Security flaw found in mandatory smart meters

CONSUMER AFFAIRS

Security flaw found in mandatory smart meters

Hackers could “turn the lights off in a city or neighborhood”

By Jennifer Abel

Photo
© sanderstock – Fotolia

Anything connected to the Internet has the potential to be hacked (which is why anybody who keeps up with the news hears a new “protect yourself and your confidential information after this latest database hacking” warning every week or so).

This is to be expected, once you remember that the Internet – also known as the “World Wide Web,” formerly the “information superhighway” – was built specifically to make it easier for computers or computerized devices to share information, whereas computer or online “security” tries to do the exact opposite: keep information secret.

You can make it easier to share something, or you can make that something harder to steal – but using the same tool for both, simultaneously, doesn’t work too well.

So it’s no surprise that home-based Internet-connected “smart” devices are vulnerable to hacking as well. There have already been real-life incidents of hackers taking remote control of wireless baby monitors – sometimes to yell at the baby, othertimes to secretly spy on the family.

The same potential holds for Internet-connected or wi-fi-controlled smoke alarms and thermostats – you enjoy the convenience of being able to control those devices from afar, but run the risk that a hacker might do the same.

Reverse-engineered

And later this month, at the 2014 Black Hat Europe security conference in Amsterdam, researchers Javier Vazquez Vidal and Alberto Garcia Illera plan to demonstrate crippling security weaknesses they found in a still-unnamed brand of smart meter: Vidal and Illera reverse-engineered the meter and discovered they could remotely hijack control of one, even to the point of completely shutting it down.

The flaw Vidal and Illera found in their reverse-engineered meter (which, according to the Dark Reading security blog, is widely believed to be a brand in common use in Spain) is in a microchip found in each device. That microchip, in turn, holds a pair of symmetric AES-128 encryption keys.

A knowledgeable attacker who lifted those keys could then send commands to the smart meter, and do anything from “steal” electric power to shutting down the power altogether. The keys are also easy to spoof — a hacker could, for example, spoof his own meter so that his power consumption appeared to be coming from his neighbor’s house, and his neighbor gets the resulting huge electric bill.

Very scary things

Illera said that after he and Vidal discovered how easily they could crack into the smart meters, “There were very scary things we found. You can practically turn the lights off in a city or neighborhood” with them.

What’s worse is that the smart meters are installed by [presumably Spanish] local electric companies, not by electrical customers themselves, which means people who have these super-hackable smart meters in their homes are legally helpless to fix the problem, Vidal said. “The only ones able to solve this situation are the electrical companies who are placing them. Since we do not own the meters that we have at home — they are rented — we cannot do anything about it… Besides, it could be considered [by the power company] as manipulation” of the meters.

http://www.consumeraffairs.com/news/security-flaw-found-in-mandatory-smart-meters-100214.html


EXCERPT:  Last October, security researchers discovered a flaw in mandatory smart electricity meters that would enable a hacker to “turn off the lights in a city or neighborhood.”

CONSUMER AFFAIRS

Healthcare and other industries still in the dark about the extent of Internet security risks

Should we improve Internet security before putting more secure stuff on the Internet?

By Jennifer Abel

PhotoPhoto © Tyler Olson – Fotolia

Since last summer, four major medical-themed hackings have been discovered somewhere in America, in addition to the seemingly endless stream of new retail and bureaucratic hackings reported every week or so – and finally, the healthcare industry is growing into the realization that if it’s going to store confidential data on hackable networks, maybe it ought to make those networks less hackable, too.

Last August, a for-profit hospital network called Community Health Systems, which owns and operates 206 hospitals in 29 states, admitted that Chinese hackers had broken into their network and stolen data from more than 4.5 million patients.

The Chinese were also blamed for the three major health-insurance hackings discovered so far this year. In February, Anthem admitted that hackers had compromised the records of 80 million current and former Anthem customers dating back to 2004.

In March, Premera Blue Cross admitted to a breach compromising 11 million medical and financial records dating back to 2002. And in May, CareFirst Blue Cross/Blue Shield discovered a breach compromising up to 1.1 million customer records.

Scary stuff

It’s bad enough that last week, Larry Ponemon of the Ponemon Institute and Rick Kam of ID Experts wrote an op-ed going so far as to suggest that these “escalating cyberattacks threaten U.S. healthcare systems. … Imagine a hostile nation-state with your psychiatric records. Or an organized crime ring with your child’s medical file. Or a disgruntled employee with your medical insurance information.”

