back to article Crap computers in a crap box: Smart-meter blackouts risk to UK

You'd be forgiven for thinking this is the plot of a Saturday night BBC2 drama: hackers tinkering with smart electricity meters deliberately cut the power to whole neighbourhoods. But, according to a UK computer security biz, weak authentication checks and a lack of other security controls on said equipment could allow just …

COMMENTS

This topic is closed for new posts.
  1. Kevin Johnston

    Gosh

    Well bugger me....who would have expected that etc etc etc

    Apart, of course, from anyone with any technical expertise who has been in the IT industry for more than a couple of weeks.

    1. Mips
      Childcatcher

      Re: Gosh

      Never mind shutting down the network. I just want my meter to run backwards.

  2. Phil O'Sophical Silver badge
    Thumb Down

    Too costly to fix?

    So no doubt the government response to this will be to define hacking smart meters as a terrorist offence with a 10-year minimum term, thus firmly securing the stable doors long after all equine inhabitants have departed.

    1. Anonymous Coward
      Alert

      Re: Too costly to fix?

      That, or they decide that SDRs are cracking tools with no good useful purpose and make them illegal.

      (Which would be a shame, as amateur radio is moving towards SDRs very quickly.)

      1. Christian Berger

        You don't need SDRs

        You can simply buy the radio chip they use or modify your "home box" or whatever they call that thing that connects it to the Internet.

        Using SDRs is simply the "idiot proof" way to get data out of those devices.

  3. Anonymous Coward
    Anonymous Coward

    Whilst I can see the value.....

    ....of smart meters for the power companies. As yet, I haven't seen any customer benefits. We (the consumers) are paying for these meters so the power companies can employ less people to read meters. Have they offered anyone a discount for going onto smart meters? No. Well there's a surprise.

    We pay for them to save money and they get to profile our energy usage as well! Seems like an amazing deal, if you are a shareholder at a major power company. I have and will continue to avoid these until I have no choice.

    1. Richard 26

      Re: Whilst I can see the value.....

      "We (the consumers) are paying for these meters so the power companies can employ less people to read meters. "

      We aren't paying for them, the electricity companies are paying for them.

      1. Fading
        FAIL

        Re: Whilst I can see the value.....

        Did you forget the sarc tags or are you really that naive? Whilst you may not have a specific line on the invoice/bill saying "smart meter" do you really think the power companies will allow their profits to dip during the smart meter roll-out?

        The consumer and tax payer always pay in the end - as that is where the money comes from.

      2. M7S

        Re: Whilst I can see the value.....

        "the electricity companies are paying for them"

        Out of the goodness of their hearts?

        No. This will be them paying for them in the same way that the mobile telco's give me a free mobile if I take out a high enough monthly tarriff.

        Unless of course you think that any electricity company will take an exceptional charge (sorry) on their accounts, reducing their profit and director's bonuses because they really exist just to help us, the customer.

        I'm not just worried about this threat for my home, but also my principal employer is in a multi-occupancy office building with separate metering per floor for recharging purposes. I can't really see them securing the intermal meters either, at least not until after all the tenants have gone to their offices with pitchforks and burning torches demanding the restoration of supply after the first outage. If these things are hacked "randomly" it will take ages to sort out if it's the main one for the building "in the street" or all the internal meters that have been done. All the while we'll be unable to conduct business, although a more damaging attack might be to get them to cycle every 45 minutes or so, just long enough to exhaust the UPS and frustrate all the staff

      3. The BigYin

        Re: Whilst I can see the value.....

        "We aren't paying for them, the electricity companies are paying for them."

        And where do they get money from? The pixies? Any cost a company bears is ultimately borne by the consumer.

        I would have less of an issue with smart meters if they were dedicated to the customer first and the utility company second. I could see them being very useful to consumers in figuring out where they waste energy etc. But they are not aimed at the consumer, so they are an epic fail. Again.

        1. GettinSadda
          WTF?

          Re: Whilst I can see the value.....

          Hang on... but your logic seems incomplete.

          You claim that something that costs the utility company (such as a smart meter) is really costing me.

          But surely this means that something that saves a utility company money (such as not needing to employ meter readers) saves me money too?

          You can't claim one without accepting the other... unless you are simply looking for a Daily Mail friendly way to bash the utility companies!

          1. Anonymous Coward
            Anonymous Coward

            Re: Whilst I can see the value.....

            "You claim that something that costs the utility company (such as a smart meter) is really costing me.

            "But surely this means that something that saves a utility company money (such as not needing to employ meter readers) saves me money too?"

            Wow, you really do NOT understand how business works, do you? Have you ever heard the expression, "Heads I win, tails you lose?" That more or less sums up the spirit of business.

            To fix your flawed formulation: something that costs the utility companies is really costing the consumer. But something that saves a utility company money saves the utility company money. If the consumers are lucky, it won't cost them anything.

            In the same way that, when banks took insane risks and raked in massive profits, they kept all the profits. But when their insane risks inevitably resulted in massive, banruptcy-scale losses... the consumer (er, taxpayer) bailed them out. There really is a pattern here.

            Comprende?

          2. Triggerfish

            Re: Whilst I can see the value.....

            Of course they can, anything that costs them is a cost that has to be absorbed by a consumer as a price rise.

            Any saving is a cost still absorbed by a consumer that now pays for the MD's new boat.

            How many times when gas /oil / electricity wholesale prices etc drop did you see them quickly cut their bills to you?

            How many times when it rose?

          3. The BigYin

            Re: Whilst I can see the value.....

            "But surely this means that something that saves a utility company money (such as not needing to employ meter readers) saves me money too?"

            Not really. Costs go to you, savings go to shareholders. The only thing that keeps prices in check even vaguely is competition.

          4. PatientOne

            Re: Whilst I can see the value.....

