April 9, 2012

A series of hacks perpetrated against so-called “smart meter” installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in a cyber intelligence bulletin obtained by KrebsOnSecurity. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology.

Part of an FBI alert about smart meter hacks.

Smart meters are intended to improve efficiency, reliability, and allow the electric utility to charge different rates for electricity at different times of day. Smart grid technology also holds the promise of improving a utility’s ability to remotely read meters to determine electric usage.

But it appears that some of these meters are smarter than others in their ability to deter hackers and block unauthorized modifications. The FBI warns that insiders and individuals with only a moderate level of computer knowledge are likely able to compromise meters with low-cost tools and software readily available on the Internet.

Sometime in 2009, an electric utility in Puerto Rico asked the FBI to help it investigate widespread incidents of power thefts that it believed was related to its smart meter deployment. In May 2010, the bureau distributed an intelligence alert about its findings to select industry personnel and law enforcement officials.

Citing confidential sources, the FBI said it believes former employees of the meter manufacturer and employees of the utility were altering the meters in exchange for cash and training others to do so. “These individuals are charging $300 to $1,000 to reprogram residential meters, and about $3,000 to reprogram commercial meters,” the alert states.

The FBI believes that miscreants hacked into the smart meters using an optical converter device — such as an infrared light — connected to a laptop that allows the smart meter to communicate with the computer. After making that connection, the thieves changed the settings for recording power consumption using software that can be downloaded from the Internet.

“The optical converter used in this scheme can be obtained on the Internet for about $400,” the alert reads. “The optical port on each meter is intended to allow technicians to diagnose problems in the field. This method does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact.”

The bureau also said another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage, while still providing electricity to the customer.

“This method is being used by some customers to disable the meter at night when air-conditioning units are operational. The magnets are removed during working hours when the customer is not home, and the meter might be inspected by a technician from the power company.”

“Each method causes the smart meter to report less than the actual amount of electricity used.  The altered meter typically reduces a customer’s bill by 50 percent to 75 percent.  Because the meter continues to report electricity usage, it appears be operating normally.  Since the meter is read remotely, detection of the  fraud is very difficult.  A spot check of meters conducted by the utility found that approximately 10 percent of meters had been altered.”

“The FBI assesses with medium confidence that as Smart Grid use continues to spread throughout the country, this type of fraud will also spread because of the ease of intrusion and the economic benefit to both the hacker and the electric customer,” the agency said in its bulletin.

The feds estimate that the Puerto Rican utility’s losses from the smart meter fraud could reach $400 million annually. The FBI didn’t say which meter technology or utility was affected, but the only power company in Puerto Rico with anywhere near that volume of business is the publicly-owned Puerto Rican Electric Power Authority (PREPA). The company did not respond to requests for comment on this story.

The hacks described by the FBI do not work remotely, and require miscreants to have physical access to the devices. They succeed because many smart meter devices deployed today do little to obfuscate the credentials needed to change their settings, said according to Tom Liston and Don Weber, analysts with InGuardians Inc., a security consultancy based in Washington, D.C.

Liston and Weber have developed a prototype of a tool and software program that lets anyone access the memory of a vulnerable smart meter device and intercept the credentials used to administer it. Weber said the toolkit relies in part on a device called an optical probe, which can be made for about $150 in parts, or purchased off the Internet for roughly $300.

“This is a well-known and common issue, one that we’ve warning people about for three years now, where some of these smart meter devices implement unencrypted memory,” Weber said. “If you know where and how to look for it, you can gather the security code from the device, because it passes them unencrypted from one component of the device to another.”

The two researchers were slated to demo their smart meter hacking tools at the Shmoocon security conference earlier this year, but agreed to pull the presentation at the last minute at the request of several vendors and utilities that they declined to name.

“It turns out that the vendor has a consortium of utility customers with whom they have regular conference calls,” Weber said. “Several of the utilities in this group had a concern about the information becoming public. Luckily we have worked with several of the utilities in the group. We have been able to stem the fears of all but one utility. We hope to have
them on board very soon.”

Liston said utilities have become accustomed to deploying meters that can last 30 years before needing to be replaced, but that the advanced interactive components being built into modern smart meters requires a much more thoughtful and careful approach to security.

“Traditionally, metering technology has been very cost effective, because much of it is very resilient. But these older devices didn’t have a lot of technology in them, and they certainly didn’t have wireless connections and things like memory storage,” Liston said. “The utilities are still expecting the lifecycle of newer pieces of equipment to be 2o to 30 years, and they’re just coming to the realization that some of new stuff deployed is not going to last nearly that long.”

Robert Former, a security engineer at smart meter manufacturer Itron, said he hopes that researchers continue to push the industry toward adopting technologies that can withstand these and potentially other, as-yet-undiscovered attacks.

“What you’re hearing is the sound of [a] paradigm shifting without a clutch,” Former said. “Utilities have to be more enterprise security-aware. With these incidents at  organizations of any size or age, the first reaction is to cover it up. The thinking is if we keep this kind of thing secret, nobody will find it or exploit it. But for those of us who are inside the industry, and have been at this long enough, the only way we’re going to fix a security problem is to expose it.”


88 thoughts on “FBI: Smart Meter Hacks Likely to Spread

  1. Huh?

    I’m curious what the penalties are for this type of fraud. I know it may very by state/country, but a couple of examples would be nice. Does anyone know?

    1. Phoenix

      In Arizona it’s a class 6 felony which would get you 6 to 18 months plus pay restitution to the utility company.