FULL ARTICLE AT:  http://www.consumeraffairs.com/news/healthcare-and-other-industries-still-in-the-dark-about-the-extent-of-internet-security-risks-060115.html

CALIFORNIA-$5 Billion Cover-Up at San Onofre – Mia Severson

Another example of the corruption, collusion and stupidity of the Utilities and regulatory agencies.  The back channels are the shadows they truly operate with discussions that they do not allow for public record.  We witnessed this when they the State refused to enforce their “pure tone” noise pollution laws, ignoring the expert physical evidence as well as their own and closing our case without resolving the power quality issues and noise pollution caused by the Power lines. They are criminals and need to be brought to justice……SANDAURA

$5 Billion Cover-Up at San Onofre – Mia Severson

Published on Jun 1, 2015

San Diego attorney Maria (Mia) Severson exposes the attempt to make the public pay big for utility and regulatory executives’ mistakes at the failed San Onofre nuclear power plant.

Severson – like her law partner, Mike Aguirre, a former SD City Attorney – gives an update on their on-going legal battle to defend the public interest against collusive corruption between Southern California Edison (SCE) and the scandal-ridden California Public Utilities Commission (CPUC).

Stonewalled by SCE and the CPUC manuevering, and denied remedies in the courts, Severson stresses the vital importance of public awareness and engagement in the fight for a rational, just, renewable, post-nuclear energy future in California.

For more info:
Aguirre & Severson LLP
http://www.amslawyers.com

1.5 million smart meters won’t work when you switch energy supplier

1.5 million smart meters won’t work when you switch energy supplier

Smart meters will lose functions if householders switch to another energy firm, with a one-year wait before the problem is resolved

Smart Meter

The hi-tech devices stop functioning when you change supplier, as a result of delays to the roll-out of a national communications network

7:43AM BST 07 Jun 2015

Millions of smart meter customers are effectively trapped with their energy supplier unless they give up the new technology, Telegraph Money can reveal.

This crucial limitation of the £11bn roll-out is not being properly explained to households, critics claim.

So far 1.5 million smart meters have been installed in people’s homes. The gadgets are supposed to record household energy use every 30 minutes and send this information directly to energy companies, meaning customers pay only for the energy they use.

But suppliers, which are obliged to try to install the meters in all their customers’ homes, do not have to make their smart meters compatible with those of rival firms.

Billing glitches for first customers of £11bn smart meter roll-out

Switching suppliers, therefore, causes the hi-tech meters to lose their “smart” functionality. They become no more sophisticated than the meters that have been in use for decades.

In these cases households will have to rely on estimated bills, like a traditional meter. They also will be unable to see how much their energy is costing them in real-time – the function that forms the basis of claims by supporters of the project that smart meters will save users money.

The problem will be solved only with the introduction of a new centralised communications network, due in April 2016, according to the Government.

But fresh delays are expected in the software delivery, which has already been pushed back by one year due to “technical issues”.

When will smart meters be compatible with multiple suppliers?

The new network, which will cover 99.25pc of the population, will be supplied by the Data and Communications Company (DCC), owned by Capita, which has been commissioned by the Government to create the national system.

The Department for Energy and Climate Change, which is responsible for overseeing the introduction of the new software, said that the April deadline still stood – but admitted a further, six-month delay “was possible”.

Industry experts are sceptical, however.

“Delays have been continuous,” said Nigel Orchard, who has worked in communications software for 30 years and invented “Chirps”, a meter-reading network that is successfully used in France, among other countries. “Each energy firm has to agree to each final, technical detail, and I can’t see them all agreeing. DCC will never work as hoped.”

Energy companies have no incentive to work together to agree to the new system, Mr Orchard said. “Smart meters aren’t compatible with other suppliers, making customers reluctant to switch. It’s great business for them.”

Have smart meter customers been warned?

Promotional advertising for smart meters continues to tell customers that they will be able to see their energy use in pounds and pence, as well as send energy data to suppliers.

The official website (smartenergygb.org) tells householders: “Only a smart meter can get you accurate bills from your energy supplier. You get accurate bills and only pay for what you use.”