            @GettinSadda

            Okay, I'll explain it for you:

            Smart meters cost money. This money comes out of their profits, which is generated by charging consumers for the gas/electricity supply. This then reduces the company's profits which in turn reduces dividend payouts to investors/share holders. This then devalues the company, and investors/share holders will pull out or they will force a vote on the management and replace them.

            To protect from this, the utility companies will increase tariffs to increase profits and thereby cover the costs of the smart meters. This means ALL consumers pay more, but as the cost is spread out between those getting the new meters and those who are not, the cost is easily hidden.

            When all homes have smart meters, some expect the cost of supply to drop, hence introducing an expected saving. This may or may not happen as the utility companies now know the consumers will pay the increased rates. If it does happen, you can be assured that not all the savings are passed back to the consumer. Rather, the utility company is most likely to opt to retain an increase in profits and so be able to invest in... well, nothing: They'll just increase dividends which will increase the company's value which will attract more investors and share holders.

            And with any private company, it always comes down to money.

            1. Anonymous Coward
              Anonymous Coward

              Re: Whilst I can see the value..... @PatientOne

              "And with any private company, it always comes down to money."

              Sadly, the same applies to government. Any organization lives on money, and its top priority is to secure its supplies and get more if possible.

          5. Stuart Castle Silver badge

            Re: Whilst I can see the value.....

            "Hang on... but your logic seems incomplete.

            You claim that something that costs the utility company (such as a smart meter) is really costing me."

            It does.

            "But surely this means that something that saves a utility company money (such as not needing to employ meter readers) saves me money too?

            You can't claim one without accepting the other... unless you are simply looking for a Daily Mail friendly way to bash the utility companies!"

            Yes, you can. What will happen is that any savings they make will be paid to the shareholders as dividends..

        2. Anonymous Coward
          Unhappy

          Re: Whilst I can see the value.....@TheBig Yin

          "I would have less of an issue with smart meters if they were dedicated to the customer first and the utility company second. I could see them being very useful to consumers in figuring out where they waste energy etc. But they are not aimed at the consumer, so they are an epic fail. Again."

          Actually, they are specifically intended to be of use to customers first. The EU tree huggers believe that if you have a real time energy or cost display, you'll use less power, and that's why the national roll out is mandated in the Energy Act and the supply companies' regulatory licences. The evidence for this benefit is mixed (and slim, in my view), but the bigger problem is that the EU/DECC solution is a £200-£400 smart meter, when the same consumer information "benefits" are delivered by a £30 energy monitor , millions of which have already been handed out free by the energy companies.

          The benefits to power companies are largely a presumed better accuracy on billing and the elimination of estimated bills, which reduces the rework costs and complaint handling. But for a national programme, that even the wild optimists of DECC expect to cost £12bn, that will never be recovered by saving the few million quid spent on estimated bills and errors.

          For the same money we could have built ten large 2GW CCGT plants, so generating a total of 20 GW, or two thirds of current peak demand. That would have enabled the immediate retirement of all UK coal plant currently expected to run post 2015, and halved the emissions of fossil generation. Smart meters are a crap solution, and those who have mandated or encouraged their use should be thrown in prison. Hackers are far less of a threat to UK energy security than DECC.

          1. Anonymous Coward
            Anonymous Coward

            Re: Whilst I can see the value.....@TheBig Yin

            "The EU tree huggers believe that if you have a real time energy or cost display, you'll use less power..."

            In my own case, that is completely untrue. My little Owl meter tells me, more or less, how much power my house is consuming every minute of the day and night - and also how much it costs. But my consumption has not falledn since I installed the meter. That's because, like any sensible person, I have never used any more electricity than I needed.

            1. Anonymous Coward
              Anonymous Coward

              Re: Whilst I can see the value.....@Tom Welsh

              "In my own case, that is completely untrue. My little Owl meter tells me, more or less...."

              Absolutely right. Smart meters are a typical big government solution, built by spending your money for you. Not as an explicit tax, but simply requiring the power companies to recover the cost. If you had the choice of a £30 energy monitor, or a £300 smart meter, and knew you were paying I think most people would choose the former.

              To be fair, there is some limited evidence from early roll out of standards-non-compliant smart meters that electricity use comes down by 5%, but I don't know whether that's properly assessed. At a guess it may not have been properly compared to the savings from people handed energy monitors, nor properly adjusted for other factors like appliance replacement (almost any new appliance will use less power than the device it replaces). The "sales" pitch and installation of smart meters often includes energy efficiency advice, so that's something else you'd need to allow for and exclude. I tried an energy monitor, found it of limited use, and it now sits in a drawer at work.

              More worryingly, the early evidence is that gas smart meters produce no savings at all. So there's about £5bn of mandated investment across the land with not a single penny in benefits looking likely. Almost as good value as HS2.

              1. Roland6 Silver badge
                Joke

                Re: Whilst I can see the value.....@Tom Welsh @Ledswinger

                >Almost as good value as HS2

                No it's much better value!

                £5bn of mandated investment with no benefits against £34.5bn (and rising) of mandated investment with a £26bn deficit over the 67-year operating period.

              2. Anonymous Coward
                Anonymous Coward

                Re: Whilst I can see the value.....@Tom Welsh

                "the early evidence is that gas smart meters produce no savings at all."

                The simple installation of smart meters won't produce any savings... it's how you use the information they provide that can lead to savings through better control of your energy usage. It might, for example, highlight that your heating carries on using gas for 30 minutes every morning after everyone has left for work and school, where it could quite happily be turned off 30 minutes before the last person leaves without causing anyone any discomfort.

