Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter
HTML-код
- Опубликовано: 5 июн 2024
- Smart power meters not only report your usage data over a radio link, but some can switch your entire home's power off remotely. You might want to know if this feature is secure.
In this great Remoticon 2021 presentation, Hash Salehi dives into smart meters, providing tips and tricks about using software-defined radio along the way, and ends up running his own tiny power company inside a Faraday cage.
Check out the full writeup on Hackaday: hackaday.com/?p=515597 - Наука
A blast from the past for me. I worked for the startup company that designed the Landis &Gyr smart meters and know their system pretty well. When the company was bought by L&G, I moved from the hardware side of the meter system to network design and network performance metrics and mapping. Well done reverse engineering what you did :)
Thanks! Also been looking at the Metricom Richochet modems which look similar…
I'm concerned about the threat of govts turning off dissidents' electricity. For example, if you speak out against vaccines, or the current regime (assuming it is one by then) can they still turn it off if your meter is in dumb mode, do you know? If not, I'd be grateful for an instruction on how to do make it dumb. I'm very outspoken about the RNA vax, in fact if I added facts here this comment would get deleted. But I have rock-solid evidence that pharma and govt are lying.
I'm a retired Army signal officer and my first thought after seeing you simultaneously broadcast on all 260 channels of a frequency hopping network was how easy it would be to jam a tactical SINCGARS network. We were always fed a line that SINCGARS radio nets were not jammable, but your work proves otherwise.
I'm a random internet stranger who was a Marine Corps infantry corporal a long time ago, and it strikes me as a little weird that the Corps seemingly put more effort into training non-rates in electronic warfare than the Army did on its signal officers. The SINCARS hop rate is 70 times faster... so right off the bat your jamming power needs 70 times the power. It also has over 2300 channels, instead of just 240... so make that 700 time the power needed... lol, do we even need to get into the fact that SINCARS transmitters regularly operate at 50 watts? Impossible to jam? No. Just extremely hard and only in a way that paints a large bullseye on the jamming site.
Should you be talking about this? Clearly there are very clever people about that can reverse engineer things. The more information they have, however small and insignificant it may seem could well be a major bit of information to them. Just a thought...
Just an example... 700 times more processing power.. Just use more computers, split the channels, put computing in different areas then write the software to link them together. Basically what this guy has done but networked over a wider area, using more computers and possibly even using existing transmitter masts. People wishing to cause harm by infiltrating such systems won't be bothered by unauthorised transmissions.
@@daic7274 That is called "security through obscurity" and is laughably silly + never works. If your system depends on people not understanding it in order to function, you've designed a bad system and everyone should definitely know that as soon as possible.
@@fox0ps22 100%
this video is a gold mine of knowledge . Awesome video and Hash who did all the Hard work .
Much appreciated!
Our smart meter works with the cellular systems. I was talking with a tech one day and they told me that they had issues with coverage with one provider, they wound up going with a second provider who had better coverage in the problem areas. As for the relay in the back of the meter it was rumored that they were working on a system where the delinquent customer could be shut down without sending anyone out which costs the providers money. Last year RUclipsr Big Clive dissected a smart meter someone had sent to him, the one common point is there is a heavy duty latching relay in the back of the meter for remote shut off.
Now the mystery remaines, what is the data command to disable and enable the cut out relay. I am sure someone who has worked on these systems and their firmware/software has the answers and has it posted somewhere deep on the net.
Well hopefully the disable code would require something like a signed command, so that no one can do it without the private key.
Also I don't know about in the US, but here in the UK most if not all company's have a policy of never switching the meter off, regardless of if the owner is paying or not. Too much potential liability, both in terms of e.g. shutting off a home that has some medical equipment in it and literally killing someone, or just the bad PR of shutting someone down when they're just poor. They'll just keep powering you and take you to court for the money.
The relay is electro mechanical, yes? Remove the electro and the mechanical remains with you in control of it's binary decisions.
@@hairyfox8098 what??
@@lost4468ytunderneath all the top layer electronics is a simple electro mechanical relay that turns the power on or off. 1 or 0. If you remove the coil from the relay you gain control over the mechanical switch. Enjoy.
@@hairyfox8098 sure? But what's your point? As pointed out, it's very difficult to get into them? They can easily tell, you can't just take the cover off because it'll detect you. Could you just stick a huge magnet next to it to override the relay? Yes, but again they can easily tell, they have hall effect sensors in there to detect magnets.
But even if you bypass that, they will still be able to tell. Because of course they will just see current flowing despite the fact that the computer thinks it triggered the relay. So I don't get your point really?
At that point, you might as well just bypass the meter entirely? Run your house in parallel with the meter, that way they can't tell you're stealing power, except in the discrepancy at the street/local level.
There is a series on Netflix in germany, called "Blackout", projecting the case that hacked power meters caused a major power outage. No hype here but somehow scaring to see things are't that far away and also good to see awesome people having an eye on.
"Fellas, Janek's little black box is between the pencil jar and the lamp." 28:18. In this case, it's between a modem and the monitor. 😆
I saw that too
Setec Astronomy
BEST MOVIE EVER!
Purchased that just to hide in plain sight for people like us to find :)
@@RECESSIM There isn't a government on this planet that wouldn't kill us all for that thing.
Great work Hash! I have also been working on hardware and protocol for a lot of field devices. I started with smart and power meters (ANSI and IEC types). Now working on fire panel and solar inverters.
Wow! First of all this talk just answered so many questions I had AND brought up new questions I didn’t even know to ask. Secondly Hash is a great speaker. His voice is just, well comforting. A really nice voice I could listen to for hours. Normally I’d make it 1/3-2/3 of the way thru a video like this and ADD kicks in. He kept me for the whole video. Lastly he’s a handsome guy! Brains and looks? If he has lots of money he’d be every girls dream.
