S.M.A.R.T METERS DEATH GRID
Smart meters are "dangerously insecure," according to researcher Netanel Rubin – who claimed the gear uses weak encryption, relies on easily pwned protocols, and can be programmed to explode.
The software vulnerability hunter derided global efforts to roll out the meters as reckless, saying the "dangerous" devices are a risk to all connected smart home devices.
Smart meters can communicate with networked devices inside homes, such as air conditioners, fridges, and the like. A hacker who could infiltrate the internet-connected meters could control those gadgets and appliances and potentially unlock doors.
They could also manipulate the meter's code to cause fires, something that's trivially easy using mains supplies, Rubin claimed. You'd be forgiven for thinking fuses would prevent such a blaze, although the researcher is convinced the hardware can be tricked into overexerting itself and exploding.
"An attacker who controls the meter also controls its software, allowing them to literally blow the meter up," he told (https://web.archive.org/web/20220525130108/https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8272.html) the Chaos Communications Congress in Hamburg, Germany, earlier this month.
"If an attacker could hack your meter, he could have access to all the devices connected to the meter. The smart meter network in its current state is completely exposed to attackers."
Rubin was accused of fear-mongering by the conference's audience. He shot back that he wanted to grab the public's attention with dire warnings of exploding boxes – claims that reminded El Reg of an old infamous World Weekly News spoof.
He fended off comments from the audience that triggering explosions through hacking was not possible, alleging it had been demonstrated in the US. (The Register could not at the time of writing verify that claim. We've written a ton about insecure smart meters, though, of course.)
While the physical security of the meter is typically strong, hackers still have plenty of wireless vectors to attack and exploit to compromise the equipment, he argued.
Rubin listed smart meters' use of Zigbee and GSM protocols, often left insecure and unencrypted, or at best secured with a GPRS A5 algorithm that is known to be broken for more than five years. Attackers can also wirelessly force all units in an area to connect to malicious base stations using their hardcoded login credentials. This access grants miscreants direct access to the smart meter firmware for deep exploitation.
"All meters of the same utility use the same APN credentials," Rubin told the applauding audience. "One key to rule them all."
Worse, Rubin found smart meters that hand over critical network keys when communicating with home devices without checking if the gadgets should be trusted. This opens an avenue for criminals to set up equipment that masquerades as home devices, steals the keys, and impersonates meters.
"You can communicate with and control any device in the house from way across the street, open up locks, cause a short in the electricity system, whatever we want to do. A simple segmentation fault is enough to crash the meter, causing a blackout at the premises," Rubin said.
He says these security shortcomings would have been eliminated if proper encryption was used, and the network was segmented instead of being treated as a "giant LAN."
In 2009, in Puerto Rico, bill fraudsters were able to exploit similar security holes to snatch US$400m. Rubin said the meters' ability to communicate with internal smart home devices is merely an immediate concern – it will be way worse when utilities expand in the future to form city-wide mesh networks with city smart appliances.
"The entirety of the electricity grid, your home, your city, and everything in between will be in control of your energy utility, and that's a bit scary," he said.
About 40 percent of the smart meter market is held by Itron, Landis and Gyr, and Elster. The European Union wants to replace more than 70 percent of electricity meters with smart versions at a cost of €45 billion. There are already some 100 million meters installed globally.
Rubin expects a sharp increase in hacking attempts, and called on utility companies to "step up." He said he will release an open-source fuzzing tool to help security researchers test their own meters. "Reclaim your home, before someone else does," he said.
https://mdsafetech.org/wp-content/uploads/2019/10/fire-and-electrical-hazards-report.pdf
Electrical engineer William Bathgate:
This small electronic part cannot withstand more than a 300 Volts AC surge. The part will explode when a line voltage surge exceeds this limit, such as when a tree branch touches the high voltage lines or lightning strike occurs nearby. Once this Varistor explosion has occurred it permits high voltage transfer to the other circuit board components and the circuit board substrate. This results in the AMI meter literally exploding from the meter socket or in a severe melting of the plastic components, likely leading to a fire and/or severe home damage.
Most customers that comment when this occurs say
they hear a load pop or a boom, followed by lights flickering, and followed by arcing at the meter housing.
This is not how a circuit board should be protected…There is no sound electronic engineering firm that would permit 240 volts AC to short circuit across the circuit boards due to a component failure such as a Varistor.
This is extremely dangerous.
Once the progression of the subsequent short circuit begins the line transformer will apply up to 2,000 Amps to the meter housing until
either the feed lines to the home disintegrate and vaporize or the transformer line breaker/fuse trips out after 50 seconds.
By this time the damage is so extensive it is jeopardizing human and animal life.
No such condition is possible from an Analog Meter.11
I can make a complaint to the FCC and cause DTE to 5 cease operations of the AMI mesh network.