                To be quite honest, aside from the remote reading, it's not really of that much benefit in a domestic situation. The majority of energy wastage is quite easy to identify if you take the time to look at how your systems are operating. They're of far more benefit in commercial situations; I've heard numerous anecdotes on this subject, such as a commercial laundry which discovered that it had a regular spike in energy consumption on sunday afternoons when it was supposedly closed - it turned out an employee was coming in to use the facilities to clean football kit for his entire sunday league team!

            2. Peter Gathercole Silver badge

              Re: Whilst I can see the value.....@Tom Walsh

              When I installed an electricity monitor about four years ago, I was appalled by the base load of the house. It prompted me to go through all the devices and thinking what was being left on or on standby which should have been powered off (seriously, CRT tellies in standby can draw 60-100W).

              It also encouraged me to identify all of the lights that are on for large parts of the day and making sure that I used the lowest power bulbs that did the job (my house has people in it 24x7 at the moment because my wife does not work and all the kids have moved back in! - seen the sitcom "My Family"? It's like that).

              Since then, I have also had nearly all the old CRT tellies replaced by LCD ones (well, it was as good an excuse as any, and an easy Christmas present for the kids with benefits to me), moved my firewall onto a laptop, rationalised the number of devices needed to drive the home network, and made sure that the freezer is kept defrosted (it really makes a difference), and also used smart-power strips to remove the power from several devices when one is put into standby.

              I just wish that more devices had physical power switches (and I can't use the switch on the socket because in most places, I have more than one device plugged into the socket, and I want to, for example, power the telly down while leaving the Sky box plugged running)

              My base load is still around 500W, and I'm struggling to identify where that is going. Probably not something that a smart meter would help with unless they also supplied per-plug metering devices.

              It does make you wonder when you can tell that one of the kids has left their gaming rig on overnight to download some game patches, and you can see 3-400W of additional drain. And also when the gas central heating kicks in, and the electric pump starts drawing 7-800W of power itself.

              If only I could persuade my wife that the tumble-drier really is one of the biggest expenses. She will not understand that 2 hours of 2.5KW easily uses more power than 24 hours of 30W for the firewall.

              1. Phil O'Sophical Silver badge

                Re: Whilst I can see the value.....@Tom Walsh

                > And also when the gas central heating kicks in, and the electric pump starts drawing 7-800W of power itself

                You might want to invest in a better meter, one that can correctly measure reactive power. A central heating water pump will never draw anything like 800W, 150-200W is more like it. What does the rating plate on the pump say?

                1. Peter Gathercole Silver badge

                  Re: Whilst I can see the value.....@Phil

                  It says 1KW.

              2. Anonymous Coward
                Thumb Up

                Re: Whilst I can see the value.....@Peter Gathercole

                "If only I could persuade my wife that the tumble-drier really is one of the biggest expenses."

                Well, at least make sure you've got a decent condensor dryer that doesn't have an external vent. Vented tumble dryers are not merely hideously inefficient at drying, but they then promptly expel all the hot air out into the cold, and (through the ventilation of the rest of the house) suck in a replacement volume of cold air, so making for a significant impact on your heating bill as well as electricity.

                With a decent condensor the heat is at least kept within the thermal envelope of the house, and you're not pumping fresh cold air in. The extra cost of an A rated condensor usually won't payback, so go for a good B rated device from a respectable make - cheapy condensors don't always work very well, and you'll then get damp air in the house. Also, the condensor models are usually sensor controlled, which (in this house) stops SWMBO from baking the clothes for bloody hours, which used to happen with the primitive vented model we had.

                Using a plug in energy monitor should enable you to nail that 500W of base load, but a suggestion is your fridge or freezers. Anything over ten years old is suspect, and anything over fifteen years old will probably pay for itself in lower running costs within two years (well, if the new one is low priced). Older models had inefficient compressors, poor insulation, and the seals wear out. You don't tend to notice the worn seals, but the continuous loss of cold air can make for near continuous running.

                One other thing that many people could do - many modern houses use multiple GU10 or MR16 bulbs, which easily adds up to a lot of heat and power. Early LED versions of these bulbs were rubbish, but the latest 4-7W versions are excellent. No point using 500W to illuminate a room if you can do it with 50W, and in a moderately well used room the LED light will pay for itself in eighteen months, and last for a decade or two.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Whilst I can see the value.....@Peter Gathercole

                  "No point using 500W to illuminate a room if you can do it with 50W"

                  That depends to an extent on how much energy you are using to heat (or cool) the room at the same time.

                  Why worry about the efficiency of your light bulbs if the heating needs to be on anyway? Lose 500W of lighting and you need 500W more heat input from somewhere.

              3. Neill Mitchell

                Re: Whilst I can see the value.....@Peter Gathercole

                "My base load is still around 500W, and I'm struggling to identify where that is going. Probably not something that a smart meter would help with unless they also supplied per-plug metering devices."

                Unfortunately domestic power monitors generally only measure apparent power, rather than true active power consumed.

                I found this out when I was initially mortified by our new Induction hob. The monitor suggested it was burning 200W in standby, which luckily was clearly not the case or something would have been getting pretty hot. This lead me onto true power vs apparent power. Check out http://paulaowenconsulting.co.uk/2012/12/02/induction-hobs-the-question-of-standby-and-the-power-factor/

                Ironically, the greener you go, the worse the apparent power seems on your monitor as your base load drops. I switched all our halogen kitchen lights to LED and the monitor reading went up. The LEDs are consuming so little true power, it gets masked by the apparent power.

                Luckily the power companies bill for active power.

              4. Roland6 Silver badge

                Re: Whilst I can see the value.....@Tom Walsh @Peter Gathercole

                >My base load is still around 500W, and I'm struggling to identify where that is going.

                Got a built in burglar and fire alarm system?

                when I first got my OWL, I turned everything off and like you ended up with a residual load that I only resolved by popping fuses...

