[PietdeVries]

Why would a power meter allow an unauthenticated client to turn the thing on and off wireless?!? Sure, if you flip a switch handling a large current often enough, something will break (and I am impressed it's not the AC in this case).

But why does the power meter accept commands from something 'outside', something untrusted?

[onetrickwolf]

I mean why are power lines not locked up and buried underground secured locked steel cages?

Because some things work better with trust vs convoluted security.

I think this is something a lot of computer nerds don't get (myself included at one point). It's almost like if something can be accessed we are allowed to access it and it's the fault of the person securing it. But a lot of our society works on trust and I think we'd live in a much more difficult world if everything had to be secure enough to resist any attack.

If this thing was connected to the internet I get it, but you already need physical access to the meter why add another layer of security on top of that? If someone has wants to mess up your power and they have physical access there's plenty of ways they can do it without wireless communication.

[bayindirh]

I would just add a simple layer of device-id based password generation function which is hard to reverse engineer. The devices used by authorized people would auto-generate it and will be transparent to them, yet it'll prevent many people from getting in. Add a rate-limiter on top of it, and it's impractical to brute force it.

If Philips can secure its SoniCare brush heads this way to prevent tampering and counterfeiting, a utility company or meter producer which enables a much more important infrastructure can be a little more mindful about what they are doing.

Other than that I agree 100% to your viewpoint.

[InitialBP]

Definitely agree with you here. The parent has a very valid point about not always over-securing things that don't need to be secured, but physical line cutting and wireless shutoff are very different threats.

Someone walking around your neighborhood cutting every single electric line on the side of a house, risking electric shock and trespassing on your private land is much more likely to get caught than somebody rolling through your neighborhood with a flipper zero and a high power antenna turning off all of your meters.

If someone had a grudge against you, and they started to "release the magic smoke" from your meter once a week and the power company is upset with you and your HVAC system doesn't work anymore, in addition to the fact that the compressor in your AC is toast because of someone energizing and de-energizing the circuit so rapidly. Now you are out thousands of dollars and, on top of all that, no matter how many cameras you put up, you'll have a hard time figuring out who's doing it.

[salawat]

Which is exactly how you end up with more etrash when a company goes out of business.

Also, you've just made replacement/repair/support far more complicated and dangerous for everyone than it need be. You must be 10% smarter than any piece of equipment you are operating to safely use it, and be "ahead of the machine".

I truly believe we have suffered greatly as a civilization for our willingness to lose sight of that, and to have allowed the siren call of "abstraction" to charm us into making things so absurdly complicated that short of neverending population growth to bring into existence more people to solve all the new problems people have created, one is hard pressed to even read everything necessary to understand why most things are the way they are.

[bayindirh]

When done with proper contracting and documentation, losing a company is not a problem, because either you put the spec and the algorithm on the table, and people implement it to get certified, or you get the technical docs to use when/if the company goes out of business.

Practically, it doesn’t do anything more complicated. Device provides you an ID without a password, but accepts everything else with a password. In many countries, if not all, infrastructure equipment is already protected property. Nobody except the utility company touch, repair, reconfigure that meter, anyway.

Overcomplicating stuff is indeed a problem, and it’s a combination of poor engineering plus monetary greed in most cases. Also it’s a side effect of evolution of technology. I would love to discuss it to death, but this is not the place and I don’t have much time for it either.

[soupfordummies]

Very good insight here. This is something I’ve been thinking a lot about.

Case in point the electric substation attacks early this year.

Or on a micro scale, just walking into a store, taking what you want and then walking out.

I don’t think anyone really wants to live in a society that is fully secure but to not have that we need to stop the breakdown of trust.

Arguably, the only reason we have society and not total anarchy is because everyone kinda tacitly agrees to “act right”

[xeromal]

Yeah, a lot of this infrastructure was built on a trust-based society so we're having to slowly learn that isn't possible in our current culture and population size. It's sad.

[nyberg]

Because security is not a priority for the industry. Most have no security, default authentication in the rare case that they have it, and they use protocols with no support for it. The field is decades behind in security practices (it's pretty much IoT) and won't improve unless forced to.

It's also difficult to update such devices in the field so even if they do fix such issues it's only for new units or a new product line which most customers won't bother with until forced to by regulations / incidents as it's expensive to replace them (you have to send someone out on the field as there are pretty much no OTA updates).

[tommica]

The "S" in IoT stands for "Security"

[_kb]

The field is decades behind best practice because these systems have multi-decade operational lives.