Energy UK, the industry body, said: “By 2015, switching suppliers with smart meters will become standard and switching will be quicker and easier.”

In-home displays like the one above show household energy spending in real-time – but not if customers move suppliers

Sacha Deshmukh, from Smart Energy GB, the Government-funded body responsible for promoting smart meters, insisted that people who already have a smart meter receive “easy access to clear information, in pounds and pence, about how much gas and electricity they are using”.

But when pressed by Telegraph Money, the organisation’s chief said: “If [people] switch, smart functionality and therefore being able to see pounds and pence will be lost – their meter will work like a traditional meter.”

But all existing meters will become smart again once the network is introduced in April, Mr Deshmukh said. “Once the DCC goes live, their meter will be brought into the network and be fully smart again, with no need for an extra visit from an engineer,” he claimed.

What the energy companies say

British Gas, which has installed 1.4 million smart meters, more than any other supplier, said: “If a smart meter customer switches to another supplier, it will become a standard meter.”

Npower was the only energy supplier to tell Telegraph Money that any smart meter customer could switch to them and maintain the full functions of their meter. Later it said this would only be available once a central system is in place.

“There is currently no rule that all suppliers should use the same technology,” said Ovo Energy, which has installed 90,000 meters. “There is a risk that your new supplier’s technology won’t be able to connect with your old smart meter.”

Tory energy promises ‘will lower bills by £65’ – how?

‘Why won’t Scottish Power talk to me?’

Many firms have chosen to wait until the nationwide software has been introduced before installing new meters.

“Our strategy for smart meters is to ‘do it once and do it right,’ ” said a spokesman at Scottish Power, which is installing a small number of meters to “ensure the technology works as well as it should”.

Almost every energy supplier in Britain will lease its smart meters from Macquarie, the Australian bank, on a hire agreement. Macquarie currently has 6.3 million meters lent to firms and if a customer switches, the new company pays for the lease.

‘I joined E.On and my smart meter is useless’

Smart meter customers are bemused at facing an unexpected dilemma – either stay with their current supplier or render their smart meter useless by switching to a better tariff.

Telegraph Money has heard from a number of readers.

David Nancarrow, who recently switched from Ovo to E.On, said: “We had problems with an Ovo smart meter with no bill for many months, and now we are moving to E.On. I was then told that my Ovo smart meter will just function as a normal meter. What’s the point of having a smart meter if it’s not transferable?”

Andy James, also with Ovo, said: “I was told by my supplier that the smart meter would continue to work in the house if I change suppliers, but it will not communicate with any other energy supplier’s monitoring software.”

Some public figures are sceptical, while others, such as Baroness Verma, a junior minister for the Department of Energy and Climate Change, support the project. She said the roll-out would save householders money and reduce carbon emissions.

kate.palmer@telegraph.co.uk

WAPA Finishes St. Thomas-St. John ‘Smart Meters,’ Begins St. Croix-

Forget about vacationing in the Virgin Islands; they are now poisoned with smart meters….Sandaura

WAPA Finishes St. Thomas-St. John ‘Smart Meters,’ Begins St. Croix

The V.I. Water and Power Authority has installed smart meters to about 98 percent of St. Thomas-St. John customers and will start on St. Croix this week, according to WAPA. The meters save time and money for WAPA, help the utility react faster to changes in usage and to faster identify, locate and fix problems with the grid.

“As of May 29, WAPA’s meter installation contractor, Apex CoVantage, completed installations in the St. Thomas-St. John district. WAPA personnel are now deploying smart meters to commercial customers and, in addition, we expect that up to 500 net metering customers will receive the smart meters by the end of July,” WAPA Executive Director Hugo Hodge Jr. said in a statement.

“The contractor is mobilizing to St. Croix to begin the installations next week. Mailers were sent to St. Croix account holders last week advising them that installers will be making their rounds to replace the current electrical meters and we will be publishing notices in the territorial newspapers to increase the awareness of St. Croix residents regarding the meter change out,” Hodge said.

When completed, customers will have the ability to control their consumption methods and costs by monitoring the real time energy usage in their homes and businesses, Hodge said. An added benefit of the smart meter is the ability to know, within seconds, if an individual customer is experiencing a service interruption, without that customer having to call the line department, he said, adding that the system will also serve to reduce meter tampering, quickly identify faults and lay the foundation for the full implementation of a smart electric grid.

