WingNews logo WingNews
top | item 36254000

(no title)

diftraku | 2 years ago

> In the video it appears that Peter was using the Flipper Zero to wireless turn the power meter on and off, which also controlled the power to a large AC unit. Eventually switching the meter on and off while under a heavy load resulted in the meter self destructing and releasing the magic smoke.

Calling out Flipper Zero for someone (ab)using the meter's remote control features cuts me the wrong way: you could've done the same with any other SDR, not just the Flipper Zero.

It's not even a surprise this happened, the cut-off is not meant to be operated constantly to cut heavy loads. Similarly you should not use a breaker to turn off heavy (or any, in that matter) loads as you're needlessly wearing down the protective device, instead of a separate cut-off switch that's designed to be replaceable. Especially since it can be positioned downstream from the protective device.

It all boils down to which part of the circuit you can easily repair in case of a fault, in this case the meter is by far the least accessible.

discuss

order

PietdeVries|2 years ago

Why would a power meter allow an unauthenticated client to turn the thing on and off wireless?!? Sure, if you flip a switch handling a large current often enough, something will break (and I am impressed it's not the AC in this case).

But why does the power meter accept commands from something 'outside', something untrusted?

onetrickwolf|2 years ago

I mean why are power lines not locked up and buried underground secured locked steel cages?

Because some things work better with trust vs convoluted security.

I think this is something a lot of computer nerds don't get (myself included at one point). It's almost like if something can be accessed we are allowed to access it and it's the fault of the person securing it. But a lot of our society works on trust and I think we'd live in a much more difficult world if everything had to be secure enough to resist any attack.

If this thing was connected to the internet I get it, but you already need physical access to the meter why add another layer of security on top of that? If someone has wants to mess up your power and they have physical access there's plenty of ways they can do it without wireless communication.

nyberg|2 years ago

Because security is not a priority for the industry. Most have no security, default authentication in the rare case that they have it, and they use protocols with no support for it. The field is decades behind in security practices (it's pretty much IoT) and won't improve unless forced to.

It's also difficult to update such devices in the field so even if they do fix such issues it's only for new units or a new product line which most customers won't bother with until forced to by regulations / incidents as it's expensive to replace them (you have to send someone out on the field as there are pretty much no OTA updates).

the_mitsuhiko|2 years ago

> Why would a power meter allow an unauthenticated client to turn the thing on and off wireless?!? Sure, if you flip a switch handling a large current often enough, something will break (and I am impressed it's not the AC in this case).

I would guess until recently power meters just had no reason to be secured. We live in a multi unit building (I would guess around 120 of them). There is a shared key that goes to the central electricity room where the meters for all units are. I could turn off anyone's electricity by either unscrewing the main fuses there or by switching the breaker. People are a lot more trustworthy in practice than you would think.

voxadam|2 years ago

The security of billions and billions of devices (e.g. industrial control systems, PLCs,[0] SCADA,[1] ERTs,[2] etc.) that are responsible for controlling and monitoring virtually every aspect of modern life (e.g. power grid, water purification, natural gas transmission, oil and gas extraction, vehicle traffic control, rail signalling, pharmaceutical manufacturing, etc.) is appalling.

The manufactures and integrators of these devices are just now beginning to realize that the internet exists and that their devices aren't always connected to perfectly isolated RS-485[2] networks or connected to a network at all. They commonly contain hard coded passwords, passwords with staggeringly limited length and complexity, plain text authentication, default passwords, and other backdoors. Working with such devices is like taking a Delorean back to the early 90s, the eighties, or even earlier... it's the wild west.

It pleases me beyond words that hacking contests like Pwn2Own[4] have begun to include these systems in their competitions. This is a massively important area of security research that has historically been ignored.

