Note to people outside of the US who are worried about this:
The rest of the world uses 3G/4G modems in their smart meters, they are usually also connected to a different APN than generic mobile data. Sometimes multiple meters are connected to a central hub with a physical wire (in apartment buildings for example). The hub is then the only gateway to the internet.
The hack in question is only viable because of the weird way US smart meter collection is done.
US Smart Meters use RF to shout out their values everywhere like an RF beacon. A power company vehicle drives around the neighbourhood, collecting the values, storing them and moves on.
I was at a local hacker space for a photo-op visit by the mayor. One of the things she talked about was the city's new smart power grid. Several members were upset about the fact that they were required to have these meters on their house, mostly because of how insecure they were. If I remember correctly, they were not password protected, and they had just turned off SSID broadcasting. One of the members couldn't help himself and showed her how trivial it was to access the meter's mesh network, which he demonstrated by pinging the meter at the mayors mansion. It was an awkward evening.
Do you mine stating which city this was in? I ask because I've a long-standing curiosity about which cities still maintain mayors' mansions (and governors' mansions). I know New York does, but I haven't run into it too many other places.
Confusingly enough, the "mayor's house" belonged to the city's first mayor, and is now a museum and event space. It has a proper name, but the locals all know it as the mayors house. It is not a residence set aside for the current mayor.
> The rest of the world uses 3G/4G modems in their smart meters, they are usually also connected to a different APN than generic mobile data.
Yes. I guess it's worth stressing this, as it seems taken for granted by people experienced with cellular M2M/IoT but maybe not so well known in the general public.
A cellular modem is first connected to an operator network. For mainstream subscriptions it is then connected from there to the Internet, making a device behind the modem reachable over the Internet, with all the security issues associated.
But for business customers the telcos offer "private APN" subscriptions, with a VPN connection to the customer. Then the modems are connected to the customer and not to the internet, and the devices behind are not publicly reachable.
Support of private APNs is part of cellular data since 2G GPRS, so from the very start. One can expect industrial cellular users to use them.
Mobile networks evolve fairly quickly. Spectrum is limited so mobile operators like to phase out older standards in favour of newer ones to make better use of their available spectrum.
Upgrading the modem in a smart meter requires visiting every location you serve. That's not something a utility would like to do more than once every few decades. With 3G and 2G now being phased out, will utilities have to replace all their smart meters?
It's a valid concern, but it's a contractual problem more than a technology one.
Companies doing smart meters are not taking the basic subscriptions made for the public. They have dedicated contracts with their telcos, with commitment for long term support. So these smart meters companies have visibility and guarantees, and are updated on the telcos long term plans. That's what enable them to deploy meters with 15 years of life span.
The way it works in practice is that telcos may close their "old" 2G (or 3G, but 3G is not used much there. Most jump direct from 2G to 4G) networks to the public, but keep some capacity in operation for those industrial users only for a lot more time --- as long as needed per their contractual obligations. The general public won't see this, as these frequencies will be denied to anyone but specific industrial subscribers. There's no need for much capacity either, as smart meter don't "talk" much.
Another way these long term needs can be addressed is through standard support. For IoT, LTE (perceived as a 4G technology) meets the 5G requirements from R15 onward. And there's work to support these LTE IoT devices (LTE-M, NB-IoT) over "5G" (the tech is called "NR", or "New Radio". Engineering naming ;) channels onward, so there won't be a need for dedicated LTE IoT channels for IoT, as is done for 2G.
So independent of the way it's done, the cellular industry does support long term commitment for M2M/IoT. But as you can see, it's geared toward big customers in practice. In theory one could think about ways to open this to smaller clients (cloud like subscription and access), but I'm not sure anyone does this. It's not a tech problem, more a cultural and business one.