                >If only I could persuade my wife that the tumble-drier really is one of the biggest expenses

                A condenser dryer with sensor may help reduce costs, but basically if you want your laundry done I suggest living with it. The compromise reached in our house, after I left the Owl attached to the tumble dryer, is that 'heavy' stuff does tend to go on the washing line - weather and schedule permitting.

                But this fact (re. hot water and tumble dryer) has enabled me to convince some of my non-IT clients that it is okay to leave their brand new All-in-One with a 25w PSU running and so avoid problems caused by them pulling the plug...

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Whilst I can see the value.....@Roland6

                  "But this fact (re. hot water and tumble dryer) has enabled me to convince some of my non-IT clients that it is okay to leave their brand new All-in-One with a 25w PSU running and so avoid problems caused by them pulling the plug..."

                  Router & modem all in one? Must be a crappy affair if it gets its knickers in a twist over power cycling. I've got the much maligned Virgin Superhub on a timer switch to turn it off overnight, so power cycled each day without any assistance, and it works a treat (arguably better for the regular resets).

                  And although the hot water and tumble dryer do use a lot of power, leaving any "vampire" devices on constantly does add up. As a rough guide for those who can't be bothered to do the maths, take the value in watts of any always-on device, and that's about the cost in £ per year. So a 25W router/modem will cost £25 a year to run if always on, which is about a quarter of the annual running costs of a tumble dryer. Stick a timer switch in the router's mains socket, with power off overnight and you'll save the cost of the timer in year one, after that you're £8 a year better off for the life of the kit. If you're ALWAYS out during the day you could save £16 a year by the timer turning the device off then. As a suggestion don't be too aggressive in the planned timings, otherwise you'll end up frequently over-riding the programme and leaving the device switched on, which defeats the purpose. If you've got any gaming PC's with active subwoofers, then they can be similar vampire power users that don't get noticed when they're left on, and these can be connected to the same timer with a multiple socket extension.

                  1. Roland6 Silver badge

                    Re: Whilst I can see the value.....@Roland6

                    >Router & modem all in one?

                    No an All-in-One desktop PC that replaced a 'normal' desktop PC assembly with 300+w psu, that they were (naturally) turning off after usage, without really taking notice of what the screen was telling them...

                    I deliberately chose the All-in-One for its low energy consumption (25w max and 3w standby) and low noise so that it could be left on. Also on this system the power button is software controlled (puts the system into hibernate mode)... Shame the power management software isn't better as I'm sure I could further decrease energy consumption...

                    >Stick a timer switch on the ...

                    You would of thought by now that these devices would have an energy saving mode and be manageable via power management software running on the PC...

                    Only problem I've encountered with external timer switches is how many devices now come with a soft on/off switch that only works once the device is powered...

            3. Anonymous Coward
              Anonymous Coward

              Re: Whilst I can see the value.....@TheBig Yin

              @Tom - I've got a currenccost meter and (using the TTL serial port they thoughtfully stuck underneath it) I collect the data and graph it. My consumption did drop when I initially got it, because there were a few things that I wasn't aware just how much juice they used. Amplifiers, older workstations, my partner's MAC used a huge amount of power even when on standby. We make sure to turn off these things now. It's probably not saved us that much, but there are some things that you just aren't aware of how much power they really use.

          2. JP19

            Re: Whilst I can see the value.....@TheBig Yin

            "The EU tree huggers believe that if you have a real time energy or cost display, you'll use less power"

            And even if they don't really believe that they think every one should have a real time display of personal guilt anyway.

            1. tony2heads
              Devil

              Use less electricity

              If this gets hacked and the power is switched off at your home you WILL use less electricity - like it or not!

          3. John Smith 19 Gold badge
            Unhappy

            Re: Whilst I can see the value.....@TheBig Yin

            "Smart meters are a crap solution, and those who have mandated or encouraged their use should be thrown in prison. Hackers are far less of a threat to UK energy security than DECC."

            IIRC they were included in the bill because some Peer took cash for clauses and had them inserted.

            The benefits of the "display" are also optional as mos of them will not have it as standard.

      4. Anonymous Coward
        Megaphone

        Re: Whilst I can see the value.....

        "We aren't paying for them, the electricity companies are paying for them."

        What and (speaking as a power company employee), we just magic the money up? Don't be daft, the total costs is averaged out and added to everybody's bill, whether they have one or not. But we aren't doing it because it benefits us - putting a meter reader on the dole will save only £5-10 per meter per year, so spending £200 to buy and install a smart meter (possibly a lot more) will have a bloody long payback. Throw in operating costs, systems upgrades, and interest costs and you'll quickly see that there's no financial case at all.

        Caps for the hard of thinking: ENERGY COMPANIES ARE INSTALLING SMART METERS ONLY BECAUSE IT IS MANDATED BY UK LAW AND EU RULES THAT YOU MUST BE OFFERED ONE BY 2019. If we don't roll them out, we get fined up to 10% of turnover. No use blaming us, go take it up with your expenses diddling, fingers-in-his-ears MP.

        One other common misconception - normal credit tariff customers can't be forced to have a smart meter. If you say no, then that's (currently) final. Of course, the knobs at DECC may push to have the law changed if enough people say no, or your hand could be forced by unfavourable tariffs for non-smart meters.

        1. Number6

          Re: Whilst I can see the value.....

          ENERGY COMPANIES ARE INSTALLING SMART METERS ONLY BECAUSE IT IS MANDATED BY UK LAW AND EU RULES THAT YOU MUST BE OFFERED ONE BY 2019.

          How much compulsion is there in this 'offer'? Can I say "no thank you" and stick to a clockwork meter?

          Given the involvement of the EU, I probably already know the answer to this.

          1. Anonymous Coward
            Anonymous Coward

            Re: Whilst I can see the value.....

            "How much compulsion is there in this 'offer'? Can I say "no thank you" and stick to a clockwork meter?"

