Tuesday, 15 June 2010

Am I Paranoid, Am I? Huh? HUH?

Told ya I was concerned.

With each passing day, utility is ever more trumping security and privacy.

When Zoltar Susan wakes up, we'll be doomed!

But seriously, the world is at risk for global pandemics due to the rapid interconnectedness of air travel. We've created the same global pandemic risk with our computers, and to further the problem, we're embedding every conceivable man-made system with a computer.

Maximum Overdrive was a laughable movie in concept. But we're working hard to make it a reality.


ADHR said...

I think key here is this paragraph: "Sources for this story would not name which smart meters they found problems in or which utilities are deploying them. In general, the meter projects tend to have similar issues because of how quickly they are being deployed, they suggested." In other words, it's an overgeneralization to say that smart meters, as such, are at risk. We don't know which meters were examined, and we don't know which utilities are using them.

This is a serious problem for the analysis because of the way North American regulation works in this sector. It's state by state, province by province. So, what's okay in (say) Georgia may not be okay in Ontario. Without knowing which meters were examined and where those meters are being installed, it's impossible to say whether this is substantiating your worry, or undermining it.

Catelli said...

A secure smart meter network would require that devices be read only. That they never receive instructions online (I'm not going to get into the data security issue of thieves figuring out when you're not home) and are only capable of recording the usage.

If the meters are capable of receiving instructions then there are 5 ways that negative consequences can arise.

1) The outright direct hack. This involves finding a vulnerability (such as a buffer overflow issue in the meter itself).

2) The indirect hack. Take over a computer or other device on the same network.

3) The social attack. Phishing, scamming or other deceit that compromises a person with access.

4) The administrator mistake. (This is what took down the RIM Blackberry network a few times last year).

5) The we don't know what the hell that was. Random errors that occur so infrequently that it is never determined why the device malfunctions.

(#5 can happen to any device, networked or not, but logic circuits sometimes do weird things and freak us "experts" out on a regular basis)

So even if the device is security "hardened" there are other means by which it could compromise the power into a given building. If it can act and make changes, then there is risk. And that risk will never be 0.

ADHR said...

That's exactly my point, though. The meters (that I know of) being installed here in Ontario can't receive anything online. They measure the electricity going into the home and broadcast that information on an encrypted RF channel. That's it -- no internet connection, no ability to receive instructions.

Catelli said...

They are connected to a network, and that network is connected to the Internet. Or to other employee workstations or whatever. It doesn't have to be directly on the Internet to be at risk. As soon as two devices are connected to each other, the one can compromise the other. Trust me on that.

It may be that the meters are only currently being used to READ the data. But if the meter is capable of receiving instructions, whether used or not, then it is a risk.

Catelli said...

I wouldn't make a big deal about encryption either. Encryption is not authentication. It does not validate whether you are authorized to connect to the device. It just means someone trying to sniff the communication outside the pipe will see garbage.

Security broadly requires three components.

1) Physical security. Who can touch the device, is it secured from public access.

2) Authentication. What levels of authentication are used to ensure that only authorized users/systems are communicating with the device.

3) Privacy. Is the data being transmitted of a sensitive nature? If so, it should be encrypted. On some systems this means that usernames and passwords are encrypted, but once authorized the actual data exchanged is not.

1&2 almost always apply to any system. 3 does not.

One last point, I actually forgot this.

A network device can be compromised by the fact it can be talked to.

Take the smart meter. It is using a network port talking on a wireless frequency (proprietary or otherwise, it does not matter). That frequency can be jammed from any transmitter. If the right combination of frequencies are used you can "Denial of Service" (DoS) the network port.

If that jsut resutls in the inability to read the usage, it's a nuisance. However if the DoS causes the whole meter to reset (because of how the network card is integrated) then you have a problem. A meter reset interrupts the flow of power into a house. DoS it in quick succession and you could start frying devices in the home.

None of this requires that the attacker be authorized on the device, or even use encrypted technologies. The nature of a networked device is that it has to respond to communication requests in order to verify the legitimacy of the sender. Its like being crank called. You have to answer the phone (or use call display) to see if you are being crank called. The cranker keeps dialing, you can't use your phone for legitimate purposes. You have been DoS'd. If you need to call 911, well then it is a critical problem for you.

EVERY communication device (100% of them) is vulnerable to this. You can layer 6000 levels of encryption, and you're still vulnerable.

ADHR said...

3 actually does apply to smart meters, though. Again, the meters I know of that are being installed in Ontario.) The meters aren't connected to the internet nor to employee workstations. The information is collected in handheld devices, and said information is then transferred to a database which is held on servers that are not connected to the internet (but are on a private network, to be fair). They also aren't capable of receiving any instructions, except in the way that all meters are -- by someone standing at the meter and fiddling with it.

That all said, I think you're in danger of losing the comparison here. We're talking about smart meters vs. "dumb" meters. Dumb meters aren't particularly secure devices. The only real security are the possibility of being seen plus the danger of electrocution/explosion. If you know what you're doing, and can be hidden, it's possible to do pretty much anything you want with those meters -- even get yourself free (as not measured by the meter) electricity, which grow-ops do all the time. Any device attached to the outside of your home is vulnerable to in-person tampering. Jamming/interfering/DDoSing the RF signal doesn't look all that different, except perhaps a little easier (as you don't have to be very physically close to the meter to do it).

The point is that 1&2 actually don't apply to meters generally -- they're not physically secured in any difficult to overcome sort of way, and they're not capable of identifying authorized vs. unauthorized users. (In fact, thinking about it, 2 might apply to smart meters but not to dumb ones.)

Catelli said...

I'm going to reserve judgement until I see some white papers on the technology.

According to what I can find online, HydroOne is using the WiMAX products from RedLine Communications (http://www.redlinecommunications.com)

There WiMax product suite allows for the networking of their wireless products for multiple uses. Including a full private network.

Just because HydroOne is not using it that way now, does not mean the products do not have the capability.

Until I see some white-papers detailing the exact communication protocols involved, I will remain skeptical.

wyndtunnel said...

How about we declare a truce and just call it "Google". "Don't be evil"...my ass... Did you see the article in the NYT last weekend that mentioned how Larry Page, the co-founder of Google, is also a major financial supporter of Singularity Universtiy... I thought I was being a bit tongue and cheek about Google becoming the Earth brain or at least that it was becoming so as some pre-ordained evolutionary imperitaves.. I guess that last thought still hold true even though now it's clear that Google is a lot more than a corporation that seeks to earn profits for its shareholder. They are quite literally trying to take over control of the World. Good Grief!!

Catelli said...

(Benign) Global dictatorship baby! It'll happen when Google finally releases their OS for desktop computers.

There is an upside, I won't have to waste my time voting for the best idiot anymore.

Or should that be the worst idiot?

ADHR said...

Skepticism is fine. The process is incredibly secretive, and a lot of information is concealed even from third-party contractors. My only point is that, right now, it doesn't look like there's a well-grounded data security/networking worry. Which would make sense, given that the governmental plan right now is to give utilities the ability to charge us more for the same service, via time of use rates. (It's about "conservation", dontcha know.)