I've occassionaly mentioned the UK satirical bi-weekly magazine "Private Eye" as a worthwhile read, esspecialy the "In The Back" section. Well guess what they have mentioned this very smart meter issue in the latest issue.
Isn't this typical of an arms' race, that sometimes, we see a flip to the roots again... ...Same here ..? Bruce, is this a studied pattern ..
It's a very very old pattern and it often involves a gap of about one human generation (15-25years).
The reason is often given as "people failing to learn from history", however it's a bit more complex than that. If you look at IT security it's happening in that the old malware built to exploit initialy floppy disks and later from floppy to hard disk boot sector etc are showing up again. The reason is that removable media has come back into fashion with the likes of USB thumb drives.
So it also requires technology to go in cycles as well as human memory remembering the good but not the bad. Normaly each cycle tends to be an improvment on the previous cycle because the technology whilst improving rapidly over the first couple of cycles usually fairly quickly ceases to make sufficient improvment to open new attack vectors.
Oh and on the purely human terms "con tricks" have followed these cycles just as fashion does...
@ Gweihir, Nick P, RobertT,
Seriously, I expect these things have an XXXX interface and no security at all. Likely no security was something along the lines: "We do not think there is a problem". Very low amateur level indeed.
Ever get that feeling "we've been here before" and "talked it to death already" ;)
Sadly it appears many "engineers" either don't learn or have given up under marketing and managment preasure.
Lets be honest we are seeing "open comms" on a whole variety of very cheap contactless technology and I amongst one or two others have said it's going to be a significant issue for around twice the expected life time of the products.
Smart meters although being very cheap are very expensive to instal (between 30 & 120 times more than the cost of the device) so they are expected to have a +25year life expectancy to break even.
So guess where the Marketing dept and Managment thoughts have gone? yup how to get a tied market selling "add ons", but in order "to get the in" they have to come in at a very low individual unit price. Now the "consumer" of these devices are not the end users but the utility companies. It's not in their interest to get stuck in a "tied market" so they specify certain things in their tender specifications to prevent that.
But the Utilities are only interested in the "utility interface" not the "end user interface". Which has a perverse effect in that some end user interfaces do have "obscurity features" to get the tied in market.
However the utilities are painfully aware that they are likely to buy many manufactures units in order to keep the unit price down, and this would under ordinary market conditions mean they would have to buy many sets of meter reading and programing equipment.
So their solution (from restricted documents I've seen with regards "water meters") is "known plain text protocals" so they can have a seperate market place in reading and programing equipment.
So we are coming around to "common specifications" but only at the lowest possible price, which means no security of any kind not even "obscurity"...
We have seen this all happen with "remote controls" for TV's / Video's / Home Entrtainment systems. So much so that you can buy "universal" or "programable" remotes (hint the electronics in these are compatable with some of the utility meter interfaces and as we know you can by Universal Remote USB dongles and for those with an interest there are Linux drivers).
Now as some of you know I've been banging on about a properly thought out "International Standard" communications protocol with inbuilt security for not just utility meters but for medical implants as well. Importantly with "upgradable" base security protocols so we don't end up having to use 50year old security protocols (remember DES was broken in much less and RSA keys of 700bits or less as well and various hash protocols).
@ Bruce Clemens,
He used to wander around turning off unused lights and appliances. What's worse, he corrupted his children by teaching us to use the same scam
He sounds a lot like the (supposadly) "richest man in Britain" the Duke of Westminster, apparently he has a mania for such behaviour boardering on OCD.
However it needs to be said, that many "low energy" lights actually use less electricity when on than many home appliances in standby...
The problem is then that "switched outlets" are not that reliable, as I've said before many switches and plugs/sockets are only guarenteed for 50-200 operations. The cheaper the design the worse the problem, and beleive me when I say that many UK "switched faceplate" outlet sockets are not going to be upto to many operations.
Oh and this applies to our "in pocket appliances" as well, many people are finding that their nice shiny smart phone with USB charger is not charging to well on micro USB after less than a year, and that they need to use a rubber band or put the phone and lead in "exactly the right place" for it to reliably charge (Motorola appear to be way better on reliability in this respect than HTC, LG or Samsung).
@ Doug C,
I have learned how to not get shot, they act really nervous and over the top
Please don't get me wrong on this but perhaps you might be better off if you did get shot...
Certain Federal and other LEO's in the US have basicaly just "gone in hard" sometimes even "with gun's a'blazing" and injured people, who have then sued and received not just substantial damages but considerable publicity, the result being they have become "gold plated" in that all LEO's "know, the varmint has sharp teeth" and give them a wide berth from then on.
However like you I would prefer not to have any more additional holes in my person where nature did not put them by design. I know from personal experiance that such holes tend to hurt and cause medical complications for years afterwards.
However a funny story about "living of the grid" for you.
In the UK untill recently you could get paid a considerable multiplier for every watt of electricity you "put back into the grid" than you would pay that is you got paid about five times the base unit price for "renewable energy".
Well I'm aware of someone "fudging" the system. They put in solar cells, wind generators and a woodburning generator. Thus their home electrcity was more than covered "off the grid" and they were making a "few bob" putting back the excess. Well they got together with their neighbour (semi-detached house) to make the few bob a much better payer... Basicaly they took grid electricity off the neighbour, down converted it to DC and put it back into "the solar cell" interface to make a nice little earner for them both...