I am highly in favor of this type of self contained technology. The last thing we need is for the grid to become inadvertently dependent on the cell network, which is, in turn, dependent on the grid. If there’s a multi-day outage that takes out the cell battery backups, the grid needs to be able to start up independently. This is hard enough without accidental networking dependencies.
(I believe that at least some of the blatant inequity in the Texas blackouts was necessary for this type of reason. There were various critical facilities (gas pumping stations, for example) that, if shut down due to rolling blackouts, would have further reduced grid capacity.)
A surprising number of modern smart meters contain relays that can be used to wirelessly disconnect customers. I don’t know whether this feature is used for load shedding and/or startup, but it certainly could be.
As an aside, there are distressing reports of meter-associated fires. These seem to come in two categories: installation issues (poor contact between meter and socket) and issues with the relay itself. The former is not specific to smart meters per se, but the latter is. A device that can safely switch 100-320A at 240V is not that cheap and not that small, and I suspect that some smart meter manufacturers try to cut costs.
Can confirm the first part - had the utility turn on a meter remotely, so they can turn it off too.
Also, around here (Portugal) you're billed for the maximum power in your contract - it starts at 3.45 kVA, I think, with 6.9 and 10.35 levels commonly available (at 230 volts, that's 15, 30 or 45 amps). Used to be that a hardware circuit breaker enforced that limit, nowadays it's the meter cutting off supply in case of excess power draw.
I don’t know whether this feature is used for load shedding and/or startup, but it certainly could be.
The last two places I lived, it was.
In the more recent one, residential customers who didn't opt in to the smart thermostat, which allows the power company to override your temperature settings in an emergency, could be automatically cut off from the grid in a crisis.
In the older one, a factory I worked for was part of a program where they volunteered to be cut off from the grid remotely in the event of a power emergency. The factory got some kind of discount or rebate for being part of the program.
At least in my area they can. I have an agreement with the power company that they can shut off my A/C for up to, IIRC, 10 minutes at a time with some maximum total time off per day to load shed in times of high load. In return I get a discount on power during the summer months.
Except for the first year where there was a bug that turned it off for an hour at a time, it's never been noticeable.
This is almost certainly not a capability of your meter as such, though the meter might be used to pass data back and forth. Either your thermostat is being controlled (i.e., via changing setpoints) or there's a device somewhere in your HVAC wiring that the utility can communicate with. What is for sure not happening is remote connect/disconnect in the meter used to shed load.
Correct! I didn't think it was worthwhile making the distinction but there's a separate interface that the power company can control that switches the A/C. I think (been a while since I paid attention to it) that it only controls the compressor: the blower is still allowed to run independently.
I worked with a power company in New Zealand that had load shedding like this (although more for water heaters IIRC). They transmitted signals on the power lines themselves at a much higher frequency than the AC delivery. The end devices also needed to support it.
Not the most specific look at this question, but the facts are relatively clear.
“ The company halted operations because its billing system was compromised, three people briefed on the matter told CNN, and they were concerned they wouldn't be able to figure out how much to bill customers for fuel they received.
One person familiar with the response said the billing system is central to the unfettered operation of the pipeline. That is part of the reason getting it back up and running has taken time, this person said.
Asked about whether the shutdown was prompted by concerns about payment, the company spokesperson said, "In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems."
At this time, there is no evidence that the company's operational technology systems were compromised by the attackers, the spokesperson added”
> If I don't get billed for my power usage then I'm 100% craning my AC, as will everyone else
Sorry, in what relevant scenario does the power company never get paid?
OP pointed out a potential feedback loop between the cell network going down and the grid failing. Are you suggesting everyone will crank up their AC when the network fails because the power company will have some difficulty collecting metering data that day?
If modern smart meters are anything like classic mechanical meters, they have a counter of the total amount of power consumed so far, and the power company bills the difference between the current reading and the previous month's reading. Which means that, once the meter can be read again, you will be billed for all the power consumed in the meantime.