            Yes. Last paragraph of my post covered that.

        2. Equitas

          Re: Whilst I can see the value.....

          So Ledswinger says

          "One other common misconception - normal credit tariff customers can't be forced to have a smart meter. If you say no, then that's (currently) final. "

          British Gas didn't ask. They simply sent some operative from Eastern Europe, with very little English, to "change the meter." That particular supply was a domestic-rate supply.

      5. Anonymous Coward
        Anonymous Coward

        Re: Whilst I can see the value.....

        "We aren't paying for them, the electricity companies are paying for them."

        Out of interest, were do you think the electric companies get their money from? Sky pixies? Government? Or us, the consumer?

      6. Occasional Comentard
        Unhappy

        Re: Whilst I can see the value.....

        And where do the power companies get 'their' money?

      7. Anonymous Coward
        Anonymous Coward

        Re: Whilst I can see the value.....

        prat

    2. CASIOMS-8V

      Re: Whilst I can see the value.....

      Yes I am sure it will also enable the power companeis to provide more agressive peak usage charges in the future too.

    3. John Sanders
      Linux

      Re: Whilst I can see the value.....

      This is a trend, giving you functionality you do not need or have not asked for.

      It is the new feature creep.

      Smart metering, Contact-less credit cards, tablet-like interfaces everywhere...

    4. Crisp

      Re: customer benefits

      I guess the customers that are smart enough to hack their smart meters will get free electricity.

      It's nice that the electric companies are giving something back after years of ruthless profiteering.

      1. Anonymous Coward
        Anonymous Coward

        Re: customer benefits@Crisp

        "It's nice that the electric companies are giving something back after years of ruthless profiteering."

        FFS, don't swallow this Daily Mail codswallop. If you'd invested in my employers shares six years ago, you'd be sitting on a quarter of your original investment. Call THAT profiteering? If you're a UK electricity business, your net return is at best about the cost of capital - look at the accounts of SSE plc. Or look at the segmental detail for Centrica plc, owners of British Gas to find the same thing. Most of the supply businesses (the part of the company that sells to you and bills you) operate at a loss, and have done for years, and wholesale generation prices are so low that nobody will start to build new power stations that will be needed from 2016 onwards.

        Your energy prices have gone up because world market prices for fuels have gone up in response to global demand plus the malign effects of money printing by Western governments; because sterling buys less than it used due to UK government economic mismanagement; and because the money that should have gone into new power generation assets has been frittered on wind turbines, smart meters and other government mandated shit, which means we still need to raise the money to invest in new fossil plant.

        Your power bills will continue to go up to pay for all this eco shit. They don't need to, we just need a policy that stops the ever-growing proportion of your power bill that is being frittered by DECC (about one eighth of it at present, but rising). We need to stop or reduce subsidies to renewables (a double edged sword, unfortunately, because of the wasted investment in building such unproductive assets). We need to forget about nuclear until it can be built to produce power at say £60 MWh, and we shouldn't be closing full functional coal plant to please the twerps of the EU, or rolling out silly toys like smart meters.

        1. John Smith 19 Gold badge

          Re: customer benefits@Crisp

          "FFS, don't swallow this Daily Mail codswallop. If you'd invested in my employers shares six years ago, you'd be sitting on a quarter of your original investment. "

          Well that's terrible.

          So how is it that electricity companies can continue to declare profits in the 100s of £m?

      2. John Sanders
        Thumb Down

        Re: customer benefits

        "I guess the customers that are smart enough to hack their smart meters will get free electricity."

        Of course not, while the electricity companies do not care about your security, they do care about theirs, and anti-fraud measures are part of the standard smart meter.

    5. Anonymous Coward
      Anonymous Coward

      Re: Whilst I can see the value.....

      >As yet, I haven't seen any customer benefits.

      Seems to offer numerous advantages to the customer looking at Termineter and ilk.

    6. Equitas

      Re: Whilst I can see the value.....

      We've got one of these on one of our nine electricity supplies. They still send a meter reader to read it. They allege that since it was fitted by British Gas when they had that particular account, eon can't get the readings from British Gas. Mind you, if our experience is anything to go by, there's a serious question as to whether anyone can get any sane information of any sort out of British Gas. In any case, most suppliers make a lot of profit out of NOT reading meters but using an estimating algorithm which ensures that "estimated" charges are always entered at a notional consumption far above what they reckon the consumption to have been.

    7. andy 45

      Re: Whilst I can see the value.....

      Hear hear. I see no benefits for smart meters and don't want any more wi-fi electro-smog in my house, nor do I wish to be profiled...

  4. Pascal Monett Silver badge

    Very few vendors of such equipment will give this type of assurance

    And those who do ensure that their equipment has been hardened against attack are certainly not in the group of vendors who will be considered for procurement, due to the fact that their products are more expensive than those of vendors who do not insure against attacks.

    In other words, yeah, smartmeters are dumb, open and unprotected. What a surprise. Security is always a cost, and these "smart" meters were not conceived with security in mind, but with remotely controlling the availability of power on a site (house, appartment, restaurant, industry, . . .).

    You get what you pay for.

  5. David Pollard

    A quick fix

    All that's needed is to advertise a £3.99 CD on fleabay of 'how to hack your smart meter' with the suggestion that it can be reprogrammed to report reduced consumption. That will get security improved in very short order.

  6. Naughtyhorse

    Oh Noes!!!!111

    So pesky Hax0rs could mess with the supply of whole neighbourhoods...

    by _not_ chucking an old bike over a s/stn fence onto the top of a transformer then.

    (at least thats pretty - for about 3 seconds)

    yawn

    security types banging on about how the sky is falling in is beyond tedious.

    yes it could happen

    will it?

    maybe

    who cares?

    not the 99.9999999999999999999999999999999999999999999999999999999999999999% of people who are not off supply.