[0] https://en.wikipedia.org/wiki/Programmable_logic_controller

[1] https://en.wikipedia.org/wiki/SCADA

[2] https://en.wikipedia.org/wiki/Encoder_receiver_transmitter

[3] https://en.wikipedia.org/wiki/RS-485

[4] https://en.wikipedia.org/wiki/Pwn2Own

bayindirh|2 years ago

We don't know whether the meter accepts every command, or the device has a fixed security protocol reverse engineered and known by researchers.

These protocols exist to get current readings from meters for data retrieval ease, and generally have a combination of security through obscurity and simple authentication to enable mass readings (by authorized people) easier. IIRC, these things can talk P2P in densely populated areas, and you can get all meters' readings in mere minutes, tops.

In any way, after and initial PoC, the rest of the video gets into territory of equipment abuse, and I got angry and sad while watching it. You can do it, OK, then why damage things which are not yours? Document your findings and leave.

dreamcompiler|2 years ago

Security will almost always be found in products where it dependably increases profit. See comment about John Deere below.

But security is rarely found in products where it only might prevent the loss of profit.

The presence or absence of security in a product always reflects the incentive structure of the business that produces the product.

conk|2 years ago

An untrusted finger can just switch the main breaker or an untrusted hammer can just smash the meter. There’s far easier ways to be destructive if you have physical access to the meter, which by default everyone is going to have because meters are required to be accessible by the public per electrical/fire/building codes.

Am4TIfIsER0ppos|2 years ago

The whole goal of a smart meter is to allow remote access so the government can turn off your power to shed load rather than provide supply.

number6|2 years ago

Blaming this on any device other than the smart meter is disingenuous.

rocqua|2 years ago

> you could've done the same with any other SDR, not just the Flipper Zero.

The specialness of the flipper zero is not that it can do more than any other SDR. The specialness is how easy it is to use. The question is what you can do in that 'easy mode'.

That, in the easy mode, you can do this kind of realistic and meaningful damage is noteworthy. Because this potential is brought to the masses. It probably won't be the start of widespread SDR-based cyber-crime, but that brings it one step closer. That is why I consider this noteworthy news about the flipper zero specifically.

anilakar|2 years ago

> The specialness is how easy it is to use.

Citation needed.

Since the advent of cheap SDRs and TI CC1100 devkits it's been a case of "grab code off Github and go do shenanigans". The only specialness here is that it's battery powered, but even previously you could have been running a laptop and HackRF in your backpack.

pftburger|2 years ago

That said, it’s also important to demand device makers build better protections into their software (like rate limiting) in the same way they do for the hardware. Otherwise it leaves the door open for legislature trying to ban screwdrivers (tools)

salawat|2 years ago

I hate these types of arguments, as they boil down to "I'm afraid of what you'll do with $nice_thing.

I don't want to live in a world of max pessimum.

dreamcompiler|2 years ago

For any remotely-controllable power meter, its contactor switch should have been designed to sync with the zero crossings of the AC waveform. That would have completely prevented this damage.

I know it would have made the meter more expensive, but it was absolutely forseeable that a wild RF signal could have induced repeated contactor reclosings. They should have built it properly.

wilg|2 years ago

I got the vibe they were treating it as a cool hacker tool not calling out the Flipper Zero. But I don't know what any of this is really. I'm just some guy!

AviationAtom|2 years ago

Some very cool videos from lineman showing high voltage air switches opening under even a reduced load.

I think most folks don't understand electric components don't like being manipulated under a load.

diftraku|2 years ago

At the same time, I'm in awe and in horror of seeing those high current, high voltage disconnects being opened only to end up with a few meter high arc of current jumping through the air between contacts.

I was taught the procedure of disconnecting a 10/20kV disconnect for an on-site transformer (alas, only an old one that had been decommissioned) and that thing scared the crap out of me when I first heard the spring loaded high voltage disconnect actuate.

Having a 3 meter fibreglass pole to actuate the thing, just incase, tells you there is a real risk of the thing blow up in your face, on a good day.

weare138|2 years ago

Exactly. They probably could have done the same thing if they just kept throwing the main breaker.