Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Smart meters
27 views
Skip to first unread message
kidz
Sep 10, 2012, 1:34:02 PM9/10/12
to
what are the expectations that smart meters are safe or encrypted with AES-256 encryption such that one might expect them to be secure etc ?
unruh
Sep 10, 2012, 2:59:30 PM9/10/12
to
On 2012-09-10, kidz <kidz...@gmail.com> wrote:
> what are the expectations that smart meters are safe or encrypted with AES-256 encryption such that one might expect them to be secure etc ?
Uh, you might want to ask smart questions, which give enough information
> what are the expectations that smart meters are safe or encrypted with AES-256 encryption such that one might expect them to be secure etc ?
that they might be answerable. Remember that we cannot read your mind
and cannot follow your thoughts except by the words you use.
By smart meters do you mean the hydro (or I guess for US useage,
electricity) meters installed outside your house? By safe do you mean
"do they cause fires", or "do they cook my kids with wireless
communications"? And What do you mean by the meters being encrypted?
Most meters are physical objects, and encryption of a physical object is
not something I understand.
Secure against what?
Moe Trin
Sep 10, 2012, 8:39:55 PM9/10/12
to
On Mon, 10 Sep 2012, in the Usenet newsgroup alt.computer.security, in
article <mMq3s.164$Sb5...@newsfe14.iad>, unruh wrote:
>kidz <kidz...@gmail.com> wrote:
>> what are the expectations that smart meters are safe or encrypted
>> with AES-256 encryption such that one might expect them to be
>> secure etc ?
>Uh, you might want to ask smart questions, which give enough
>information that they might be answerable.
Concur
article <mMq3s.164$Sb5...@newsfe14.iad>, unruh wrote:
>kidz <kidz...@gmail.com> wrote:
>> what are the expectations that smart meters are safe or encrypted
>> with AES-256 encryption such that one might expect them to be
>> secure etc ?
>Uh, you might want to ask smart questions, which give enough
>information that they might be answerable.
>By smart meters do you mean the hydro (or I guess for US useage,
>electricity) meters installed outside your house?
but this is generally short range (yards/meters) 2.4 GHz wireless.
>By safe do you mean "do they cause fires", or "do they cook my kids
>with wireless communications"? And What do you mean by the meters
>being encrypted? Most meters are physical objects, and encryption of
>a physical object is not something I understand.
Depends on the meter, but they provide data not only on the amount of
power used, and also "when" - some can do so in real time. The data
is transmitted over the power lines back to a central reading station.
The meters were replaced here about two years ago, and the claim was
that the meter reading fee would eventually be reduced as there is no
need to have a person visit each meter every month to read it. Right.
(Background: Many utilities have multiple rate plans, such as
http://www.aps.com/main/services/residential/rates/rates_11.html from
the Arizona Public Service company as one example. The consumption
during "on-peak" can be billed at a higher rate than "off-peak". Peak
may be Mon-Fri, Noon to 19:00, or 09:00 to 21:00. It is _possible_
for the meters to be read in "real time" or close-enough, and consumers
are concerned about privacy and that burglars may be able to determine
if/when the house is occupied and so on.)
I thought I saw something about this in a recent Risks Digest, but a
quick grep fails to turn up the article. There was also something in
the Usenet newsgroup "alt.internet.wireless" in the past 90 or so days
specifically relating to data security. The AARP Bulletin (newspaper)
for September, 2012 mentions hearings by the Nevada Public Utilities
Commission in October.
>Secure against what?
I think the main concerns are about privacy, and the possibility that
the data can be intercepted and give indications of activities in the
home. The "raw data" (the meter readings) are limited in size and
somewhat predictable, so the encryption isn't completely unbreakable.
The data transmission isn't the only concern, as the data MAY
be accessible on a power company server as well.
Old guy
kidz
Sep 11, 2012, 7:11:33 AM9/11/12
to
I have concerns about their safety, however I got into a debate on a members only board. That thread became a bit technical as well as contentious and was shut down, but it made me want to ask some other questions ..
Here is some things I had posted there previously. I seemed to find claims that many or some smart meters work over TCP/IP and thus claimed I could basically classify them as network devices with similar security issues as other network devices etc. There is also an interesting twist because it sounds as if FBI wants all encryption to have back doors, yet some of the better encryption is open source. That makes me wonder either what is going on, how they could do that, what has happened, etc
Backdoors expose systems to cyber attacks
http://www.ft.com/cms/s/0/50e318ca-d747-11e1-8c7d-00144feabdc0.html#axzz263rnKVCE
Ruben Santamarta, a security researcher at IOActive Labs, demonstrated ways to break into a Samsung heating and ventilation system, a Schneider smart meter and a Siemens Ethernet switch, all by using “backdoors”, or secret methods of access, that had been left in the software.