    1. The BigYin

      Re: Oh Noes!!!!111

      Think about it, just for a second. All smart meters are the same. A hack is found.

      You are a terrorist.

      Wait until winter.

      Switch off the gas and power to homes nationwide, screw the network drivers at the same time. You only really need to do the leccy, that'll take out gas central heating too (boilers do use leccy).

      *UNLESS* there is a hard-reset switch that can re-flash the meter on-site (and this can be done by the consumer) then there is a very serious risk to life. And even if so, you (as the terrorist) and periodically re-bugger them.

      The risk may be low, but the impact high. It bears thinking about.

      It'll never happen? Bullshit. Look up the SCADA attacks.

      1. GettinSadda
        Boffin

        Re: Oh Noes!!!!111

        So you missed the bit about needing to set up a fake GSM transmitter near enough to the smart meter to swamp the real one and be chosen in preference? These devices aren't attached to the internet and aren't attached to home PCs that can be hacked. They use encrypted mobile phone networks.

        1. Fading
          WTF?

          Re: Oh Noes!!!!111

          Cough

          http://www.theregister.co.uk/2011/07/23/cellular_hijacking/

          And as to your assumption that any savings to power companies are passed onto the customers and not their share holders - please see image at the side of this message.

          PS - the real world called said something about coffee and olfactory senses.

  7. Anonymous Coward
    FAIL

    not to worry

    Due to this predictable failure, i doubt the first people to exploit it will be the great boogy man of "terrorism"... it will probably the people who were put out of business selling dodgy cable boxes.

    How long before you can be down the pub and a bloke offers to sell you a modified neighbourhood access point to give everyone free leccy.

  8. Anonymous Coward
    WTF?

    FFS

    Any of these fuckwits watched Demon Seed.

    Don't let a computer control your house.

    1. Crisp

      Re: FFS

      No sophisticated computer system is going to try and nail my wife!

      1. Anonymous Coward
        Joke

        Re: FFS

        After a few years it's hard enough trying to do it yourself. :)

      2. Anonymous Coward
        Anonymous Coward

        @Crisp

        "No sophisticated computer system is going to try and nail my wife!"

        Of course not. That's what friends are for.

  9. Anonymous Coward 15
    Devil

    So is stealing power now easier to do / harder to detect than with a conventional meter bypass?

  10. John Hadfield
    Stop

    Encourage - Mandate more like!

    Despite working in the IT industry for 1144 weeks, there's much of the article that escapes me.

    I'm certainly not sure what basic programming (BASIC perhaps) would be all that was required to hack these (early?) samples. I'm not saying there's no issue, just that I'd doubt it's as quite as simple as suggested.

    One error I do note, is that far from encouraging the energy companies to install smart meters in every home, the government is requiring that they do (https://www.gov.uk/smart-meters-how-they-work#do-i-have-to-have-a-smart-meter). I suspect to at least some degree they'd rather not bother.

  11. Anonymous Coward
    Anonymous Coward

    It's all very plausable, until:

    "...This could be via several means, including local connection via wired serial, or GSM to run a fake base station attack...."

    Seriously? If I wanted to disrupt a local supply to a house, and had access to the meter, I'd put an axe through it and if I wanted to take out a neighbourhood where a fake GSM base station was require (ie: physical access to the area) I'd just chuck something explosive over the wall of a sub station. (other methods of destruction are available.) Both of these methods are a lot more permanent as well.

    1. Anonymous Coward
      Anonymous Coward

      "Seriously? If I wanted to disrupt a local supply to a house, and had access to the meter, I'd put an axe through it"

      Maybe, but if you were looking to cause disruption, you wouldn't hack individual meters, you'd hijack the energy suppliers systems, and mess about at that end. Set everybody's account balance to a debit of £1,000 and let the rest of the system start remote switch off for overdue accounts, or whatever mischief seems appropriate.

    2. Anonymous Coward
      Anonymous Coward

      The smarter "terrorist" could just stick a mobile TX on a car and drive around wiping power in the region nearby without risk of much physical evidence of who did it, and doing a much bigger area (and/or areas with better physical security.

      Or even strap said TX under a few taxi cars, etc, hand have someone else identified on CCTV as the car driver.

      Also the option to power off/on repeatedly by some firmware hack could do much more damage to household electronics, not to mention probably tripping the upstream breakers, than just chopping the cable.

      Finally, who says the back-end at the power company is secure enough? Hack in to there and you could down most of a regions power in one go, worse if its via a broken firmware update that means the few meter service personnel have to visit tens/hundreds of thousands of homes to restore power to each on in turn.

      1. Red Bren
        Unhappy

        "Or even strap said TX under a few taxi cars, etc, hand have someone else identified on CCTV as the car driver."

        And if the taxi drivers look a bit foreign, there's no way anyone will believe they're innocent!

    3. Duncan Macdonald

      Bombs get the plods attention

      Use an explosive and half the police in the county turn up. Use a fake GSM base station and by the time that the police realise what was done and send someone to investigate, months could have elapsed.

      (Drive into neighbourhood, activate fake base station, send OFF commands, deactivate base station, drive away. Probable time under 10 minutes - chance of detection near zero.)

  12. Aristotles slow and dimwitted horse
    Go

    Interesting story, but...

    How nice to see the acronym EEPROM used in a Reg article.

    Takes me right back to my early days as a hardware programmer where I'd regularly blow up the more complex EEPROMS and FPGAs with +12v up their +5v legs much to the chagrin of my R&D line manager.

    They do make a lovely smell when cooked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Interesting story, but...

      Meh... MOSFETs smell better.

      Especially when they're pushing 400A (48V) through a 3-phase H-bridge inverter and the DSP decides to turn on the wrong pair of MOSFETs. Then you watch 6" high flames jump off them.