There's an absolute chasm between implementation intervals that can be achieved through pure software systems and those with distributed hardware components. Throw in a few layers of abstraction where those designing, purchasing, installing, operating, and maintaining those components are all unrelated parties with different (and potentially conflicting) motives and any sort of cohesive systems engineering is hard.

This doesn't excuse continued irresponsibilities in product security, because they absolute exist, but "impressively fragile yet surprisingly functional" is a completely logical Nash equilibrium to settle on given the surrounding non-technical components.

[TeMPOraL]

> The field is decades behind best practice because these systems have multi-decade operational lives.

This would be more convincing if not for the fact that smart meters are IIoT. They're a new thing. IIoT is kind of an unholy breed between those hardcore industrial engineers you talk about, designing hardware with multi-decade operational lives, and the people implementing the IoT part using webdev practices, trying to put Docker containers full of NPM modules onto the industrial devices (and if they can't fit there, then plugging them immediately upstream).

Now that latter group is (mis)using bleeding edge tools to develop greenfield solutions - and thus should very much be able to keep up with basic security practices developed in the last 20 years.

[nine_k]

This is correct.

But we are not talking about them using too weak RSA keys from 2 decades ago, or even not about transmitting passwords unencrypted, so anyone with a right radio could glean that.

We are talking about a complete lack of any access control. Like two wires instead of an ignition lock. An electric box with a mechanical meter and switches would at least have a padlock on it.

[ed_elliott_asc]

It’s funny, one one side you have no auth on the other John Deere and farmers who can’t access their own devices.

What we want is something in the middle, security but we own the keys!

[mannykannot]

What John Deere is doing is not motivated by security.

[bcrl]

Neither is long term functioning of the electric grid if you read the IEEE. Go read the IEEE journal where every few years someone writes an article warning that the electric grid will fail catastrophically when an 1859 level solar flare occurs that we can prevent with a relatively straightforward fix.

Technical debt exists in disciplines other than software development.

[pera]

It really depends on the country: In the UK smart meters are relatively secure (see SMKI for example)

[the_mitsuhiko]

> Why would a power meter allow an unauthenticated client to turn the thing on and off wireless?!? Sure, if you flip a switch handling a large current often enough, something will break (and I am impressed it's not the AC in this case).

I would guess until recently power meters just had no reason to be secured. We live in a multi unit building (I would guess around 120 of them). There is a shared key that goes to the central electricity room where the meters for all units are. I could turn off anyone's electricity by either unscrewing the main fuses there or by switching the breaker. People are a lot more trustworthy in practice than you would think.

[hulitu]

> I could turn off anyone's electricity by either unscrewing the main fuses there or by switching the breaker

In some countries this is crime which might land you in jail.

[the_mitsuhiko]

Indeed. But the point is that it's the law and morals that stands between you and a dark apartment, and not some security device on a breaker.

[mrguyorama]

Most people abstain from committing crime not because they will go to jail, but because pointlessly harming another human being is stupid, a waste of time and effort, pointless, and only makes the world worse.

[xeromal]

You missed the point of the story.

[voxadam]

The security of billions and billions of devices (e.g. industrial control systems, PLCs,[0] SCADA,[1] ERTs,[2] etc.) that are responsible for controlling and monitoring virtually every aspect of modern life (e.g. power grid, water purification, natural gas transmission, oil and gas extraction, vehicle traffic control, rail signalling, pharmaceutical manufacturing, etc.) is appalling.

The manufactures and integrators of these devices are just now beginning to realize that the internet exists and that their devices aren't always connected to perfectly isolated RS-485[2] networks or connected to a network at all. They commonly contain hard coded passwords, passwords with staggeringly limited length and complexity, plain text authentication, default passwords, and other backdoors. Working with such devices is like taking a Delorean back to the early 90s, the eighties, or even earlier... it's the wild west.

It pleases me beyond words that hacking contests like Pwn2Own[4] have begun to include these systems in their competitions. This is a massively important area of security research that has historically been ignored.