“It’s amazing, it’s really common to find backdoors into all kinds of industrial control systems,” he said
a couple of other articles on hacking smart meters:
http://www.dispatch.com/content/stories/business/2010/03/27/smart-meters-flaws-aid-hacking.html
http://www.greenbiz.com/blog/2009/09/01/four-ways-hack-smart-grid
=======================
https://www.eff.org/deeplinks/2010/09/government-seeks
Government Seeks Back Door Into All Our Communications
The New York Times reported this morning on a Federal government plan to put government-mandated back doors in all communications systems, including all encryption software. The Times said the Obama administration is drafting a law that would impose a new "mandate" that all communications services be "able to intercept and unscramble encrypted messages" — including ordering "[d]evelopers of software that enables peer-to-peer communication [to] redesign their service to allow interception".
===================
http://www.diplointernetgovernance.org/profiles/blogs/privacy-vs-government-mandated-backdoors
The FBI is asking Internet companies not to oppose a controversial proposal that would require the firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.
In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.
The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.
===========
http://www.wired.com/threatlevel/2010/09/fbi-backdoors/
The FBI now wants to require all encrypted communications systems to have back doors for surveillance, according to a New York Times report, and to the nation’s top crypto experts it sounds like a battle they’ve fought before.
============
http://boingboing.net/2010/09/27/obama-administration.html
In a New York Times article today by Charlie Savage, news that the Obama administration is proposing new legislation that would provide the U.S. Government with direct access to all forms of digital communication, "including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct 'peer to peer' messaging like Skype."
========
http://www.pcworld.com/businesscenter/article/213751/former_contractor_says_fbi_put_back_door_in_openbsd.html
Former Contractor Says FBI Put Back Door in OpenBSD
A former government contractor says that the U.S. Federal Bureau of Investigation installed a number of back doors into the encryption software used by the OpenBSD operating system.
unruh
Sep 11, 2012, 10:09:58 AM9/11/12
to
On 2012-09-11, kidz <kidz...@gmail.com> wrote:
>
> I have concerns about their safety, however I got into a debate on a members only board. That thread became a bit technical as well as contentious and was shut down, but it made me want to ask some other questions ..
>
Safety in what sense? This is a newgroup on computer security. It is not
>
> I have concerns about their safety, however I got into a debate on a members only board. That thread became a bit technical as well as contentious and was shut down, but it made me want to ask some other questions ..
>
a newsgroup in which a question like "will the wireless emission from a
smart meter cook my balls".
> Here is some things I had posted there previously. I seemed to find claims that many or some smart meters work over TCP/IP
> and thus claimed I could basically classify them as network devices with similar security issues as other network devices etc.
> There is also an interesting twist because it sounds as if FBI wants all encryption to have back doors, yet some of the better encryption is open source. That makes me wonder either what is going on, how they could do that, what has happened, etc
Some smart meters use wireless. Some apparently use the power lines as a
wired network (presumably pretty low speed).
Are you asking what the security is of the communication of the smart
meter to the central office is? How well protected it is from hacking?
Note that it is definitely in the interests of the company to make them
hackproof, since otherwise you could fake signals from your smart meter
to the central office and hide the fact that you are using a MWh per day
to run your grow op.
>
>
> Backdoors expose systems to cyber attacks
>
> http://www.ft.com/cms/s/0/50e318ca-d747-11e1-8c7d-00144feabdc0.html#axzz263rnKVCE
>
>
Yes. And?
>
> ?It?s amazing, it?s really common to find backdoors into all kinds of industrial control systems,? he said
>
> a couple of other articles on hacking smart meters:
>
> http://www.dispatch.com/content/stories/business/2010/03/27/smart-meters-flaws-aid-hacking.html
>
> http://www.greenbiz.com/blog/2009/09/01/four-ways-hack-smart-grid
And?
> a couple of other articles on hacking smart meters:
>
> http://www.dispatch.com/content/stories/business/2010/03/27/smart-meters-flaws-aid-hacking.html
>
> http://www.greenbiz.com/blog/2009/09/01/four-ways-hack-smart-grid
>
>
>=======================
>
> https://www.eff.org/deeplinks/2010/09/government-seeks
>
> Government Seeks Back Door Into All Our Communications
also find it and use it. Opening up all companies in the US to
industrial espionage by say the Chinese seems a pretty stupid thing for
a government to do.
<Rest snipped because it strays further and further away from the
question asked by this thread, and into general paranoia.>
0 new messages