    2. Mike

      In Puerto Rico they have a law known as “Ley de la Autoridad de Energía Eléctrica de Puerto Rico” which was amended by Ley Núm. 162 de 7 de diciembre de 2009 to address this form of theft. The law allows the maximum penalty of 3 months in prison or a 25 to 100 dollar fine for altering or interfering with equipment, but for interfering with equipment so as to change or stop the metering of electricity there is up to a 10,000 dollar fine.

      You can find that here:
      http://www.lexjuris.com/lexlex/Leyes2009/lexl2009162.htm

  2. JCitzen

    Smart grid technology is critical if we are to get off oil and develop alternate energy. The idiots that design these things are going to ruin the future for this goal. I’m glad Brian is bringing this to light, despite the fact it may torpedo this tech before it really gets going, but the sooner we get a more secure industrial standard the better it is going to be for everybody.

    I am a patriot, and energy concerns are literally become a national security issue! This is too important to muck up now. They need to get their ducks in a row now!!

    Smart grids will help individuals pay for their solar and electric vehicle costs by selling stored or excess power back to the energy companies. This will ensure the viability of the future of alternate energy and get North America off foreign dependence.

    Doing so will kill two birds with one stone. Less atmospheric carbon and more energy security. I personally pick security as the most important one of the two IMO.

    1. Security Admin

      These objectives can be met without deploying millions of attack points. Let’s try reducing the attack surface by adding the ‘smart’ devices to a much smaller installation base of say electrical sub-stations which can be placed on the utilities own network.

      1. John Valenti

        Security admin (& others who suggest moving the intelligence to the substation): I’m not sure how that would work? The big reason for having a smart meter is to use time of day pricing. You really need the intelligence to measure usage and time right at the house.

        1. Utility IT Guy

          The problem with metering only at the substation is that you cannot get the information specific to each endpoints consumption. The only other option would be to take the consumption at the substation and divide that evenly among the users served by that sub. Sounds okay in theory, right? What about those users that have a manufacturer right next door or any other high volume user? Tell you one thing, the high volume user would absolutely love it.

    2. burne

      Bad software is not enough to stop technology. Just look at what became of the internet, despite windows 95, windows 98 and internet-explorer 3-5.5.

      So, JCitzen, you don’t have to worry.

      It will cost a sh*tload of money (I-LOVE-YOU alone caused billions of damage) but, in the end we will end up with something reasonbly secure and reliable.

    3. Czehfus

      Cyber-security is the least of the worries about smart metering. The American Academy of Environmental Medicine has called for a HALT to use of RF transmitting utility meters due to serious risks to public health in light of current studies. This is an INVOLUNTARY exposure to pulses and bursts of radiofrequency and microwaves. AAEM says effects accumulate, you you can’t justify this by saying you also get exposure from other devices. Time to pull out the smart grid BY THE ROOTS. The health, privacy and security risks make it a BAD idea all around. Many consumers do NOT want to “interact” daily with their energy use or face penalties. Wireless (and powerline) high frequency transmissions will BLEED into people’s homes and whack their cells 24/7.
      See this Jerry Day YouTube video: http://www.youtube.com/watch?feature=player_embedded&v=8i2uXhKLFys

    4. omario

      oooohhh boy,
      another brainwashed libtard spreading fud

      1. Calaway Lawrence

        On behalf of “libtards” everywhere, don’t file these tinfoil-hat wearers as among our ranks… It is just insulting.

        1. AlphaCentauri

          Yeah, it seems to me that tinfoil hat issues like fluorination of tap water are more a concern with people who call themselves “conservatives.”

    5. dorv562

      JCitizen is way behind the times. America is awash with numerous energy sources, real proven ones unlike wind and solar which are undependable. While electric cars are now presently economically impractical, nuclear powered electric utilities can supply constant cheap electricity but environmentalism prevents this move. JCitizen should know by now that his favorite boutique energy sources are loosing favor among practical people and now only promoted by leftist politicians who want to control all energy, sources and distribution, in this country. Smart grids are designed primarily to allow government utilities to ration energy usage at will. Green energy is going the way of climate change, science and common sense are proving the folly of dependence upon unproven pipe dreams.

      1. JCitizen

        @dorv562:

        I suggest you are the one behind the times. We are already using wind energy with great dispatch in the middle regions of the US, and as this is wind alley, it is actually quite dependable. The local coal plant has to shut down, more and more often, because new wind farms are added monthly! Now BP is building a HUGE wind farm that will cover three or more counties in Kansas, and other states are rapidly expanding this resource. I can hardly call something like this as “boutique” as we in the Midwest are already getting off the hind tit of foreign oil dependence.

        For folks who can’t afford EVs, Utah and Oklahoma are feverishly adopting CNG powered vehicles, and this includes large farm vehicles. The cost of outfitting a standard pickup or SUV is dropping rapidly, and quite affordable – especially when compared to the PRICE of gasoline! Both states are solving the infrastructure problem by expanding the availability of fueling points everywhere for the public.

        However smart grid technology is way more practical, precisely because the infrastructure would be cheaper, over all if, adopted by our local governments and states. Just like I alluded to, in my previous post, the cost of the EV would be very affordable if the average Joe/Jill could get paid for the storage of energy by the power grid. This would more than help pay for the extra cost of the technology as utility companies would not have to expand their generating facilities and this would also remove the harmonic aspect of wind generation. I’m not even going into the fact that converting your own vehicle into an EV is becoming popular with DIY folks, who would rather convert a junker and save on the expense of conversion. Kits are becoming popular to this end.

        As far as solar power – we are already designing solar thermal municipal sites that store excess energy in salt tanks, that continue to generate power through the night. For PV solar plants, new cheaper batteries are entering the market right now that on present analysis, can make storing excess energy cheaper than thermal storage solution.

