- We have this protocol to switch the streetlights remotely by modulating a signal on the main - but that's needing expensive hardware and it's cumbersome. Can't we just sent that over radio instead?
- There is all this decentralized renewable energy generation, we need a way to switch that off remotely if there is an overload in the grid - hey, we already have that hardware for swtiching streetlamps, let's just use that!
Of course encrption was never a concern and now anyone could remotely turn off / on power generation. But for that to cause real trouble, you'd need coordinated action that would require something like a state level actor.
Authentication, not necessarily encryption. It's a common misconception to think that you need the latter while you actually need the former. And no, encryption does not mean authentication, not at all, usually you can meaningfully modify the ciphertext if a given protocol has no authentication.
Also, here's a fun thought experiment: consider two channels, one authentic but not encrypted, another non authentic but encrypted. Can you actually find a use for the second one? Can you find a use for securely talking to an unknown entity, other than running Omgele? :)
I really enjoyed how the payloads are encrypted, but the implementation leaves time synchronization in plaintext. With the street lamps that work to a fixed schedule, all you have to do is reset the time between 12pm and 12am to turn them on and off (the “lamplighter” attack, in the talk.)
But for that to cause real trouble, you'd need coordinated action that would require something like a state level actor.
Or thousands of individuals using relatively inexpensive HackRF One SDR's, or home-brew radio transmitters which can be built even more cheaply. Of course all those people would need a way to communicate with each other over large distances... perhaps some kind of packet switching network running over a series of tubes (or avian carriers). Hmmm.
TL;DR: by law, German power stations are required to "turn off" (taken off the energy grid) when they receive specific radio messages. This is intended for energy grid load balancing.
Unfortunately, the message protocol is completely flawed security-wise, which allows malicious actors to control the power station.
It would require only a handful of strategically placed senders to control an estimated 20 gigawatt of load Germany-wide, causing havoc on the European energy grid (brown-out, cascading effects, etc.).
The security researchers followed a responsible disclosure towards the vendor, EFR, who reacted with sending letters from their lawyers.
Today's SPIEGEL online news magazine pre-talk report ( https://archive.is/p66as ) on this topic cites EFR that the proposed attack vector is not possible.
The security researchers therefore made the last minute decision to go full disclosure with today's talk to press on the urgency of the topic.
Just read the SPIEGEL article and I think it’s a pretty balanced report on the positions of both sides. Basically, it comes down to the assertion that you can’t reach a large number of electricity generation plants with “simple radio equipment”. That is the position of EFR, and sadly, the Bundesnetzagentur (the radio communications regulator in Germany).
I haven’t watched the talk yet but I think it’s pretty clear to all of us on this website, that sending a specific short radio transmission to a large area is not an insurmountable challenge for our favorite terrorist state.
What I don’t understand is why there is such a reluctance to admit that these problems exist and work towards fixing them. Instead we pull the Ostrich maneuver every time. One day it’s going to really bite us in the ass.
EDIT: after watching the talk, the funny thing is that all of the “business secrets” that EFR is accusing our fellow hackers of leaking, are actually mostly DIN standards. In other words, they are just upset that someone is talking about the fact that no efforts have been made to proactively secure these receivers. Peinlich.
Saw this in person, awesome look at street lamp control and then walking that all the way up to "oops we figured out a way to attack the European power grid"
The researchers did a great job in pointing out the failures in what basically is an old DIN standard that should not be used in this century. I congratulated them after the talk as I did similar research and didn’t get it finished for 38C8. Their presentation is spot on. The attack vector is definitely feasible and publicly known for a while. I honestly don’t understand why nobody in the industry wanted to switch to a safer alternative.
The reaction by EFR will create an unnecessary Streisand effect and after all they will be able to upsell their customers to a (soon to be legacy) 450 MHz LTE system.
I'm not very familiar with security stuff, but I didn't really get the responsible disclosure thing – is it really unreasonable for this company to ask them not to go public just three months after their initial disclosure?
I understand the 'it was known since 2013' thing, but they did also say the company was actively making improvements after the initial disclosure so they were not exactly just shoving it under the rug were they?
