StopUMTS Logo
how to get rid of moles 
Zoeken
   
Voorlichting
16/08/18Wifi uitzetten: modems
10/08/18Netkaart hoogspanningslij
Artikelen
18/08/18Check if your mobile phon
18/08/18Eye Damage in the Microwa
17/08/18Monsanto moet 289 miljoen
17/08/18Ware WLAN ein medikament
16/08/18The full story on EMFs: R
11/08/185-10% Elektrosensiblen
Berichten Nederland
17/08/18De volksgezondheid is bli
15/08/18Huisarts ziet aantal stud
06/08/18’Buitengebied Hoogeveen
28/07/18OPEN BRIEF aan KPN en all
23/07/18Bijna 17.000 LTE-antennes
Berichten België
23/07/18Brusselse overheid tekent
16/06/18Scherpenheuvel-Zichem: Be
Berichten Internationaal
15/08/18USA: CDC Finds Brain, Liv
02/08/18Canada: First withdrawal
26/07/18ICNIRP’s public consult
17/07/18Frankrijk: PhoneGate scan
Ervaringen | Appellen/oproepen
29/07/18WMO aanvraag: ervaring
03/07/18Slimme meter ervaring
28/05/18Stralingsarme werkplek
Onderzoeken
18/08/18Exposure of Insects to Ra
04/08/18Occupational exposure to
29/07/18Oxidative stress in elect
Veel gestelde vragen
13/05/17Vakantie? Witte zo
10/07/16Zeven veel gestelde vrage
Juridische informatie
17/07/18De Omgevingswet en elektr
01/06/18Wetgeving hoogspanningsli
15/05/18Brit dad sues Nokia for u
Oproepen
13/08/18Oproep stralingsarme werk
23/07/18Oproep logeeradres Den Ha
29/06/18Tegenlicht wordt 30% geko
Folders
10/09/17Brochures, folders, websi
29/04/16USA: Meer dan 50 tips voo
Briefwisselingen | Archief: 2008, 2005
07/07/18E/mail naar alle raadsled
07/07/18E-mail naar de TV redacti
Illustraties
 Algemeen
 Fotoalbum zendmasten
 Wetenschappelijke illustraties
Smart electricity meters can be dangerously insecure, warns expert    
Ga naar overzicht berichten in: Artikelen

Smart electricity meters can be dangerously insecure, warns expert
woensdag, 04 januari 2017 - Dossier: Algemeen


Bron: www.theguardian.com/technology/2016/dec/29/smart-electricity-meters-dangerously-insecure-hackers
29 dec. 2016


Smart electricity meters, of which there are more than 100m installed around the world, are frequently “dangerously insecure”, a security expert has said.
The lack of security in the smart utilities raises the prospect of a single line of malicious code cutting power to a home or even causing a catastrophic overload leading to exploding meters or house fires, according to Netanel Rubin, co-founder of the security firm Vaultra.
“Reclaim your home,” Rubin told a conference of hackers and security experts, “or someone else will.”
If a hacker took control of a smart meter they would be able to know “exactly when and how much electricity you’re using”, Rubin told the 33rd Chaos Communications Congress in Hamburg. An attacker could also see whether a home had any expensive electronics.
Advertisement

“He can do billing fraud, setting your bill to whatever he likes … The scary thing is if you think about the power they have over your electricity. He will have power over all of your smart devices connected to the electricity. This will have more severe consequences: imagine you woke up to find you’d been robbed by a burglar who didn’t have to break in.

“But even if you don’t have smart devices, you are still at risk. An attacker who controls the meter also controls the meter’s software, allowing him to cause it to literally explode.”

Rubin said many of the warnings were not hypothetical. In 2009 Puerto Rican smart meters were hacked en masse, leading to widespread billing fraud, and in 2015 a house fire in Ontario was traced back to a faulty smart meter, although hacking was not implicated in that.

The problems at the heart of the insecurity stem from outdated protocols, half-hearted implementations and weak design principles. While the physical security of smart meters is strong – “trust me, I tried” to hack in that way, Rubin said – the wireless protocols many of them use are problematic.

To communicate with the utility company, most smart meters use GSM, the 2G mobile standard. That has a fairly well-known weakness whereby an attacker with a fake mobile tower can cause devices to “hand over” to the fake version from the real tower, simply by providing a strong signal. In GSM, devices have to authenticate with towers, but not the other way round, allowing the fake mast to send its own commands to the meter.

Worse still, said Rubin, all the meters from one utility used the same hardcoded credentials. “If an attacker gains access to one meter, it gains access to them all. It is the one key to rule them all.”

Inside the home, too, the communications are rendered insecure by outdated standards and bad implementation. Almost all smart meters use the Zigbee standard to speak to other smart devices in the home.

Zigbee, which dates from 2003, is a popular home automation standard, used for controlling everything from lightbulbs to air conditioners. But it is so convoluted, due to the vast array of devices supported, that it is almost better to think of it as 15 different standards, each of which vendors can choose to implement as they see fit.

“This unique situation is so difficult to implement, venders actually choose what they want to implement. And when they choose what to support, they more often than not skip security,” Rubin said.

Other weak security decisions made by vendors include:

Encryption keys derived from short (often just six-character) device names.
Pairing standards with no authentication required, allowing an attacker to simply ask the smart meter to join the network and receive keys in return.
Hardcoded credentials, allowing administrator access with passwords as simple and guessable as the vendor’s name.

Code simplified to work on low-power devices skipping important checks, allowing nothing more than a long communication to crash the device.

“These security problems are not going to just go away,” Rubin said. “On the contrary, we are going to see a sharp increase in hacking attempts. Yet most utilities are not even monitoring their network, let alone the smart meters. Utilities have to understand that with great power comes great responsibility.”
Smart meters come with benefits, allowing utilities to more efficiently allocate energy production, and enabling micro-generation that can boost the uptake of renewable energy. For those reasons and more, the European Union has a goal of replacing 80% of meters with smart meters by 2020.

A spokesperson for the UK government’s department of Business, Energy and Industrial Strategy said: “Robust security controls are in place across the end to end smart metering system and all devices must be independently assessed by an expert security organisation, irrespective of their country of origin.”


Ga terug naar het hoofdmenu
Afdrukken | Vragen | RSS | Disclaimer