        So I still say your arguments are not only invalid, but we are bypassing the government and anyone who is reticent on this subject, and doing it anyway! It is a no brainer – because the costs are paying for the added or replaced infrastructure. We will replace big oil despite what the politics or lobbyist do, and it is not even a political football anymore, because the economical gains trump any argument against the new technology.

        When a municipality finds it can literally get a bank loan and pay for the upgrade with the cost saving of being off the grid, they don’t hesitate! Doing that is even easier than trying to pass a bond issue with the public.

        P.S. – I’m a conservative Republican, who believes our generals in the Armed Forces, when they say our foreign energy dependence is the single most dangerous factor in our national security facing us today!!

  3. Nick P

    I largely agree with JCitizen’s comments. Clive Robinson and I were working on a smart meter design on Schneier’s blog a year or two ago. He kept pointing out easy ways to circumvent various measures. I think it ended with no solution being found that was reasonable at the consumer’s end of things.

    The best solution seems to be monitoring usage, comparing actual to reported, then investigating differences. Better, tamper-resistant technology to do this at the neighborhood or substation level would be a smarter investment than doing it at people’s houses. This reduces the overall amount of tamper-resistant and fault-tolerant systems that must be deployed. Such systems are quite expensive. I’d combine this with a good legal department & cost effective investigating protocols.

  4. wiredog

    Smart meters, dumb deployment? No crypto? No verification that a person accessing the device is legit? Oy.

    OTOH,
    another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage is an indication of a pretty dumb meter… I mean, really, a magnet?

    Finally, the original (I think) example of paradigm shifting without a clutch: http://dilbert.com/strips/comic/1995-08-25/

    1. JCitzen

      Ha! Gotta love that Dilbert! 😀 Thanks wiredog!

    2. 14Power

      Magnets would work on older electro-mechanical meters whether there was smart technology or not. The only difference would be that now, without a regular meter reader, the power company would be less likely to lay eyes on a meter. Magnetic interference could be solved with a simple metal shield around the meter to block the magnetic field.

      I would imagine that the reason the electromechanical meters were hung out in a glass bowl was some sort of tamper protection from years ago. Looking at on old meter you will notice that you can observe all the mechanical moments of the meter from that glass. It could be that meter readers would occasionally inspect the movement through the glass to both monitor for failure and for tampering.

      1. x

        It’s not that simple to block a magnetic field. It requires mu metal, not ordinary metal. And mu metal needs to be heat treated once it’s formed into its final shape.

      2. Daguas

        Magnets never effected mechanical meter operation…I should say no one ever used one powerful enough. A large (read really dangerous) NIB magnet might do.

        That said usage is tracked historically for a property, anomalies in usage are detected and then that property is watched and remotely metered sometimes for years by revenue assurance. Then comes the knock on the door.

      3. MrUnFixit-Maybe

        Read the smart-meter literature – they already have Hall-effect detectors built in to detect this very thing. It only adds a few cents for the IC chip.

  5. Dlang

    Funny thing is.. what they are describing really has nothing to do with a Smart Meter. The optical port is something in dumb meters as well. The only thing about them being Smart that makes it harder is the fact that utility personnel have to travel to the site less, thus making detection a bit harder.

    Personally I believe that the study was unfairly biased against Smart Meters. If they were truly Smart ( I use to work at a company that made Smart Meters) then detection would of even been easier, because the meters could of communicated back any strange programming.

    1. qka

      And what does the optical port on a dumb meter do?

      1. jc

        An optical port on any meter does exact same thing it does on a “smart meter” – if the optical port is there, you can do the exact same reprogramming that is described in this blog post.

      2. Daguas

        I work for the largest utility in California and I work with and around meters all day, I see between 2-3K a day. 99% of the time the probe ports are for reading meters on non smart digital style meters (I have never seen a probe port on an mechanical analog meter). While it is true they can be reprogrammed via the port this almost never happens with residential smart meters.

  6. jc

    fwiw, the device to connect your computer to the meter’s infrared port can be purchased for far less than $400. They can be obtained for approximately $120 from ebay or directly from chinese manufacturers.

    Also, schematics are available online and these can easily be made for under $15 with parts from Mouser or DigiKey.

    The barrier for entry here is VERY low.

    1. JCitzen

      That figures; I’ve seen some fantastic spy devices that can be made with basic Radio-Shack parts.

      1. Nick P

        Funny you mention those super cheap bugs, JCitizen. I happen to know of one that is extremely cheap and quite expensive to detect. (Well, for companies w/out knowledgeable and creative security guru’s.) Hint: go to 1992.

        http://www.spybusters.com/firsts.html

    2. jdub

      Care to give me manufacturer names and model numbers? I’m looking to purchase one of these for a research project. Infrared transceivers are available for as little as $20 but I want to ensure I buy the correct thing. Thanks.

  7. Paul Crowley

    The biggest detraction from “smart meters” is when they implement remote shutoff. Specifically, this is designed to allow the utility to cut off power to some or all of a home in periods when there is a power shortage. As in not building enough capacity.

    The US has had a glut of capacity for a long time, but this is coming to an end. Nobody wants a power plant in their backyard, so for the last 20-30 years power plants simply have not been getting built as needed. Instead, we have been using up the capacity cushion that was overbuilt from 1950-1970.

    The idea of a smart grid also relies on the idea of new and better transmission lines. Guess what? Nobody wants any of those around either, and the frightened nutjobs that believe they cause everything from cancer to impotence have been winning on that front as well.

