[bayindirh]

I would just add a simple layer of device-id based password generation function which is hard to reverse engineer. The devices used by authorized people would auto-generate it and will be transparent to them, yet it'll prevent many people from getting in. Add a rate-limiter on top of it, and it's impractical to brute force it.

If Philips can secure its SoniCare brush heads this way to prevent tampering and counterfeiting, a utility company or meter producer which enables a much more important infrastructure can be a little more mindful about what they are doing.

Other than that I agree 100% to your viewpoint.

[InitialBP]

Definitely agree with you here. The parent has a very valid point about not always over-securing things that don't need to be secured, but physical line cutting and wireless shutoff are very different threats.

Someone walking around your neighborhood cutting every single electric line on the side of a house, risking electric shock and trespassing on your private land is much more likely to get caught than somebody rolling through your neighborhood with a flipper zero and a high power antenna turning off all of your meters.

If someone had a grudge against you, and they started to "release the magic smoke" from your meter once a week and the power company is upset with you and your HVAC system doesn't work anymore, in addition to the fact that the compressor in your AC is toast because of someone energizing and de-energizing the circuit so rapidly. Now you are out thousands of dollars and, on top of all that, no matter how many cameras you put up, you'll have a hard time figuring out who's doing it.

[salawat]

Which is exactly how you end up with more etrash when a company goes out of business.

Also, you've just made replacement/repair/support far more complicated and dangerous for everyone than it need be. You must be 10% smarter than any piece of equipment you are operating to safely use it, and be "ahead of the machine".

I truly believe we have suffered greatly as a civilization for our willingness to lose sight of that, and to have allowed the siren call of "abstraction" to charm us into making things so absurdly complicated that short of neverending population growth to bring into existence more people to solve all the new problems people have created, one is hard pressed to even read everything necessary to understand why most things are the way they are.

[bayindirh]

When done with proper contracting and documentation, losing a company is not a problem, because either you put the spec and the algorithm on the table, and people implement it to get certified, or you get the technical docs to use when/if the company goes out of business.

Practically, it doesn’t do anything more complicated. Device provides you an ID without a password, but accepts everything else with a password. In many countries, if not all, infrastructure equipment is already protected property. Nobody except the utility company touch, repair, reconfigure that meter, anyway.

Overcomplicating stuff is indeed a problem, and it’s a combination of poor engineering plus monetary greed in most cases. Also it’s a side effect of evolution of technology. I would love to discuss it to death, but this is not the place and I don’t have much time for it either.