The Communications Act of 1934 …
The only means to prevent harm to the residents of homes and certain medical offices is the elimination of the AMI installation and replacement with an Analog Meter.
Placing at risk medically vulnerable persons with severe conditions just because the utility wants its way is unconscionable.
If a tree or branch falls across the lines and causes a high voltage line to contact a lower voltage utility line, much higher voltages can flow down the line into a building. And lightning strikes are about 30 million volts.
The crash happened in Stockton, California, just outside of Sacramento. The wreck caused one power line to fall on top of another, creating a power surge to the homes. The smart meters were unable to handle the surge and exploded.
https://www.securityweek.com/smart-meters-pose-security-risks-consumers-utilities-researcher/
Serious vulnerabilities in smart electricity meters continue to expose both consumers and electric utilities to cyberattacks. However, some have questioned claims that hackers can cause these devices to explode.
However, according to Netanel Rubin, who recently founded Vaultra, a company that develops security solutions for the smart industry, smart meters continue to lack proper security mechanism, allowing malicious actors to use these devices to target both consumers and utilities.
In a presentation at the 33rd Chaos Communication Congress (33C3) in Hamburg, Germany, Rubin analyzed the methods that can be used to hack smart meters. The expert said that while physical attacks are more difficult due to various protection mechanisms, remote software hacking can be much easier to conduct.
The protocols used by smart meters include ZigBee, which is used for communicating with smart appliances in the consumer’s home, and GSM, which is used for communications between the meter and the electric utility. Both ZigBee and GSM have been known to contain serious vulnerabilities, and they have been poorly implemented in smart meters.
Even more worrying, Rubin said, is that since smart meters can communicate with all the smart devices in the consumer’s home, an attacker could hijack those systems, including smart door locks.
The expert also believes an attacker could cause a meter to explode by making modifications to the software running on the device.
ETU secretary Dean Mighell said about half a dozen more damaged meters had "exploded" since last week in Hadfield, Coburg and Pascoe Vale.
The union claims potentially deadly risks aren't being taken seriously.
"Once a house burns down, they will treat it more seriously; people will have to die," Mr Mighell said.
https://globalnews.ca/news/1489707/manufacturer-defends-smart-meters-after-fires/
Saskatchewan’s Crown Investments Corp. has been asked to investigate and SaskPower is conducting an internal review after the province ordered 105,000 of the utility meters to be removed from homes last week.
“Our experience has shown that these issues are systemic in the industry and we are committed to delivering solutions that help our customers to overcome these challenges,” Bays said.
https://spectrum.ieee.org/smart-meter-fire-reports
We are seeing a spate of report from around the United States—and indeed around the world—of fires believed to have been caused by smart meters that were faulty, incorrectly installed, or connected to circuits where there were unfortunate and unforeseen effects. This appears to be not just a matter of freak incidents that may or may not have taken place here or there. In a compilation made by the EMF Safety Network, which specializes in EMF and RF precaution, there are at least a couple of dozen smart meter fire reports from Australia to Canada and virtually all regions of the United States, and some of those reports concern a couple of dozen fire incidents. In some cases fires appear to have originated in the meters themselves, in other cases in appliances like microwave ovens or refrigerators (as in the photo above), because of power surges.
To be sure, those reports are not necessarily going undisputed by local utilities and energy companies. In one instance, for example, California’s PG&E and fire officials have taken issue with an initial report of meter induced fires in Santa Rosa;
a short circuit in the distribution system blew out a number of meters, both conventional and two-way, the local fire chief said.
On the other hand, just last week Commonwealth Edison of Illinois confirmed three smart meter fires in its operating area, and earlier last month its sibling company Peco Energy suspended smart meter installations in the Mid-Atlantic states after 15 reports of smart meter fires, one in Philadelphia.
https://calcoastnews.com/2011/04/pge-smart-meters-cause-santa-rosa-fire/
According to newspaper reports, Santa Rosa Battalion Chief Jack Piccinini described the scene as a “meltdown.”
https://web.archive.org/web/20160115010017/http://images.edocket.azcc.gov/docketpdf/0000156835.pdf
Idiot meter forcing me out of my house in Portland OR. My home office is now uninhabitable safely. Fuck Pacific Power, fuck Rothschild, especially. Did I say fuck Rothschild, they own Pacific Power.
Do not buy or use any electrical device identified as "Smart". This includes "smart" phones, "smart" appliances, "smart" meters, etc., etc. In addition to being potential safety/electrical hazards, these devices spy on you, have access to personal/financial/medical information that is often stored insecurely and is sold to the highest bidder. Whenever possible substitute for a device that is not labeled "smart" or is identified as analog (or non-digital).