    Trying to make electric generation “sustainable” (meaning a lot less of it) will certainly result in higher prices and lower consumption, which is the whole point. This will encourage more and more consumers to try to defeat meters in every way possible, smart or not. If the smart ones are easier, they will bear the brunt of the efforts.

    If someone comes by your house and offers you a lower electric bill for $300 vs. $30,000 for a solar panel installation, what do you think the majority of consumers will do? Yes, there can be penalties but for many it might be worth it.

    1. qka

      If there is power production shortage, why are they closing a power plant in my county? The plant has been there for decades, it has been modernized not too long ago, and the local community is disappointed in the loss of jobs and taxes, so it’s not NIMBYism.

      What we do have is a shortage of power transmission capacity, smart or dumb.

      1. JCitizen

        If the plant is decades old, not even a modernization project will be enough to make it profitable. The only reason our local coal plant is running, is because it was built only a few years ago, and they still get a lot of harassment from the Feds, just because they use coal. This despite having one of the cleanest emission controls in the world! :O !

    2. Czehfus

      You call the American Academy of Environmental Medicine “frightened nutjobs”? They have assessed the modern scientific literature and concluded chronic smart meter emissions present a serious (avoidable) public health risk. Whom would you rather trust with assessing public health risks, engineers or doctors?

      1. Bob

        Engineers.

        Doctors generally don’t understand diddly-squat about the most basic concepts of the sub-atomic world.

        I know more than most doctors- go do some reading on quantum mechanics and learn about the difference between ionizing and non-ionizing radiation…then come back here.

        Oh, by the way…all that radiation coming from devices? There’s far more of the exact same types of radiation occurring naturally all day, every day.

  8. Jk

    The more companies remove the human factor to increase profits the more this kind of thing is going to happen. And it doesn’t help when Utilities are FORCING people to go to smart meters by charging more for keeping the old meters. No wonder people are pissed off.

    1. Utility IT Guy

      @JK Okay, make up your mind. You guys howl whenever we have to raise rates because of expenses, but if we make a move to lower our expenses (i.e. smart metering), we get all the howling banshees in the world knocking on our doors or burning us in effigy. Fine YOU come up with a solution and let us poke holes in it for a while.

      For you out there that believe the RF radiation scare tactics that have been thrown around, have you ever heard of the inverse square law of physics? also have you ever bothered to look up their testing methodologies used when they discovered this massive threat? Dumb question for you, how many of you stand within six inches of an RF transmitter 24/7? I also guess it doesn’t bother you that many of the smart meter solutions out there don’t even use RF transmission to send their readings back to the central office? Look up PLC some time.

      1. CZehfus

        Total load of 24/7 RF exposure has exploded, and every little bit adds to unprecedented levels of exposure: http://emfwise.com/worst247.php

        Distance not as helpful as you think when considering biological standards beyond thermal ones:
        http://emfwise.com/distance.php

        Biological impacts have been scientifically shown at power densities far below current FCC guidelines, which only address microwave tissue heating effects.biological effects by power density
        http://emfwise.com/tableofeffects.php

        Failure to acknowledge these facts and continue to add more RF sources of exposure is playing Russian Roulette with public health.

        1. JCitizen

          I just can’t get excited and join the RF scare bandwagon, when I drink water contaminated with Uranium, live in homes with Radon poisoning, am bombarded by loads of cosmic rays, and the sun blows though the Van Allen Belt regularly and bombs me with some pretty horrible radiation everyday. All of this – every day. The world is corrosive.

          I feel we just gotta get over it.

          1. CZehfus

            Logic fails in saying there are already other toxins, so what’s one more? Especially when the “one more” is causing hundreds of, thousands of people to lose health and become refuges from their homes and cities worldwide. People experiencing Radiofrequency Sickness (as noted by Russians when they did tests on people, and bombarded our embassy 70-some years ago, and as noted among telephone operators in the early days).
            THIS is also worse than cigarette smoke in scope (you can’t escape in your own home) and in cover-up. Read Disconnect by Devra Davis. See Harvard lecture by Franz Adlkofer. http://www.law.harvard.edu/news/2011/11/18_safra-center-cellphone-radiation-corruption.html
            Yet the public are acting as lemmings. It is really sad.

  9. Dan Herrmann

    It’s going to get worse and worse when people with electric cars see their new monthly electric bill. Unfortunately, it’s a perfect scenario for crime – highly motivated people and a “big, faceless victim”.

    1. JCitizen

      I have a small EV and a hybrid GM SUV, and I’m laughing all the way to the bank. So I’m not sure why you think the electric bill is going to be worse than the gas bills! That is just silly! Just in fuel savings alone, I’ve paid for the extra cost of having hybrid equipment, that takes only three years to make up the difference. Mine’s paid for already. The higher that gas price goes up – the faster it pays!

      I also happen to live in a community that is 12th most expensive in the nation for electric bill charges. I’ve never had it as cheap as I do now. I can flip a detestable gesture at any gas station I pass, and I’d like to do the same to the Mid East terrorists, of whom, I no longer support! HA!

      Wind Energy is quickly surpassing coal in my neck of the woods, and the power companies would just LOVE to store energy in my batteries for any calm days that might occur, if they ever did in this wind alley! NOT!

      1. MrUnFixit-Maybe

        I bet given the opportunity to ‘adjust’ the power factor multiplier you ‘contribute’ back into the power grid to boost your earnings, with little or no risk of detection, wouldn’t the delicious thought linger in the back of your mind, even for just a nano-second? I mean, you are getting back at those mean, nasty polluters aren’t you?

        Ethics…

        1. JCitizen

          Paying royalties to residential or commercial over generation; is legal in most states. In the rest, they simply won’t pay, and require a safety cutoff for power outages – for obvious reasons – for maintenance personnel safety.

