In On Smart Cities, Smart Energy, And Dumb Security -- Netanel Rubin's talk at this year's Chaos Communications Congress -- Rubin presents his findings on the failings in the security of commonly deployed smart meters.
It's not pretty.
The meters are designed to treat their owners as attackers: you are your smart meter's adversary, because if you could control it, you could use it to defraud the power company about your electricity usage. As a result, the physical security of smart meters is very good.
But the corollary of this adversarial relationship is that your meter's networked insecurities are, by design, impossible for you to remedy or override. If an attacker gains control of your meter, they can jack up your bills, shut down your power (compromising both your physical safety during periods of extreme heat or cold; and your network security by powering down devices like burglar alarms and cameras), and spy on your electricity usage, etc -- and that fantastic physical security means you can't readily reprogram your meter to tell it to ignore the remote instructions that seem to be emanating from a privileged user at the power company. If you can override the power company's instructions, the power company is vulnerable to your shenanigans, and since power companies are the primary customers for smart meters, the meters are designed to protect them at your expense.
This would be a lot less worrisome if the network security of smart meters was perfect (though you'd still be vulnerable to unscrupulous power company employees and repressive government orders -- imagine how Turkey's government could use this power against its enemies list in its current purge), but all security is imperfect, and in the case of smart meters, "imperfect" is an awfully charitable characterisation.
The network security model of smart meters starts from the inherently flawed Zigbee protocol, long understood to be difficult to secure, and goes downhill from there, with halfhearted and sloppy implementations of Zigbee's second-rate security. Smart meters rely on the insecure GSM protocol, incorporate hardcoded administrative passwords, and use keys derived from six-character device names.
The Guardian's Alex Hearn asked the UK department of Business, Energy and Industrial Strategy for their response to this, and they said "Robust security controls are in place across the end to end smart metering system and all devices must be independently assessed by an expert security organisation, irrespective of their country of origin."
Translation: we will do nothing about this until it is too late.
As bad as all this seems, it's actually worse. Rubin is almost certainly not the first person to discover these vulnerabilities, but as we learned during the US Copyright Office's 2015 proceedings on the DMCA, security researchers who uncover these security bugs are routinely silenced by their in-house counsel, because laws like Section 1201 of the DMCA -- and EU laws that implement Article 6 of the EUCD -- allow companies to sue (and even jail) anyone who reveals a flaw in their digital locks.
“These security problems are not going to just go away,” Rubin said. “On the contrary, we are going to see a sharp increase in hacking attempts. Yet most utilities are not even monitoring their network, let alone the smart meters. Utilities have to understand that with great power comes great responsibility.”
Smart meters come with benefits, allowing utilities to more efficiently allocate energy production, and enabling micro-generation that can boost the uptake of renewable energy. For those reasons and more, the European Union has a goal of replacing 80% of meters with smart meters by 2020.
Smart electricity meters can be dangerously insecure, warns expert
[Alex Hern/The Guardian]