[China Instrument Network Instrument Industry] Researcher Natean Rubin said: Smart meters are "extremely insecure" - weak encryption, relying on invasive protocols, and can be programmed as a bomb!
Netann Rubin
Netann Rubin
The software bug hunter ridiculed the promotion of smart meters in countries around the world is simply reckless crazy behavior, and said that these "dangerous" equipment is the source of risk for all connected smart home devices.
Smart meters can communicate with all connected devices in the house, such as air conditioners and refrigerators. As long as they can infiltrate networked meters, hackers can control these smart home devices, and even "enter the hall."
They can also alter the code of the meter and cause fires - using power supplies to do it is simply too easy. Think the fuse can prevent fire? The researcher does not think so. He thinks that the hardware will be deceived. The numerical value is not correct. The explosion will naturally be possible.
"It is normal for an attacker who controls the smart meter to control the software running on it and play the meter between them," said Rubin at the chaotic communication conference in Hamburg, Germany, this month.
"As long as the attacker can black into the power meter, he can access all devices connected to the meter. The current smart meter network is completely open to attackers.
At the chaos meeting, Rubin was considered by the audience to sell fear. He responded by saying that he was only trying to attract public attention to these explosive small boxes — people couldn't help but think of a "World News Weekly" spoof (calling a hacker can turn a home computer into a bomb).
The audience felt that it was impossible to cause an explosion through hacking activities. He countered this comment and claimed that it had been proved in the United States.
Although the physical security of the meter is usually very strong, hackers still have loopholes that can be exploited, as well as a large number of wireless methods to invade the device.
Rubin listed the Zigbee and GSM protocols used by smart meters, both of which are insecure and unencrypted, or at most protected by the GPRS A5 algorithm that was broken up 5 years ago. Attackers can also use hard-coded login credentials to wirelessly force all cells in a region to connect to malicious base stations and access smart meter firmware directly for more in-depth exploits.
"All meters with the same effect use the same access credentials, and one key can govern all meters."
What's worse, when communicating with home devices, smart meters don't verify device trust at all, they hand over key network keys. This is tantamount to opening the door to criminals so that they can first steal the keys by masquerading as a household device and then pretend to be a smart meter.
“You can communicate with and control any device in the house across the street, unlock the door, cause a short circuit in the power system, etc. What you want to do. A simple memory segment error is enough to crash the meter and cause the entire house Power off.â€
In fact, these security vulnerabilities can be removed simply by applying proper encryption and segmenting the network instead of making a huge LAN.
In 2009, Puerto Rican bill thief stole 400 million U.S. dollars using similar security breaches. Rubin said that the ability of smart meters to communicate with internal smart home devices is a top priority for us. And when smart devices continue to expand and form a city-wide smart device network, the situation will be much worse.
"The entire grid, home, city, and everything contained within it will be under the control of the power company, which is a bit terrible."
About 40% of the smart meter market is occupied by three companies, Itron, Landis and Gyr, and Elster. The EU wants to invest 45 billion euros to replace more than 70% of its electricity meters with smart ones. About 100 million meters have been installed worldwide.
Rubin predicted that electricity meter attacks will usher in explosive growth and called for public utility companies to "take responsibility." He said he will release an open source Fuzzing test tool to help security researchers test their meter. "Get your home's permission before being controlled by others!"
(Original title: IoT Security Thinking: Smart Meters May Become Time Bombs)
Die Cutting Machine,Die Cutter,Craft Cutting Machine,Spellbinders Die Cutting Machine
Ruian Victory Machine Co.,Ltd , https://www.victorymachinemanufacturer.com