          I have no interest in “jimmying” my meter to illegally rook the utility company. I’m not even interested in pollution – I’m only interested in practical ways to get us off foreign energy dependence for the near and far future. It just so happens the methods I espouse, are the cleanest as far as air pollution, but other after market pollution may be a concern, if it weren’t for the fact that materials used in this endeavor weren’t so valuable, recyclable, and badly needed resources.

  10. Brian Donohue

    Why are we all carrying on about the importance of this, that and the other thing? This was about a class of equipment that was obviously rushed to market. The manufacturer didn’t consider the importance of safeguarding the customer’s (the utilities) data. Obviously, the utilities weren’t too careful about it either.

    This kind of bad product with bad results happens all the time, because there are so many senior managers out there who don’t understand technology well enough to make sound decisions. If it had happened at my utility, I’d be raising hell about who made the decision and why is that person still employed there. This is the first step to raising awareness, in my view.

    Even amongst the population of decision-makers who might understand some of the technology, they take a risk-based view, then accept risk like a degenerate gambler.

    Since the people who will pay for serial bad decisions are the rate-payers, it’s up to them to raise hell about it.

    1. Mr. Bubbles

      There’s also a lot of hysteria from people who have no idea how to classify the technology into the component pieces.

      As other have pointed out, the optical-port “hack” isn’t really a hack on smart grid devices, it’s a hack on digital meters. The difference is that the smart grid meters actually have a chance to stop the attack in its tracks with network wide password changes and scanning the meter board for program changes and the like.

      1. MrUnFixit-Maybe

        Noble thoughts. Have you considered the bandwidth required to monitor and control each device so regularly. Most smart meters are monitored monthly or quarterly for billing purposes, and even a firmware update would cause massive network load. Shutting off pwer remotely happnes to only a handful of people daily. The network is asymmetric as it was designed for most data to flow toward the utility, not the other way.

        Don’t believe me? When was the last time your smart-phone firmware update happened simultaneously as your friend with the same phone provider and living on the same apartment block? Did somebody say Ice Cream Sandwich and Samsung in the same sentence?

        Ain’t going to happen soon.

        1. JCitizen

          Bandwidth?

          No problemo – the utility companies in our area use power lines to start their own networks and have even decided to compete with the “normal” ISPs for network service. So far, they haven’t touched the capacity these lines are capable of transmitting, as they are very large lines indeed!

          The only factor would be cleaning up the noise loss every so many meters, but since they are already powered, the energy requirements are very low, and don’t leach much power at all.

          Interestingly enough, they solved infrastructure costs, by using one big wireless tower, at each community. There is always a grain elevator that municipalities are eager to ‘sacrifice’ to the cause. We have more competitors in the country than most folks in Denver or San Antonio do!!! Even backwoods country bumpkin communities have at least 5 providers to choose from for internet service alone. I’m not sure how many cell service competitors there are – I’ve lost count!

          1. MrUnFixit-Maybe

            Oh I get it; Run BOINC or SETI on your smart meter – solve all the worlds’ problems in real time! Grins.

            1. JCitizen

              Pretty funny! 😀 You gotta admit, though; if all they had was an ARM chip in them, that would make one hell of a distributed computing super-computer! Millions of processors strong!

              Seriously though, I’m not sure anyone is making a meter that would work in a true smart grid situation. Besides it takes more than a metering system to provide true power management.

  11. angry

    I would have read it, however the ad overshadows the image, when clicked with no possible way to minimize… I will look for the information on another source who is less greedy for ad revenue.

    1. Brian Krebs

      Sorry that you had trouble reading the image. You haven’t missed much. I quoted most of the advisory.

      I’m also sorry if you think I’m being “greedy” by running ads on my site for content that forms the bulk of my income and often takes me months to produce. For instance, I started reporting this story back in early December 2011.

  12. Metalwolf

    I am obviously missing something but this is just off the top of my head, i am not bouncing this off the wall with anyone else. To secure against “magnetic” attacks they could use a detector like a hall effect sensor and a AND logic gate running to the IC in the meter. in the event a magnetic field is detected it would trigger a fault alert in the meter. Bonus points if it is capable of turning off the power to the house. The only real problems I see is if someone were to put a faulty microwave or other appliance that could effect the meter next to it.

    To check against altering, they could have an additional memory chip containing the factory firmware. It might not detect things like serial changes but if a change is made to the timing portion of the firmware it would not be the same as the one in the backup firmware. I know that the memory in the second chip could be altered but the difference between simply flashing a light at the meter and physically opening it would be enough to deter the 14 year olds that are trying to get away with leaving the computer and tv on 24/7.

    Either way, a “MFAULT” or a “SFault” flag would be raised and action could be taken from there.

    1. LightsOut

      Bonus points for automatic cutoff? So I can effectively DoS power to your house under this scenario? I think that in your efforts to protect the integrity of the device you are forgetting that active response can have unintended consequences when parties act outside the bounds of normal behavior. Which is kind of what this is all about anyway.

      I don’t know the solution but I think the same lessons that have been learned in more traditional IT security apply, first and foremost being that physical access to a device, especially if coupled with insider knowledge, will almost always trump whatever technical protections have been put in place. Maybe the answer is not a smart meter but to put the intelligence further upstream as others have suggested.

      1. Kitchenator

        It bothers me when security people come up with supposed “vulnerabilities” that weren’t an issue in the pre-IT / pre-Internet days. So far, the attacks described require physical access to the meter. How does an auto-shutoff response to some of these attacks result in a DoS situation that didn’t exist before? If someone wants to visit my house and cut off my power, they won’t need a flippin’ smart meter to do it, they can just turn off the breakers on the panel that the builder so wisely chose to place in a street-accessible location.

