How is Smart metering secure?

Currently reading
How is Smart metering secure?

2,486
840
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
I have done some research of energy distribution companies in CEE and one of the side effect I would like to share with you, because it's valid in worldwide range.

Lot of distribution companies invested into smart meters. It is not about HW (meters) only. It's also about huge CAPEX and OPEX into connection of the meters into Operation center (network cost), Operation center systems for data processing, data analytics, data everything :cool:

There are two points of view how to return such investment:
- from commerce segment (industry, commerce buildings, Small medium enterprises, ...) - precise charge of Active/Apparent power and penalties for Reactive power, etc.
- from residents - there is not "clear" business case in such regulated market as is in CEE, when Active Power is one and only invoiced value (or every values derived from Active power) .... I can explain next time the huge difference between the measured and really consumed values.
Of course data is the another added value, in optimistic and in pessimistic point of view (Cambridge Analytica).

How the companies save their billions investment into Smart metering?

They use in common GSM/GPRS empty (unused) bandwidth, still operated by almost all mobile operators (clear profit generator).
You don't need more than 10MB per month of data stream from such Smart meters.

And here is the magic:
GPRS mostly used with standard SIM cards, which don't have encrypted communication between Smart meter and BTS (Base Transceiver Station)
then you need just your private BTS (max. 1000 Euro) to be ready to hijack SIM cards Credentials (plain text communication). Even with A5 (basic) encryption, you can take over control.
When you have Credentials from one SIM cards, you have whole network = same Credentials for all network. And this is a highway to hell.

This is the story about how to save huge investment by low cost communication technology.
All the companies have been informed about this kind of security issue.
 
I have done some research of energy distribution companies in CEE and one of the side effect I would like to share with you, because it's valid in worldwide range.

Lot of distribution companies invested into smart meters. It is not about HW (meters) only. It's also about huge CAPEX and OPEX into connection of the meters into Operation center (network cost), Operation center systems for data processing, data analytics, data everything :cool:

There are two points of view how to return such investment:
- from commerce segment (industry, commerce buildings, Small medium enterprises, ...) - precise charge of Active/Apparent power and penalties for Reactive power, etc.
- from residents - there is not "clear" business case in such regulated market as is in CEE, when Active Power is one and only invoiced value (or every values derived from Active power) .... I can explain next time the huge difference between the measured and really consumed values.
Of course data is the another added value, in optimistic and in pessimistic point of view (Cambridge Analytica).

How the companies save their billions investment into Smart metering?

They use in common GSM/GPRS empty (unused) bandwidth, still operated by almost all mobile operators (clear profit generator).
You don't need more than 10MB per month of data stream from such Smart meters.

And here is the magic:
GPRS mostly used with standard SIM cards, which don't have encrypted communication between Smart meter and BTS (Base Transceiver Station)
then you need just your private BTS (max. 1000 Euro) to be ready to hijack SIM cards Credentials (plain text communication). Even with A5 (basic) encryption, you can take over control.
When you have Credentials from one SIM cards, you have whole network = same Credentials for all network. And this is a highway to hell.

This is the story about how to save huge investment by low cost communication technology.
All the companies have been informed about this kind of security issue.

Hi,
Can you explain what a private BTS is. Cant find any refrences to this.
However I do have concerns over the use that the energy companies will put this technology to.
I suspect that they will eventuall charge a higher tarrif based on demand. For instance come in from work, have shower and cook a meal at the same time as the rest of the population--- Higher utility charges for that time period.
I dont trust any of the technology companies either.
 
one of my favorite presentation:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

there is also some useless information, but most important time slot is between 12:03 and 17:30

second source:
GPRS Security for Smart Meters from Martin Jaatun, Inger Tøndel, Geir Køien

and our audit OFC

you can’t find detailed description about how to prepare your own private BTS. But when you know how GPRS handle data, ... You must find another forum, this is about legal activity.

Finally, regarding your concern do trust or don’t trust to energy companies, I have no idea how to help you :cool:
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

How much you bet: That message would come with a link to: (Guess what!)
Replies
8
Views
1,576
A “smart” oven. I’m lost for words.
Replies
7
Views
1,858

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top