  13. Andraž 'ruskie' Levstik

    Hmm we can get these in slovenia

    But we would be charged extra to get them and all the fancy crap they would provide... I'm happy with a kill-a-watt type devices for when I'm interested in what's burning leccy. They have enough issue with power metters reporting phantom power anyway around here.

  14. Anonymous Coward
    Anonymous Coward

    Of course they're easily hackable. How else is GCHQ going to slurp all of our wifi data and blame it on someone else...

  15. Anonymous Coward
    Anonymous Coward

    In a survey

    "In a survey of 1,000 UK consumers, sponsored by infosec firm TripWire, 61.2 per cent said that smart meters would encourage them to use less electricity, and 28.4 per cent voiced the opinion that it would make their electricity bill cheaper. "

    Them's some stoopid people right there.

    1. teebie

      Re: In a survey

      ...but still smart enough to realise that even if everyone uses less electricity per-unit prices will go up and the average bill won't go down

    2. Dr Dan Holdsworth
      FAIL

      Re: In a survey

      You can bias surveys any which way you like if you know what you're doing. Supermarkets have for instance found that if shoppers are ambushed by a clipboard-wielding surveyer then most will earnestly agree that organically-farmed food is best, and that they really, really would buy this premium-priced grub over the bog-standard stuff if it is stocked.

      Try stocking organically farmed produce, and it is a whole different story when you look at the actual sales figures. Supermarket shoppers do not choose organic produce over standard stuff if it is much dearer, and it doesn't take much of a price differential to make them avoid the expensive stuff.

      What people say and what people do are two very different things, and only a complete moron would base their predictions on a survey instead of real-world data. Interestingly this is what the Government and the EU are doing here, probably because it isn't their money they're wantonly throwing around here, but ours.

  16. jabuzz

    GSM/GPRS reliance?

    What I don't understand about these smart meters is why they have been made reliant on GSM/GPRS aka 2G mobile signals. What happens in a few years time when the mobile phone operators decide to ditch their 2G networks because they are not profitable to operate? Also what happens in a house like mine where there literately is no mobile signal indoors (bricks it is constructed from seem to have a high content of magnetic material for some reason) unless you are next to a window?

    Surely the sensible thing would have been to do supply side powerline networking. You only need a low bit rate for a smart meter so distance can be improved and it is not reliant on a service being provided by a third part that they can stop any time they want. Given a electricity meters usually last decades this was a dumb move.

    1. Christian Berger

      Re: GSM/GPRS reliance?

      It's cheap. A 2G GPRS Module costs around 15 Euros and it works everywhere and you don't need to make any changes to the power grid.

    2. Anonymous Coward
      Anonymous Coward

      Re: GSM/GPRS reliance?

      It's likely that you'll get clusters of networks running on 2G technology, so the telcos will keep them up. Much like the old pager networks, which kept on running for decades after they were no longer relevant because they were "infrastructure".

      That and, I suspect there'll be a removable module in these devices to cover the requirement to change.

    3. Anonymous Coward 15

      Re: GSM/GPRS reliance?

      You'll eventually get a situation like the BBC long wave transmitter.

  17. IGnatius T Foobar

    If only...

    If only the electric company had the ability to run wires to each subscriber's home so they wouldn't have to deploy an insecure wireless network...

  18. AllTheGoodOnesHaveGone

    Well that will be me fitting my smart meter with a tinfoil hat then!

  19. Wim Ton

    Not much to the point for futute meters

    The article talks about first generation meters obtained on eBay. For the meters to be deployed in the UK, DECC has written some resonably detailed security requirements: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/68898/smart_meters_equipment_technical_spec_version_2.pdf

    Some high level requirements:

    Compromise of one end device (like a meter) shall not lead to the compromise of other end devices (so no system wide passwords anymore)

    Critical commands like switching off the power are digitally signed and subjected to a plausibality check. If a hacked utility tries to switch off all its customers, this will be stopped by the independent Data Communication Company.

    PS. I work for a meter manufacturer in case you didn't guess that.

    1. Anonymous Coward 15
      Devil

      Re: Not much to the point for futute meters

      So you hack the Data Communication Company instead?

      1. Wim Ton

        Re: Not much to the point for futute meters

        The DCC can verify and trothle, but not sign. The whole security architecture is designed to avoid a single point of failure.

    2. arrbee

      Re: Not much to the point for futute meters

      So who checks for conformance, or do you self-certify ?

      1. Wim Ton

        Re: Not much to the point for futute meters

        For meters a "Commercial Product Assurance" is planned (see the CESG website for details) Maybe Common Criteria later.

  20. ForthIsNotDead
    Stop

    Er...

    "and 28.4 per cent voiced the opinion that it would make their electricity bill cheaper."

    Meaning that 71.6% thought it would result in a higher bill.

    1. I Am Spartacus
      Headmaster

      Re: Er...

      Not quite, 71.6% thought it would result in an unchanged or higher bill

  21. I Am Spartacus
    Black Helicopters

    Use too much Leccy? We will turn you off

    "Utilities want to deploy smart meters because the technology will automate meter reading, as well as creating tools to make it easier to control supply at times of high demand."

    The phrase " easier to control supply at times of high demand" worries me. I read this as meaning that if the demand exceeds the supply, some customers will be turned off for a period to alleviate the demand. You can see it now: Its 2014, World Cup is on, its half time in a crunch match that England need to win. The country gets up and turns on the kettle. The network surges, the power companies can't cope and scream HELP! And a large number of people are turned off to reduce the power. It's only for an hour. But when the juice comes back, we are left with a smug looking Gary Linekar saying "Wow, what a game, who new that England could play like that. See you next match."

    Yeah, that should keep everyone fine about why we invested in wind turbines rather than a couple nuclear stations..