“As the installation of smart meters commences next week on St. Croix, it is important for residents to know that Apex CoVantage and WAPA employees will display proper identification when accessing residential or commercial properties to replace the meters and will be moving about the island in appropriately marked vehicles,” Hodge said.

Customers are asked to cooperate fully when these individuals come to the homes or businesses to work on this project. If a meter is not accessible and the resident is not at home, notification will be left indicating that the service man was there and will return to complete the installation.

Over the next few weeks, WAPA will be promoting the implementation of smart meters including messaging about the meter’s safety and addressing concerns about the meters having the capability to record more than a customer’s electrical consumption. “Our overall goal at WAPA is to increase our system’s efficiency and reliability, all while reducing the cost of electrical and potable water service for our residents and business owners. We are well on our way to achieving both objectives,” Hodge said.

Smart Meters can invalidate your homeowners insurance

Friday, March 2, 2012 0:27
That’s right smart meters can invalidate your homeowners insurance. Here’s how. Many insurance policies will be invalidated if you have electric devices installed on your home that are not approved by Underwriters Laboratories. It just so happens that the smart meters being installed around the US are not so approved. Therefore if you have a home fire, and there have been reports of smart meters actually causing home fires, your insurance company will be off the hook to pay damages because you have an unapproved device, the smart meter, attached to your home.This may be the straw that breaks the camel’s back as far as the smart meter controversy goes. Power companies cannot install devices that invalidate your homeowner’s insurance and that may be the legal grounds opponents of smart meters have been looking for to get them removed.

Smart Meters have not been tested or approved by OSHA.

In Minnesota, where I live we have the Itron Centron meters. I called Itron in Washington State and talked to them. They assured me that the meters are UL approved. Yet they would not verify that by sending me an email stating their meters are UL approved.

Next I called Xcel Energy the power company here in Minnesota that installs and uses the meters. After a sixteen minute wait on hold they assured me the meters are UL compliant. I requested a verification of that by email. It was never sent.

Next I went to the UL website and did a search. Although a dozen or so Itron devices are listed the Centron is not. I then called Underwriters’ Laboratories and spoke with on of their reps. She searched and found that the Itron Centron device was not listed.

The Underwriters’ Laboratories was very helpful and sent me this email to verify that both Xcel Energy and Itron lied to me about the Itron Centron being UL approved:

Hello Rick,

It has been a pleasure speaking with you. In answer to your question, I could not locate “Itron Inc” in our online Certifications directory under the category for ‘Electric Utility Meters. Let alone for smart meter products, so I will safely assume these parts are not currently UL Certified.

Here is some Feedback from our Engineer, “This is not unusual as our category for smart meters is relatively new and is covered in our new document, Subject 2735 the Outline for Investigation For Electric Utility Meters. There are not many products currently Certified in this category as yet, because it is a newly established set of requirements. However, we are seeing more and more submittals in this category and it is my hope that in time all such meters will be evaluated to these requirements and you would not have any difficulty in finding a UL certified product to install. Unfortunately, that is not the case just yet.”

I appreciate your interest and support in UL Certified products. If I can be of any help in answering questions regarding the smart meter category, please do not hesitate to follow up with those questions.

Have a wonderful day Rick!

Sincerely,

Name Redacted
Customer Service Professional

—————————————-
UL
2600 N.W. Lake Rd
Camas, WA. 98607-9526
T: 877-854-3577877-854-3577 FREE Ext 44483
F: 1-360-817-6014
W: ul.com

So clearly lies are being told about the approval and certification of these smart meters by UL. This can cause Insurers to refuse to honor claims since some policies require all electric or electronic devices/fixtures affixed to a property be UL approved. It could also void your policy.

Not only are these unapproved meters capable of rendering your insurance useless in the event of a fire but they can also be the cause.

Here’s a website where dozens of fire and explosions, caused by smart meters are documented:

http://emfsafetynetwork.org/?page_id=1280

Do you think your insurance will pay if your home is burned down by a smart meter that is not UL approved? I doubt it very much. This is very damaging information for the proponents of smart meters and very bad news for homeowners who have allowed the smart meters to be installed on their property.

(c) Rick Carufel 2012

http://beforeitsnews.com/energy/2012/03/smart-meters-can-invalidate-your-homeowners-insurance-1839410.html