Jump to content
Security Installer Community

Smart Meter Hacking


james.wilson

Recommended Posts

Very interesting. Be interested to know how easy it would be to jailbreak so that it told the leccy board you were using 1/2 your real usage. This would worry me from their point of view.

monitored-alarms.nsi-gold-approved.co.uk/

Link to comment
Share on other sites

I know a lot of people working on this stuff. They use similar chips to those used in many alarm systems. Some of the mistakes being made are really basic.

 

The real risk comes from the utility system making decisions based on power consumption of individuals...

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

I know a lot of people working on this stuff. They use similar chips to those used in many alarm systems. Some of the mistakes being made are really basic.

 

The real risk comes from the utility system making decisions based on power consumption of individuals...

Just think how a custom firmware that told porkies to the energy companies would be worth.

monitored-alarms.nsi-gold-approved.co.uk/

Link to comment
Share on other sites

The electrical companies do have an idea on where they are losing power (through theft) thats how a lot of these canibis factories are found. Our locksmith gets called to open doors or resecure properties that have been rented then turned into canibis factories he reckons its always the leccy board that has traced them because the meter has been bypassed and loads of electricity is being used

Link to comment
Share on other sites

The electrical companies do have an idea on where they are losing power (through theft) thats how a lot of these canibis factories are found. Our locksmith gets called to open doors or resecure properties that have been rented then turned into canibis factories he reckons its always the leccy board that has traced them because the meter has been bypassed and loads of electricity is being used

I've no idea how the grid or local distribution works but would be interested to have an idea. I just resumed that a big set of cables (4.0mm as being in the ground it will keep it nice and cool) and that each premises had a glorified big choc block to connect it in. If there is some more sophisticated monitoring locally then a big discrepancy might be easy to spot.

monitored-alarms.nsi-gold-approved.co.uk/

Link to comment
Share on other sites

As we all know, Power to your property is supplied through either below ground or above ground.

 

Your supply that will be feeding your property on pavement side will be 3 Phase,

Cable sizes are typically from 35mm upwards, Sizes are are generally dependant on the maximum demand factoring.

 

These 3 Phase cables will run back to a local transformer / mini substation thats found in your local area

Also known and refered to as HV Phase transformers, these can hold in excess of 10,000 Volts at source

From your pavement, at your domestic property entrance you will have a terminated joint, Known as a branch kit

This will have a seperate cable, called "Concentric cable" Only has a Live & Earth conducter inside it and is 25mm diameter

The connections are filled with an epoxy resin to seal the joint from moisture and can be buried after just 45 minutes setting.

 

Power companies do monitor their HV lines, they are managed by a regional control centre, If a fault occurs, they know within seconds.

The control centre does monitor individual localised substations throughout their regions and they CAN see the realtime what happens.

 

I do know that they are able to detect excessive consumption on a specific HV Transformer (Local Substation) and audit its output.

If they were to suspect or detect excessive usage through the control centre, They visit the local HV and assess it on a per phase basis.

 

They carry out a variety of tests per phase and again, calculate and audit accordingly. If they for example found the RED Phase to be

excessive, They do have a list of property's that are fed from that specific phase, But are unable to state which property it could be without

further testing and load measurement being carried out.

The long and short of this is simple, If the odd one or two people who were on the same phase managed to bypass it, it would go unnoticed.

If there was enough people on the same phase to do it, Bells would ring due to the load imbalance of the phases, This is how they do it.

Its important to remember that power companies do have a tollerance guide for earth leakage and power loss, Not sure exactly what it is.

 

A mate of mine works for Western Distribution, He does the callouts to suspect dodgy property's, Makes an interesting chat over a brew.

Link to comment
Share on other sites

the issue is or may be lost revenue.

But im hoping cg is gonna save me a fortune



As we all know, Power to your property is supplied through either below ground or above ground.

 

Your supply that will be feeding your property on pavement side will be 3 Phase,

Cable sizes are typically from 35mm upwards, Sizes are are generally dependant on the maximum demand factoring.

 

These 3 Phase cables will run back to a local transformer / mini substation thats found in your local area

Also known and refered to as HV Phase transformers, these can hold in excess of 10,000 Volts at source

From your pavement, at your domestic property entrance you will have a terminated joint, Known as a branch kit

This will have a seperate cable, called "Concentric cable" Only has a Live & Earth conducter inside it and is 25mm diameter

The connections are filled with an epoxy resin to seal the joint from moisture and can be buried after just 45 minutes setting.

 

Power companies do monitor their HV lines, they are managed by a regional control centre, If a fault occurs, they know within seconds.

The control centre does monitor individual localised substations throughout their regions and they CAN see the realtime what happens.

 

I do know that they are able to detect excessive consumption on a specific HV Transformer (Local Substation) and audit its output.

If they were to suspect or detect excessive usage through the control centre, They visit the local HV and assess it on a per phase basis.

 

They carry out a variety of tests per phase and again, calculate and audit accordingly. If they for example found the RED Phase to be

excessive, They do have a list of property's that are fed from that specific phase, But are unable to state which property it could be without

further testing and load measurement being carried out.

The long and short of this is simple, If the odd one or two people who were on the same phase managed to bypass it, it would go unnoticed.

If there was enough people on the same phase to do it, Bells would ring due to the load imbalance of the phases, This is how they do it.

Its important to remember that power companies do have a tollerance guide for earth leakage and power loss, Not sure exactly what it is.