  13. Greg Sergienko

    An additional problem is that mischievous meter-tamperers can reset meters to raise the rates. Yes, there wouldn’t be any obvious financial incentive, but the challenge of doing it would be reason enough for some, and I wouldn’t want to be a Cal Tech professor when someone gets that idea. ‘ll bet it would be almost impossible to prove to the power company’s satisfation that you really didn’t use all that electricity.

    1. Utility IT Guy

      Actually, we have ways of detecting that. it would be very easy to validate a claim such as this.

  14. fairlane

    “This method is being used by some customers to disable the meter at night when air-conditioning units are operational. The magnets are removed during working hours when the customer is not home, and the meter might be inspected by a technician from the power company

    The altered meter typically reduces a customer’s bill by 50 percent to 75 percent. Because the meter continues to report electricity usage, it appears be operating normally. Since the meter is read remotely, detection of the fraud is very difficult.”

    Sorry for being obnoxious and immature but: Herp Derp!!

    Serves them right for trying to utilize the old “security by obscurity” mantra.

  15. RRietz

    Having the smart meters built to accept signed updates only from particular provider would be a major step towards improving security. Some type of shielding around the meter might help with vulnerabilities introduced by strong permanent magnets.

  16. Oil guzzling Tin Man

    http://cryptome.org has posted this:

    FBI Backdoor: Templar NVIDIA GPU Factoring Suite March 29, 2012
    http://cryptome.org/2012/03/Templar.zip

    Other sites and twitter tweets have picked up the story and linked to the zip archive.

    But, what is inside?

    No one seems to know or wants to blog/tweet/talk about it on discussion forums, searching the web only reveals links to cryptome’s url for the zip archive.

    I’m not downloading the zip, but I’d like to know what is inside. Is this a separate program offered by NVidia, a hardware or firmware exploit?

    What?

    Please begin posting to blogs and discussion forums indexed by Google and other search engines, what this mystery zip archive contains!

    Is anybody reading this?

  17. Jan Doggen

    1)
    “…an electric utility in Puerto Rico asked the FBI to help it investigate…”
    Why spend FBI resources on this? They installed insecure meters, so replace them at their own cost.

    2)
    “The FBI didn’t say which meter technology [] was affected”
    That helps – by all means do not tell us which company’s meters to avoid.

    3)
    BTW The only meters that deserve the label ‘smart’ are those that show me the current usage on a clearly visible place.
    All the other bells and whistles are for the benefit of the electrical company, not mine.

    1. Marcos El Malo

      Puerto Rico is a U.S. Territory. The case involves “high tech” fraud that is probably beyond the abilities of the local law enforcement agencies, so it’s not shocking that the FBI might be called in. They get called into all sorts of cases. Did you never watch X-Files?

  18. ZS

    Not worth the cost. More radiofrequency pollution. Cost of installation loaded onto consumer, $ billions, therefore the average price has to go up. Monitoring and data storage, another cost. They will need software updates every 5 years at whose expense? In our area they are malfunctioning and some customers have seen their bills double. Old meters keep more people employed. Some smart meters can be really smart and could monitor a hell of a lot more than electricity usage. Actively opposed to these Orwellian innovations. Many communities have opted out.

    1. AlphaCentauri

      In some communities, at least, it’s a safety issue. It used to be common for thieves and worse to get into elderly people’s homes by impersonating meter readers.

      For me, it was a real convenience. The meter reader didn’t usually come when anyone was home. We had to keep track of the billing schedule and either put the reading on a hang tag on the door or else go online to enter it. If we didn’t, the utility billed us an estimate, often far off from actual usage. So we either paid too much that month or were hit by a surprise catch-up bill when the meter reader did get to us.

      1. JCitizen

        In the desert MidWest; we read our own meters; the electric company wasn’t worried about cheaters, because their weren’t any, and if you misread your own meter, you paid the price when the real meter reader came along every quarter or so.

        Nobody cheated – folks had morals back then.

  19. byte

    “We need a program of psychosurgery and political control of our society. The purpose is physical control of the mind. Everyone who deviates from the given norm can be surgically mutilated.

    The individual may think that the most important reality is his own existence, but this is only his personal point of view. This lacks historical perspective.

    Man does not have the right to develop his own mind. This kind of liberal orientation has great appeal. We must electrically control the brain. Some day armies and generals will be controlled by electrical stimulation of the brain.”

    Dr. Jose Delgado
    Director of Neuropsychiatry
    Yale University Medical School
    Congressional Record No. 26, Vol. 118, February 24, 1974

    1. JCitizen

      Next, they will be “meter reading” our brain; and charging us for our thoughts? 😀

      1. Josette Vettel

        I’ve been soaked into researching this smart meter caper that I never had the time for humor
        YOU MADE MY DAY HAHAHAHAHAH
        THANK YOU

  20. Dave

    This won’t be a very popular opinion… but stealing from thieves is hardly a crime in my book. I’d love to see my local power company milked for all they are worth. Karma in action.

  21. Myrcurial

    Brian,

    Thanks for doing the long form reporting in infosec that so few others seem willing to do.

    There’s a lot more to this story – understanding that the utilities (and vendors) have been willfully deploying things that they know are broken and massively overstating the benefit of retail demand side load control.

    There are also a bunch of things that I think you’re contemplating but not yet writing about – let me know if you want to talk them through.

  22. Aaron

    Just my $0.02, buy my gut reaction to this report is that, like other industries trying to fend off product theft, they aren’t looking at the real issue.

