Utility company Göteborg Energi AB has selected NURI Telecom to provide Zigbee-enabled electricity meters to every home in the Swedish city of Gothenburg. The meters will then link themselves together to allow remote meter reading without infrastructure costs. The self-forming mesh network won't actually be a single network, …
Hope they thought about security
What a fantastic idea!
Now all the theives need to do is pick a prospective mark, wait until the meter shows a big drop in electricity, gas and water usage, realise that the owners are on holiday and break in
You got it in one ;-)
noone thinks of these things...
@ Anonymous Vulture
Another knee jerk reaction to wireless products by an ignorant or malicious poster.
From the Maxstream Website :
ZigBee protocol features:
* Low duty cycle - Provides long battery life
* Low latency
* Support for multiple network topologies: Static, dynamic, star and mesh
* Direct Sequence Spread Spectrum (DSSS)
* Up to 65,000 nodes on a network
* 128-bit AES encryption – Provides secure connections between devices
* Collision avoidance
* Link quality indication
* Clear channel assessment
* Retries and acknowledgements
* Support for guaranteed time slots and packet freshness
_128 bit AES encryption_ in case you missed it in your hurry to jerk your leg.
According to the US National Institute of Standards and Technology (NIST),
"In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try [2 to the 55th power] keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old."
Check out http://www.maxstream.net/wireless/zigbee.php and
Just because the data transmission is unfeasible to 'brute-force' decrypt, doesn't mean there aren't other flaws in the system. With 270,000 nodes (assume properties) and lots of intelligent swedes, don't be surprised if flaws do turn up. To assume any system is 100% secure is simply asking for trouble. Especially when Human beings get involved.
But which meter?
With this I just hope they have some way of identifying which meter they're reading. I used to live in a block of flats, and one time I got a gas bill for £500 instead of my normal 50p/quarter because Meterplus read the wrong meter.
Fun with fraud.
I understand you used to be able make old water-meters under-report your usage by knocking a few teeth off the gear driving the mechanism, and you could flip old electricity-meters around, reversing the polarity, to make them run backward.
It will be interesting to see what folks come up with to screw with these ones.