You win the Best Comment Award!
🤯 love this type of stuff
A Smart meter installed on the Outside of a building. That also transceives data. Now that doesn't seem problematic at all
I throughly enjoyed this talk! Excellent work… even though it is way past me!!!
Fascinating!
Can't wait until you will figure out how to cut power to your neighbour remotely
Nicely explained, thanks for sharing :)
Recessim is a pretty awesome channel.
Turning the power off makes sense if you are planning to have solar domestic feeding back in to the grid. Being able to shut down that back feed is vital if you have a power failure.
Except the meters don't work very well without power being on to run them? The aggregators have a backup battery but the meters apparently don't.
It's code now in the USA to have a switch that auto disconnects if power from the grid goes down
This is awesome. I hope you are successful.
I understood about 1% but enjoyed it 100%, that is an incredible amount of work and thanks for being curious ;-)
How long until someone figures out the kill switch and just drives through town? Or more likely simulates the local area collector and turn off entire sectors at once. This could also be used for rolling blackouts.
Agreed, this is also an obvious target for hostile nation states
I feel like I read about this in a book? A book on stuxnet? Maybe cult of the dead cow? Idk but I read about this along time ago.
What if 1000 people would donate you 5$ a month? What could you all do for the community?
Thank you a lot for your work AND FOR SHARING IT!
Thanks, appreciate that! I’ll keep working on entertaining videos and we’ll see where it takes us…
Great video. I wonder if the UK meters work in the same way. I suspect so.
They don’t use a mesh it’s a 2G or 3G mobile signal in the UK for SMET1 , that will stop working in 2033 , great future proof meters.
@@wrightwells daft…. Ours has a mesh indicator led which flashes every few seconds
@@pkf4124 In the UK smart meters SMETS1 and SMETS2 both communicate through 2g. I believe the mesh networking is only for HAN (home area networking) so your gas meter and electricity meter can talk to each other. I don't think our meters use a WAN mesh due to the fact that not everyone has a smart meter installed so there's no guarantee a meter will be in range of another meter.
Funny to See a paper referenced by my Alma mater
@28:13 nice pointing device. Sending data to us in the visible spectrum. I bet that wasn't in the specs.
A HP 48G or 48S calculator! I'm in love. ;o)
What are the node based programming language he is using and displays in this video?
GNU Radio
This is fascinating. The utility's manufacturer should pay you for your analysis! Keep up the good (white hat) work.
Thanks!
Do the smart meters get their power after the current sensor? If so they have incentive to be inefficient. Doubt it’s much but multiply by millions of customers.
they take their power from the line side aka utility.
Ubuntu for life.
This only works if the meter is installed outside? In my country this is never the case.
a 900mhz signal can get through solid walls pretty easily.
cool
To me it seems like this system is susceptible for DoS attacks by flooding it with incorrect data.
It wouldn't be too hard for the utility to track the source though, they'd suddenly have a whole bunch of meters in a particular area that stopped phoning home.
@@ferrumignis just set up thirty or so on timers they will eventually find them but it be really hard if they overlap each other them disappear lol
U god of reverse engr.
So when are you releasing the app so we can have free electricity??😁
Real hackers are incredible!
I appreciate hackaday for the tech and am far from dictating suit&tie attire - but that doesn't mean you should don a fursuit. I ended up laughing with the first ten seconds on repeat.
I can't for the life of me understand how it makes sense to put an entire Windows PC in a smart meter.
If the hardware is suitably cheap, development costs are reduced, ultimately it comes down to the bottom line
It's not in the smart meter, it's in the network controller for a whole area.
@@kilrahvp Now that makes way more sense I must have glanced over that part
So... Internet over powerlines was never implemented.... Possibly because the power company wanted full control of that for their own uses?
Some smart meters communicate over powerline, although it is not internet. The technology is called G3-PLC and offers a bandwidth of a few hundred bps. Its main use is in European cities, where hundreds of consumers are connected to a single transformer. Unlike the US, where a pole pig serves a few houses. The advantage is, that the communication is much cheaper than wireless (hardware and usage costs)
Sounds like they use a form of LORA by meshtastic
Similar concept.
It's going to be bad when a large enough solar flare makes it trough the atmosphere and fries all of these meters.
So hold up they have transmitters hooked up to a mesh network that’s connected to a houses power lines that people have devices that use the power lines for networking 🤣🤣🤣.
Looks like a board from a thin client… like from wyse
Some parts of the video is also in the RECESSIM RUclips Channel: ruclips.net/video/Y_sh605Q7oA/видео.html
Who is buying these?
Second hand smart meters are available because you have to buy the meter for selling back to the grid. The old meter is usless for this talk
Awesome talk. Hope HACKADAY remove the phobic comments though, no time for that
"Phobic"
Sadly, it's unlikely.
Can we reverse engineer you into you real form?
Not watching. Dogpoopicon 20__
I almost puked...
Video starts off with a man in a dress. I thought this was a tech video, not a mental ilness video.
Jenny? Are you serious? Not qualified to be on video, my eyes hurt after seeing that screwed up eye. Please get a better host. Get woke, go broke.
Charming
@@andrewradford3953 no, it's not. It's revolting.
@@andrewradford3953 Considering half of the people here didn't make it past the host introduction, I think it's at fair to say the host is at the very least distracting. I get that laughing at people's appearance is low, but pictured is a level of self-unawareness that becomes parody.
Grow up ffs
Oh no! Your feefees.
You are not in sexual biologically a "Jenny" though are you mate?
cool
cool