 

A mate of mine works for Western Distribution, He does the callouts to suspect dodgy property's, Makes an interesting chat over a brew.

wow. you trying to be the new arfur mo?

securitywarehouse https://store.securitywarehouse.co.uk

Trade Members please contact us for your TSI vetted trade discount.

Link to comment
Share on other sites

Nar . . . Not at all mate,

 

Just thought I would contribute something that people may find interesting..

 

Plus, I am bored sitting here in the office, got nowt else to do till the phone rings.

Link to comment
Share on other sites

From your pavement, at your domestic property entrance you will have a terminated joint, Known as a branch kit

This will have a seperate cable, called "Concentric cable" Only has a Live & Earth conducter inside it and is 25mm diameter

The connections are filled with an epoxy resin to seal the joint from moisture and can be buried after just 45 minutes setting.

 

Concentric is fairly new is it not?

Link to comment
Share on other sites

Nar . . . Not at all mate,

Just thought I would contribute something that people may find interesting..

Plus, I am bored sitting here in the office, got nowt else to do till the phone rings.

i thought that a very interesting post,

from watching the Police Docs they often detect cannabis factories from the air with thermal imaging, as those houses really show out. some forces seem to have ground equipment.

but with all that tech, it's often simply a coppers sense of smell arousing suspicion.

Edited by arfur mo

If you think education is difficult, try being stupid!!!!

Link to comment
Share on other sites

It has to be noted that it's only in a very small minority of cases where electricity is being obtained by underhand means that the actuall property kilowatt loading increases significantly.

The majority that have been caught have purely done it because they cannot afford the extortionate prices that the supliers charge, and as thus tend to use around the normal amount.

Link to comment
Share on other sites

to me talking about theft bypassing the readings, we seem to be missing a far more worrying issue mentioned.

because of roll out cost the devices have to be cheap, by using this tech and cheaper insecure comms, the utility co's are opening a back door way to cause industrial espionage, even hacking the util co's to cause disruption by mischievous, criminal or terrorists elements.

If you think education is difficult, try being stupid!!!!

Link to comment
Share on other sites

What Rulland says is very true - well over 99% of meter bypass is done by ordinary householders. 

 

There isn't really anything fancy in most local substations to detect higher than usual consumption. Often there isn't any metering equipment at all outside of a basic meter on the infeed. Temporary equipment can be installed though, but it's for diagnosing problems like an intermittent short in an underground cable.

 

Nearly everything is caught through back-end auditing and meter readings. As far as I know, the electricity company is rarely involved in tracking down cannabis factories, it's just not technically easy or even worth it for them.

 

Smart meters will make bypass much harder. Commonly, people bypassing meters will un-bypass them for a couple of days a month so there is some bill, just low. A smart meter will see this odd pattern.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

A teardown of a US smart meter:

http://www.ifixit.com/Teardown/Elster+REX2+Smart+Meter+Teardown/5710/1

 

And a video teardown of a 3-phase smart meter:

 

And a video from a guy called atlas about the security of the systems. It was aimed at an audience at a SCADA security conference, and is less technical than a lot of the usual fare (though, still pretty technical, and **** knows why he is dressed like that):

http://www.digitalbond.com/blog/2013/02/11/s4x13-video-atlas-on-rf-comms-security-and-insecurity/

 

 

He works on a piece of software called RfCat that uses CC1111 dongles to receive/transmit practically anything under 1-GHz (https://code.google.com/p/rfcat/).

Edited by cybergibbons

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

I'm pretty certain most cannabis farms are detected by thermal imagining on the police helicopter, I believe there is a policy to check area to make use of the flight time?

Oddly I had discussion with an electrician on the topic of cannabis farming, his idea was to having solar PV on the property would account for the the trace ?

Mr😀 Veritas God

Link to comment
Share on other sites

A bit like alarms though, its not so much what you can do to the meter, more the fact that the fact it suddenly disappears from the network at the electricity co's end, and reappears 5-10 minutes later with the property using half what it did before, that will arouse suspicion.

 

We have a police transit van round here which I believe - or it leads you to believe with massive graphics - is dedicated to sniffing out cannibis factories. It might just as well be used to replenish the police station vending machines in reality, but does look like it had some extra cut out sections on the roof.

 

I've seen a factory or two myself and as you can imagine, clever meter firmware cracks were more often given over to smashing the terminal cover off and bridging the lives... Or in one cunning case just not paying the bill and never answering the door.

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

Link to comment
Share on other sites

I don't think the risk of smart meter hacking is cannabis factories. It's going to be one of two things:

 

1. Someone selling firmware to reduce bills. These meters take OTA (over-the-air) firmware updates, and there is likely to be a mechanism where you can use your own firmware. Nothing will look amiss. It would be possible to ramp consumption down over time or use any other number of tricks to make the reduction look genuine.

2. A state-sponsored attack to bring down an entire utility network. One of the purposes of the meters is to allow for a smart-grid - i.e. better dealing with supply, demand and switching. If you can game the network, you could bring the entire thing down.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites

2. A state-sponsored attack to bring down an entire utility network. One of the purposes of the meters is to allow for a smart-grid - i.e. better dealing with supply, demand and switching. If you can game the network, you could bring the entire thing down.

The idea of any remote connectivity to meters worries me for this reason. But saying that, the whole grid will be controlled by computer systems that have remote access vulnerabilities so is the threat already real and there?

monitored-alarms.nsi-gold-approved.co.uk/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.