I think it's a failure to solve 1 + x = 2. x is the percentage of the power grid controlled by this system, which has risen over time.
So at design time, the threat is just that people can turn off street lamps, which you can do with a BB gun. Then you expand to home solar. Also not so interesting.
But then you expand to be a significant fraction of the grid supply and load. Now there is a substantial target that actually needs security, but which requires a full redesign.
pantalaimon|1 year ago
- We have this protocol to switch the streetlights remotely by modulating a signal on the main - but that's needing expensive hardware and it's cumbersome. Can't we just sent that over radio instead?
- There is all this decentralized renewable energy generation, we need a way to switch that off remotely if there is an overload in the grid - hey, we already have that hardware for swtiching streetlamps, let's just use that!
Of course encrption was never a concern and now anyone could remotely turn off / on power generation. But for that to cause real trouble, you'd need coordinated action that would require something like a state level actor.
H8crilA|1 year ago
Also, here's a fun thought experiment: consider two channels, one authentic but not encrypted, another non authentic but encrypted. Can you actually find a use for the second one? Can you find a use for securely talking to an unknown entity, other than running Omgele? :)
Muromec|1 year ago
luckily there isn't a state actor actively sabotaging all kinds of infrastructure in Europe right now with explicit interest to sabotage renewables
gorgoiler|1 year ago
unbelauscht|1 year ago
mindcrime|1 year ago
Or thousands of individuals using relatively inexpensive HackRF One SDR's, or home-brew radio transmitters which can be built even more cheaply. Of course all those people would need a way to communicate with each other over large distances... perhaps some kind of packet switching network running over a series of tubes (or avian carriers). Hmmm.
gunian|1 year ago
[deleted]
Eduard|1 year ago
Unfortunately, the message protocol is completely flawed security-wise, which allows malicious actors to control the power station.
It would require only a handful of strategically placed senders to control an estimated 20 gigawatt of load Germany-wide, causing havoc on the European energy grid (brown-out, cascading effects, etc.).
The security researchers followed a responsible disclosure towards the vendor, EFR, who reacted with sending letters from their lawyers.
Today's SPIEGEL online news magazine pre-talk report ( https://archive.is/p66as ) on this topic cites EFR that the proposed attack vector is not possible.
The security researchers therefore made the last minute decision to go full disclosure with today's talk to press on the urgency of the topic.
jdiez17|1 year ago
I haven’t watched the talk yet but I think it’s pretty clear to all of us on this website, that sending a specific short radio transmission to a large area is not an insurmountable challenge for our favorite terrorist state.
What I don’t understand is why there is such a reluctance to admit that these problems exist and work towards fixing them. Instead we pull the Ostrich maneuver every time. One day it’s going to really bite us in the ass.
EDIT: after watching the talk, the funny thing is that all of the “business secrets” that EFR is accusing our fellow hackers of leaking, are actually mostly DIN standards. In other words, they are just upset that someone is talking about the fact that no efforts have been made to proactively secure these receivers. Peinlich.
aunderscored|1 year ago
BonoboIO|1 year ago
Russia definitely has the capabilities to send such signals in a coordinated attack and deny an wrong doing.
And this is just one example we know of, there must be hundreds.
ElectRabbit|1 year ago
oger|1 year ago
matchamatcha|1 year ago
Torkel|1 year ago
__jonas|1 year ago
I'm not very familiar with security stuff, but I didn't really get the responsible disclosure thing – is it really unreasonable for this company to ask them not to go public just three months after their initial disclosure?
I understand the 'it was known since 2013' thing, but they did also say the company was actively making improvements after the initial disclosure so they were not exactly just shoving it under the rug were they?
Hikikomori|1 year ago
Towaway69|1 year ago
It seems that they did create an app but it’s nowhere to be found on the flipper “app store”.
ugjka|1 year ago
_ink_|1 year ago
avidiax|1 year ago
So at design time, the threat is just that people can turn off street lamps, which you can do with a BB gun. Then you expand to home solar. Also not so interesting.
But then you expand to be a significant fraction of the grid supply and load. Now there is a substantial target that actually needs security, but which requires a full redesign.