    The problem isn’t necessarily that an ever increasing percentage of your customers are stealing you product, it’s that they feel they *need* to steal your product because they couldn’t otherwise afford it. (Ignoring those that do it for the sake of it – that I believe to be in the minority.)

    Electricity is a cheap resource, so why do I get upward of a $200 bill each month?

    We’re living in an advanced technological age that requires more and more power; to make these things viable, the cost of power needs to go down or the instances of theft will only continue to rise – like any market, there’s a pivot point.

    It’s time for these companies to find that balance by reducing their consumer costs instead of spending billions playing the cat and mouse game of theft prevention.

    1. Kitchenator

      I’m not going to get into a discussion about utility company business models and tariffs (we are OT enough as it is), but I had to respond to your statement that “Electricity is cheap”. It sure used to be decades ago when coal-fired plants that supplied most of our power ran hot and hard and didn’t need to implement any environmental controls. Now they do, having spent huge sums to get cleaner. Factor in the higher cost of natural gas (due to many factors, including exploration costs) for those types of plants, and the billions being spent to develop wind and solar, and the cost to maintain our existing aging nuclear plants, and it becomes easy to see why we are paying far more for electricity than we used to.

      1. JCitizen

        Good post, just a few points;

        Many state tightly control the price of utility charges; so in actual dollars with inflation figured in, many places do have cheap electricity. Volume = more profit at less cost to the consumer. Low volume = higher prices.

        Natural gas pricing is at an all time low adjusted for modern inflationary factors.

        It only takes 27 days at 5 mph wind or more to completely pay for the typical 160ft. wind turbine. Where is the over head after that? Perhaps line loss – this is being dealt with – science is getting closer to room temperature super-conductivity every day. Municipalities have been taking advantage of this exponential cost saving to revamp their infrastructure – this has realized such huge savings they buy more cost effective equipment, and it all exponentially snowballs into more savings, and enough money to start planning to get entirely off the grid by using a “smart grid” and things just like solar, thermal, and wind energy. I agree nuclear power is just not practical for at least political purposes, especially since Fukushima.

        There is now a new Texas community that has declared themselves power independent, and they use little if any green house gases. I’m not necessarily convinced of the danger of global warming, but I will join any political group that wants to get America off foreign energy dependence.

  23. Round Rock Electricity

    I am glad to have found your article. I will be submitting a blog post to our site on this subject, and provide the link to this article. I suspect that this “problem” will be solved fairly quickly. For instance, in Texas, a person with a Smart Meter can monitor their usage with an online account. They can monitor the usage in 15 minute increments. This would make it pretty easy for the local wires company that provides the data to set up software “trip filters” that alert when usage goes outside of “normal parameters.” And a host of other filters could be set. Certainly their could be a “cat and mouse” game as hackers try to get around new safeguards, but I don’t imagine that will be a large scale problem.

    1. MrUnFixit-Maybe

      First law of theft: Keep a low profile and you will be less likely to get caught. The greedy always get caught first.

      Like any savvy computer user you sign up for the new-fangled smart meter monitoring software. Naturally you are surprised by the amount of electricity you consume and the software soon highlights to you many ways to reduce your bills. This is natural and to be expected and encouraged.

      After the major savings are realised, the downward trend of consumption slows as you run out of ideas to save power. We go back to our old habits or adapt to new ones.

      A smart power thief will duplicate this scenario, lowering the tariff cost inside the smart meter gradually to blend in with all the other power users.

      Hard to spot any trends? I would contend it is impossible to do remotely across a large number of consumers.

      1. JCitizen

        “I would contend it is impossible to do remotely across a large number of consumers.”

        If you mean rampant skulduggery by consumers, I feel that is unlikely – if you mean raw computing power – I have no doubt that capacity will become more affordable to the utility companies as just a small time progresses. Sophisticated power management systems are already being used in factories, and I shouldn’t doubt by cities. Cleveland comes to mind as one of the most progressive municipal centers of energy conservation.

        Computing power like IBM’s WATSON may be unaffordable now, but the economics of technology like that always changes in just a few years. I actually feel that this subject is one of the few things I feel the government should hold a role in, as far as it should be treated like the Manhattan Project, and the security of the free world is in just as much jeopardy.

  24. HackCo.

    USB/Optical port probes can be found on ebay or Amazon and can easily be used to turn meters on and off and reprogram to register lower usage using software from P2P torrent software sharing websites. Because the smart meters are in many cases located outside in unsecured location anyone with a latop/probe/software can reprogram your meter without your knowledge.

  25. MrUnFixit-Maybe

    Physically going around altering individual smart meter settings is like having gun-toting rednecks holding up banks. Oh so very 1990’s stuff.

    Haven’t the criminals matured and gone with the technology flow? These days you can deploy bots from an island paradise over your smart-phone to spam millions of people per day without having to even put down your glass of Coke.

    What would make the utilities cringe and lose sleep is the ability of tapping into the parallel world of a duplicated Internet type system where all the smart devices for an utility talk amongst themselves. Yes they use various systems to communicate: GSM/SMS, local area networks, wireless networks, piggyback off cable networks, and power line modulation. Each of these are eminently interceptible and often use well documented protocols.

    Most smart meters have the ability to restrict electricity to the consumer. This is the ‘enforcement’ part of the convenience of these meters that the utilities love, and what most thinking people resent.

    Imagine being able to shut down the electricity of the neighbour that is blasting their stereo at 2am without having to leave your premises.

    Imagine being able to shut down the whole street.

    Imagine being able to shut down the whole district.

    Don’t imagine – it is here already!

