that smart meters may potentially have. On the other, the utility companies are championing the advantages of smart meters in the face of a $3.4 billion fund stimulus given by the government for smart grid technologies (it sure is nice of them to be advocating energy savings while they line their pockets with all that money from the government).

Curiously, in all this haste to accomplish the government's energy program, no federal safeguards seem to have been designed to protect customer information from being accessed by others - information that smart meters could be sending (the activist group may have a point on this one). Worse, it appears that smart meters themselves are not an impregnable fortress - the meter can be subject to hacking.

Smart meters hacked in Puerto Rico

In 2009, the Federal Bureau of Investigation investigated widespread incidents of power thefts in Puerto Rico believed to be related to smart meter deployment. The FBI believed that former employees of the meter manufacturer and employees of the utility company were tampering with the meters charging between $300 to $1,000 to reprogram residential meters and $3,000 to reprogram commercial meters.

The perpetrators were said to have hacked into the smart meters using an optical converter device connected to a laptop, allowing smart meters to connect with the computer. The hackers were able to change the settings for recording power consumptions using software available on the internet after making a connection. This method does not require the removal, alteration or disassembly of the meter.

Another recent example of smart meter hacking was demonstrated by Mike Davis, a security consultant. He reverse-engineered a meter bought on Ebay and installed a computer program that replicated itself across the wireless network and blocked the utility company as it went. Jack Bode, writing for Canada.com, made the wry observation that we won't have to worry about getting bombed if ever we go to war again. The enemy only has to "hack us and turn off the power."

Fooling smart meters

The old ways of tampering with analog meters may no longer apply to smart meters. One of the reasons smart meters were employed was to curb electricity theft. In fact, it is estimated that millions of dollars are annually lost due to electricity theft.

Nevertheless, the Puerto Rico incident demonstrates that a smart meter can still be vulnerable to attack using a simple laptop, an optical converter device and a program that can be downloaded from the internet. To date, this is probably the best proven way to fool a smart meter.

At the cost of sounding unscrupulous, the following are some suggestions made by experts on how to fool a smart meter:

1) Attacking a smart meter's memory-through hardware - If a smart meter hasn't been built with protective features, inserting a needle on each side of the device's memory chip can do the trick. The needle intercepts the electrical signals in the memory chip. From these signals, a device's programming can be determined. If security features are in place, it is still possible to obtain the data through customized tools.

2) Using a digital radio - The two-way radio chip in a smart meter allows the device to be read remotely and receive commands over the network. A hacker, who has cracked the meter's programming, can use security codes from the software in the chip to get on the network and issue commands.

3) Accessing the meter - Another method of hacking the smart meter is through a wireless device. Using a software radio programmed to mimic a variety of communication devices, a hacker can listen in on wireless communications in the network and guess over time how to communicate with the meter. Another method is to steal a meter and reverse-engineer it; although inexpensive, the process would require a good knowledge of integrated circuits.

4) Spreading malware to the network - With access to the smart meter's programming codes, it is possible to connect with all other meters in the network that have the same brand. David Baker, director of services for IOActive, a Seattle-based research company , demonstrated this possibility when he designed a virus that could replicate itself in other meters and enable a hacker to shut down the system remotely. In simulations, Davis was able to show that if his malware were to be released in a location where all the houses were fitted with the same brand of meter, it could spread to 15,000 homes in 24 hours.

5) Measuring electrical consumption - Inside smart meters are sensors that measure energy consumption. Under the old mechanical meters, interfering with the meter's ability to report accurately has been the means of many unscrupulous individuals to save money on electricity, like by the use of magnets. The old method used with analog meters may not be difficult to use in fooling the old meters but the new generation of smart meters were designed to protect against such automated methods.

Caveat

If only for the sake of discussion, the main point in discussing how to fool a smart meter is only for the purpose of guarding privacy in the home. This article is not intended to aid or abet criminal activity.

Fooling your meter so you get to save on the electricity bill is illegal and down right unethical.

Sources for this article:

http://news.cnet.com
http://www.canada.com/Smart+meters+dumb+security/6451972/story.html
http://www.h-online.com
http://krebsonsecurity.com
http://www.canada.com/Smart+meters+dumb+security/6451972/story.html
http://www.securerf.com/RFID-Security-blog/?p=246
http://thetyee.ca/Opinion/2010/07/05/SmartMeters/
http://www.greentechmedia.com
http://www.technologyreview.com/computing/23179/?a=f

No comments:

Post a Comment