    1. Wim Ton

      Re: Use too much Leccy? We will turn you off

      The point of load control is that you turn off those loads that won't cause too much inconvenience. If you switch off a boiler or an electric heater for a short time, the effects will be limited.

      1. Will Godfrey Silver badge
        Unhappy

        Re: Use too much Leccy? We will turn you off

        So how does the smart meter (at the entry to the house) know the difference between a refrigerator and a disabled stair lift?

        1. Anonymous Coward
          Anonymous Coward

          Re: Use too much Leccy? @Will Godfrey

          "So how does the smart meter (at the entry to the house) know the difference between a refrigerator and a disabled stair lift?"

          If you read the spec that Wim Ton linked to you'll see that they refer to these "unnecessary" loads, as ancilliary loads, and there's a load of stuff about the interface and system requirements. Of course, the smart meter on its own can't control them, you need a new compatible device or dedicated control switches. As installed the smart meters won't do a damn thing that's useful.

          As we can match peak demand anyway, and will always have to the whole ancilliary load switching idea is a typical bit of crappy, wishful and misguided public sector thinking.

        2. Anonymous Coward
          Anonymous Coward

          Re: Use too much Leccy? We will turn you off

          "So how does the smart meter (at the entry to the house) know the difference between a refrigerator and a disabled stair lift?"

          Good question in principle, but don't sensible stairlifts come with battery backup anyway? If you'd said domestic kidney dialysis machine or some such, that would have been a different question.

          Meanwhile, the media in recent days have been talking about Gridco (?), telling the UK's fridges and freezers to not switch on for (say) half an hour or so, though I thought the discussion was around aplliances designed to sense the mains frequency rather than Gridco commanding the smart meter.. IE when grid frequency is well below 50Hz, the grid is struggling, therefore don't start the fridge/freezer compressor. Ref:

          http://gridwatch.templar.co.uk

          This kind of action may well be harmless for a few minutes (although the compressor only runs when the temperature is out of the desired range anyway), but how will it actually reduce instantaneous demand by any worthwhile amount. Most fridges/freezers compressor motors don't run most of the time. So telling them to not run will mostly make no difference at all. Only in the few where the temperature is already above the setpoint will the motor be running. Those are the ones that can least afford to be disconnected.

          More to this than meets the eye.

          1. Roland6 Silver badge

            Re: Use too much Leccy? We will turn you off @AC

            "the media in recent days have been talking about Gridco (?), telling the UK's fridges and freezers to not switch on for (say) half an hour or so"

            Shows that people that should know better, don't!

            Decades back this would of made sense, as fridges and freezers had very simple controls. But you could buy such things as "savaplugs" that used some simple electronic circuitry that effectively managed the power demands of the device and hence saved you some money. With the development of electronic controls for fridges and freezers these devices became unnecessary (the circuitry being included in the appliance) and in fact could cause problems (eg. control board components burning out). So the net effect of a command from Gridco would not be particularly great.

        3. Wim Ton

          Re: Use too much Leccy? We will turn you off

          The loads to be controlled have an own relais. For example in my house, the boiler, the washing machine and the heap-pump (for floor heating) are separately controlled.

      2. Anonymous Coward
        Anonymous Coward

        Re: Use too much Leccy? We will turn you off

        "The point of load control is that you turn off those loads that won't cause too much inconvenience. If you switch off a boiler or an electric heater for a short time, the effects will be limited."

        Sounds like we have a deal. You turn off your "not too inconvenient" loads at times of network stress, and put your big pile of expensive smart meters where the sun doesn't shine?

      3. Barry Rueger

        Re: Use too much Leccy? We will turn you off

        "The point of load control is that you turn off those loads that won't cause too much inconvenience to large power gobbling corporations."

        There, fixed that for you.

      4. Anonymous Coward
        Anonymous Coward

        Re: Use too much Leccy? We will turn you off

        "If you switch off a boiler or an electric heater for a short time, the effects will be limited..."

        ... to the old person who then dies of hypothermia.

  22. JaitcH
    FAIL

    Why all domestic meters need a mechanical readout

    All 'OLD' domestic meters, gas - water - electricity, have a very good security device, the mechanical meter.

    These new 'smart' meters can also be ordered with mechanical meters in addition to their electronics BUT how many electricity suppliers are doing this? Why should we trust electricity companies to read our meters?

    An up and coming thing is METERED HOT WATER. An Italian developer in Toronto is promoting metered hot water in it's condominiums. THE PROBLEM IS 'hot water' is not defined NOR measured so even when cold water comes from the hot taps, the meter keeps on counting.

  23. Syx

    Just use a Faraday cage?

    So, what's to stop me surrounding my "smart meter" with some form of faraday cage to protect myself from all this unwanted wirelessly-controlled faff?

  24. andy 45

    How much extra leccy does the smart meter use?

    As it says -- how much extra leccy does the smart meter use?

    Doesn't sound a very green system. Sounds more like they simply want to save money not having to pay meter readers.

    1. Wim Ton

      Re: How much extra leccy does the smart meter use?

      About 0.5 Watt

  25. pacmantoo

    Smart meters help balance the generation load

    Smart meters would only help a dumb person think about how much leccy they use (as if the continual rise in bills wouldn't do that) I hate to admit it, but renewables can make the grid less reliable - because their output fluctautes randomly with the sun / wind / rain. For every 1 MW of electricity generated by renewables, they need 1 MW on standby - just in case. They need to balance constantly varying levels of supply AND demand - to know how much brown power to use (hydro like Dinorwic that comes online at a flick of a switch aside). Smart metering helps measure demand side. Now if we had massive amounts of renewables scattered across the whole country this might balance itself out - ie when cloudy in the south, windy in the West, raining in the North and tidal regular as clock work.

This topic is closed for new posts.