Smart-grid Security

What?

My current day job is working on ZigBee devices integrating with smart-grid power meters. So I follow the industry. If you want to keep up with the news of the day put FreakLabs Open Source Wireless into your RSS reader. They aggregate the news of the day.

They linked to Smarter hackers lurk in smart-grid future a post about smart-grid security from Greenbang.  As a smart consumer, you and I both know the only way to sell security is by generating fear. We all buy virus protection because we fear our computer will get powned. We lock our doors at night because we fear a break in.

In the article they put up the straw man argument that a hacker could bypass multiple layers of security, understand unusual and proprietary wireless protocols, and then break into your house.  I have to say “WHAT!?!?!?”.

Stop using the intruder argument for security. A sophisticated hacker decrypts RSA keys, then uses a crow bar to break down the door? Really? No, I mean really? How about  just watch the house and see when you drive away. That seems easier than running a network sniffer and decoding keys.

To be fare, the article uses the intruder as an example, then warns that there a bigger security issues. Major things like mass power outages and Stuxnet viruses should be the focus of security.  The “your not home so someone will break in” example over simplifies the issues and needs to stop. Please, please if you found this in your search to write a network security article do not imply that someone may break into my house because of my smart meter.

A better hack

This was in the back of my head while out walking yesterday. I thought, “if you could hack the network, what would you really know?” How often I run the dishwasher? BFD. That led me to a much better hack.

Please, do not come and arrest me for posting this. My point is not to enable crime, just to point out the folly of security theater. Schneier on Security is my role model here.

OK, so lets pretend we are real sophisticated crackers. We want to make money from the smart-grid role outs in our town. So we start hacking the utility systems. That seems hard and as a cracker, I am mostly lazy.

Instead, let’s send out some spam. Spam is easy. The spam says (I am paraphrasing here.):

I am the evil smart meter cracker that the utility warned you about. Do as I say or I will mess with your meter, cause a power outage and give you a giant electricity bill!

Pay me $5 per month and I will change your meter settings to save you $20 per month. The utility is just trying to screw everyone, so lets stick to the man. For $10 I will save you $30. More than that is dangerous and we may get caught. Don’t tell anyone, see above.

Send payment to my overseas criminal account (or use bitcoins) details here.

Love,

Smart Grid Cracker

Now, here is the beauty of it, don’t change a thing on the meter or smart grid. If the cracker actually has access, then they can send monthly emails saying “You bill is for X it was X+$20 before I changed it, we are sticking to the man!!”. This scam can work with absolutely no network access, just a spam email system.

Now, please tell me how much encryption to use inside the network to fix this huge security hole?

Advertisements

“Two and a Half Men” super soap opera twist ending

Because Frank left a comment, I now have to reveal my super soap opera twist. I know Frank pretty well, and am very sure he is proud of the fact that there is one more piece of useless content on the Internet because of his comment. (I’m kidding of course.)

So, when we last left off the Two and a Half Men cast was having fun with Ashton K. as Judith’s new love, Herb and Alan living in the beach house in Malibu, and we added Judith’s daughter to the cast. The daughter is the key to this twisty turning plot.

The writers have kept us in suspense about who is the baby daddy of the daughter. It could be Alan or it could be Herb. There have been many times we almost found out the truth, but it remains a mystery. For 2-3 seasons they have kept us in suspense (if they are any good and smart). Now the truth is about to come out.

Someone, it does not matter who decides to get DNA samples and do a test. I think the best character would be Evelyn, Alan and Charlie’s mother. It is just the sort of thing she would do. The testing is a big secret, so the samples must be taken without the victims (Alan and Herb) knowing anything is going on. Evelyn can get Jake to help, for more fun.

The secret is, of course, not a secret. Everyone knows. They then start to swap samples. By the end, no one is exactly sure which sample is the true one. Lots of sneaking around and almost getting caught physical comedy. Really, it writes itself.

Now, lets add the twist. The last switcher is the daughter. She swaps out the sample she believes is her father, Alan’s, for Ashton’s DNA sample. It is a bitter sweet moment, as she is trying to keep both her fathers happy, by keeping the true biological father secret. That is the season ending cliff hanger.

The super soap twist is next, and I think you can see it coming from a mile away. In the season premiere, we get the results. The real father is… Ashton K. (whatever they name his character). Only the daughter knows of course. Now the whole plot starts to unwind. We review each and every switch and swap. The truth all comes out. Finally, Alan and his daughter have a moment alone. He thinks he is the father, Herb is OK with it. She knows the truth. Does she tell him? Does she tell Ashton’s character?

Hey, they have to write something for themselves. I am not doing someone else’s job for free.