    A careful Google search will uncover the FTP location of the code for control of smart meters from the vendor websites, at the consumer, technician, monitor, and utility levels. The sales blurb proudly expounds the methods they use to communicate. The technical literature discusses the strengths and weaknesses of each method of control and how convenient it is to deploy and control.

    A spot of disassembly, reverse engineering, and test on the meter at your premises that was foisted on you without your explicit consent, and voila, ultimate control.

    I think the cost of the so-called ‘optical converter device’ quoted at a bloated $400 is what somebody can buy a commercial industrial grade adapter for on the open market. Any hacker worth their salt will hook up an infra-red LED and photo-transistor to a serial port on their computer or smart-phone, pull together some public domain open source remote control adapter software such as WinLIRC and Irdroid and build the lot for $10 of parts from Radio Shack. For some, the hardware will already be built into the shiny new smart-phones that support Irda, NFC and wireless, and the software is already well documented, robust and widely deployed. Should be as easy as pick a victim located anywhere on the globe from a pulldown list, press the button, and Zap!

    The utilities have been conned into accepting the cheapest equipment that will do the job. A dollar saved on each meter over a whole city buys a few extra liquid lunches for management for many years. Most smart meters have only enough firmware storage capacity to patch small flaws, and not enough to add additional functionality such as more robust authentication and security algorithms. A wide ranging hardware replacement program will have to be deployed in the immediate short term, and of course the consumer will ask why they are paying twice for their unwanted new meters and their utility bills are sky-rocketing even faster. The inconvenience to having to disconnect the power while the old equipment is being removed and the new installed will also be unpopular.

    Be afraid, be very afraid…

  26. FrankH

    As soon as I saw an estimated loss to theft of $400M for Puerto Rico I was suspicious. The numbers don’t add up. I then found the figures for 2010 from PREPA (http://www.metering.com/node/17066)
    when the losses were estimated at $34M so in two years the estimate has increased by x10 – it seems very unlikely to me.

  27. Calaway Lawrence

    A smart meter does not communicate 24×7. It communicates for about five minutes a day total.

    1. JCitizen

      Bandwidth allowance is definitely not a concern. Even if more duties were required in a more sophisticated smart grid system; it wouldn’t take anymore data bandwidth than my weather station does 24/7. Basically like comparing a fart to a whirlwind.

      1. MrUnFixit-Maybe

        ‘Fart in a whirlwind’ (like the terminology) is for normal operation where extremely short bursts are all that is necessary to collect challenge/response meter readings at regular intervals of days/weeks/months/quarters for each meter, but checking each meter to examine their settings, update their firmware, and reset passwords on a regular basis needs quite a different bandwidth load, and often weighted in the push, rather than the pull direction, uninterrupted and with full reliability. You don’t want an utility employee physically going from meter to meter to update the firmware by shining their optical doodad into each meter for five minutes – far too expensive from a time and personnel aspect, and the existing smart-meter installation probably hasn’t got the memory capacity to take the added code anyway.

        I can predict some white papers being presented at conferences coming up real soon on exactly this subject, and imagine wikileaks hosting some background briefs to industry outlining the anticipated depth of grief they will be asked to bear.

        1. JCitizen

          Probe requirement seems odd to me, as all the gas companies here use radio telemetry in close proximity. They just drive around and the data feeds into their truck by wireless. I’ve not heard of any shenanigans on that model(locally anyway).

          I must admit, most of our local cities do use probes on a stick for water meters; I’m not sure how they work, but a guy on an ATV with a wand simply touches the top of the man hole cover and the data transfer only takes a second, and he is already moving on!

          I haven’t seen an electric meter reader for a long time, but since the city owns the grid here, I assume they are mechanical and they read them the old fashion way, from a truck. The area utility is still doing it that way so far.

          It sounds like this design you point to, is not a very good one, if the technician has to go through that much time and trouble to make a reading.

    2. CZehfus

      True, smart meters do not create continuous signals, but they burst and pulse over 24/7 with no breaks. Some send multiple bursts of RF every 6 seconds, including “talking” to other meters in the mesh. The power densities have often been measured to exceed the limits of the HFE35C analyzer, which is 1999 µW/m2.

      Chronic pulses of these power densities have not been tested over the long-term for safety. The FCC only looks at tissue heating in a 30 minute continuous exposure on a large man, but ignores other biological effects of RF exposure that the scientific literature documents. For a provocative, informative exploration of U.S. exposure guidelines/levels, see these sections at the link below:

      *Low power RF doesn’t mean low biological effect
      *The FCC limits are a terrible joke
      *Time-averaging RF erases peak spikes
      *The best analogy to these spikes of RF energy is a strobe light
      *Many questions are utterly unaddressed by FCC guidelines

      http://stopsmartmeters.org/2012/03/09/a-primer-on-the-fcc-guidelines-for-the-smart-meter-age/

      1. JCitizen

        So does my weather station. It has to report quite a variety of conditions to the WeatherUnderground, in whatever time increments contribute to accuracy. I believe I have it set to every 5 seconds; I’ve never noticed a hit to my bandwidth at all.

  28. Angel

    This is old news. As a resident of PR I have been offered to have this done to my reader, but this was with the pre-smart ones. I had a co-worker that used the magnet trick with some success with the smart readers back in 2010. I never modded mine and he stopped doing it once the PREPA started taking measures to combat the thefts. Local newspapers and tv news gave the stories related to the thefts and the fines associated with plenty of coverage discouraging additional potential theft. Puerto Rico is almost 100% powered by petroleum that is shipped in. As you can expect, the cost to the subscriber are very high and the “purchase of fuel” cost variance is passed straight to the consumer and it can easily be double of what the actual energy consumed by Watt/h.

Comments are closed.