[0] https://en.wikipedia.org/wiki/Programmable_logic_controller

[1] https://en.wikipedia.org/wiki/SCADA

[2] https://en.wikipedia.org/wiki/Encoder_receiver_transmitter

[3] https://en.wikipedia.org/wiki/RS-485

[4] https://en.wikipedia.org/wiki/Pwn2Own

[ta_35464745658]

The security of these systems is indeed terrible. From my experience, operators often justify it by saying that they are not connected to the internet, while at the same time assuring you that they can easily handle emergencies through remote access from their personal laptop :/ However, what scares me when looking at open vulnerability research taking off in this space, is that these components have a much longer lifetime than regular IT, and are harder to update, not to mention that outages due to bad updates will almost always directly impact production. So it does seem to me that while increase in awareness is a good thing, the vulnerabilities ound in Pwn2Own and similar might be used more easily by attackers than defenders. That said, i don't have a better solution either.

[bayindirh]

We don't know whether the meter accepts every command, or the device has a fixed security protocol reverse engineered and known by researchers.

These protocols exist to get current readings from meters for data retrieval ease, and generally have a combination of security through obscurity and simple authentication to enable mass readings (by authorized people) easier. IIRC, these things can talk P2P in densely populated areas, and you can get all meters' readings in mere minutes, tops.

In any way, after and initial PoC, the rest of the video gets into territory of equipment abuse, and I got angry and sad while watching it. You can do it, OK, then why damage things which are not yours? Document your findings and leave.

[ziml77]

That also made me angry to watch. He knew what he was doing and got the result he was hoping for. I hope his electric company is aware of what happened. The serial number and electric company name are both clearly visible in the video.

[pixl97]

>can do it, OK, then why damage things which are not yours?

Because your a terrorist or an AI looking to destroy mankind?

You're drifting off into is/ought territory in why people do things and that is something that is very difficult to predict and control.

[lloeki]

In my area of jurisdiction certain public places like bars and restaurants are required to have an externally accessible way for fire teams to cut power in the event of e.g a flood or a fire that would require soaking the place.

These are usually placed above the main door, and are made of a lever ending in a loop in which you hook a spear and pull down.

Neighbours unhappy with such places making noise would regularly pull them, cutting power, destroying wares that are in fridges, and whatnot.

The typical (and only, really) defense is to make the lever inoperable so you can frequently see them destroyed.

Having open remote RF access in these cases would be a disaster (until tinfoil is used as a defense)

[bayindirh]

> Because your a terrorist or an AI looking to destroy mankind?

I didn't know we reached Ghost in the Shell level cybernetics, sorry. TIL.

> You're drifting off into is/ought territory in why people do things and that is something that is very difficult to predict and control.

No, I'm just asking a question. What he has done has no place in my ethics and morals. I don't tell anyone what to do, either. It's his life, he should deal with the consequences.

[pixl97]

>he should deal with the consequences.

I don't disagree, this is why we typically have laws against destruction of property.

Conversely we have an increasingly globally connected world that is wholly dependant on software to keep functioning day to day. If someone figures out how to modulate your wireless router (I mean, long shot, yea) to smoke your neighbors power connection the 'ethics and morals' of said remote attackers is nearly meaningless. Especially in the case they live in a foreign country. Said attackers will be able to harass you with impunity while your power company is walking around with its thumb in its ass trying to figure out what's going wrong.

[dreamcompiler]

Security will almost always be found in products where it dependably increases profit. See comment about John Deere below.

But security is rarely found in products where it only might prevent the loss of profit.

The presence or absence of security in a product always reflects the incentive structure of the business that produces the product.

[eddyg]

Not all smart meters allow unauthenticated connections.

Itron's OpenWay system, for example, has used ECC encryption for quite a while:

https://www.itron.com/pl/company/newsroom/2016/06/09/itron-r...

[conk]

An untrusted finger can just switch the main breaker or an untrusted hammer can just smash the meter. There’s far easier ways to be destructive if you have physical access to the meter, which by default everyone is going to have because meters are required to be accessible by the public per electrical/fire/building codes.

[dwild]

A camera can easily catch someone with an hammer, it's kind of much harder to go one by one to destroy them that way and it's also probably much more dangerous to try to break something connected to the power lines like that.

This on the other hand is quick, can be done away from the meter, away from cameras, and can reach many meter at the same time. Considering the few terrorist acts that have been done to electricity distributions points, it does seems like a good ways for them to do a big impact easily, with the right antenna and amplifier.. you could do quite a bit of damage.

[Am4TIfIsER0ppos]

The whole goal of a smart meter is to allow remote access so the government can turn off your power to shed load rather than provide supply.

[slowhand09]

"The whole goal of a smart meter is to allow remote access so the government can turn off your power to" :X, where X="CONTROL YOU"; #FTFY

[number6]

Blaming this on any device other than the smart meter is disingenuous.