Smart meters still retain the total overall usage. Even if the power company doesn't read it for 3 months, they'll see the increased usage the next time they come by and apply it to your next bill.
Most countries don't have the weird and insane rating plan that Texas did. What I pay for water/gas/electricity doesn't fluctuate 500% from hour to hour.
It's a violation of privacy - it makes it that much easier for people to see how much electricity or water you consume. It isn't necessarily a secret, but it is not so easy to find out when you have to go to a meter directly.
It definitely is enough of a matter of privacy that PGE wouldn’t reveal any details of the previous tenant’s usage patterns when I called concerned about the amount of energy we were using in our new place. If it’s too private to share in that context it shouldn’t be blasted out unencrypted to anyone with an antenna. (Also I realize we’re talking about Texas but I would assume/hope they have the same restrictions on sharing info as PGE.)
It often actually isn't hard for someone to find out even if you have one of the meters that has to be read by eye.
It is quite common for those meters to be placed so that they are visible from a public street or alley, so that meter readers can read them without entering the property.
Here is one electric company that talks about this in their meter reading FAQ [1].
> The numbers on a electric meter are clearly visible from six to ten feet away. And, by noting the position of the dial indicators, an experienced meter reader can accurately read an electric meter from as far away as twenty feet. We also provide binoculars and/or monoculars for readings beyond the range where the dials are not clearly visible.
Now imagine a technology that scans the contents, listing the type, number, and mass of each item, and broadcasts it so that anyone driving by can instantly read it.
It's not binary accessible v. non-accessible, it's level of effort.
But using your own argument, your electricity grid is now dependent on the road "network", so not self-contained. Moreover, I can imagine much worse scenarios than what you wrote about the cell tower batteries failing. Just imagine you have a snow storm and now you have to have a electricity company truck drive past people's home to restart their electricity. At least in the case of drained cell tower battery they only need to drive to one location.
The grid will work just fine without any cell connections.
The connection in home smart meters is used mostly just for consumption data and maybe remote diagnostics. In some cases it's used for load management, but this requires a written contract with the user.
Basically it goes "You let us turn off your AC/Furnace/other high load unit during load peaks and we'll give you a discount on your electric bill."
Just the information on which meters can't be connected to (due to cell networks being down) gives the power company a bunch of data on where the actual fault is located.
It's like the meter man visiting your house, but now they no longer have to enter. Isn't it wonderful? If I lived in the US, I'd immediately try to hack up a small Arduino project to read out my neighbours' energy usage.
I do this with a cheap (~$20) USB RTL-SDR – no Arduino or custom electronics necessary. Of course, I only use it to monitor my own energy usage (electricity and gas) using rtlamr[1] and a script that periodically sends the data to InfluxDB, then displayed using Grafana.
The result is a smart home energy monitor that doesn't require any clamps near the electrical panel, and it exactly matches the usage for which I'll be billed.
Crazy how easy that is. I bet within a year we hear about criminals using something like this to know when people leave their house for extended periods.
I've never had a meter reader enter any house I've lived in, which would be somewhere around 15 different units. All gas/electrical/water meters are on the outside of the house/apartment whether they were smart meters or the traditional ones. Anyone can walk up to them and read them. The digital or analog dial readout is not locked/secured/obscured in any way.
I use a Rainforest https://www.rainforestautomation.com/ device to read my own meter on SDG&E and it works, I think I had to go through an auth process though.
Indeed. I wonder if one could set up a fake transmitter that sends corrupt data (to lower one's own energy bill, hide a marijuana plantation, or to cause issues in a neighbor dispute), or what would happen if one would blanket jam the entire frequency.
Charges for fraud (in the case of false data) and disruption to electrical service at the state level, and charges for unauthorized radio interference at the federal level.
Worst case scenario isn't as far away as you might think. Consider that the FCC is pretty good at winning the cat-and-mouse game against pirate radio broadcasters. And those are people who can change their locations at will.
How long do you think it would take to go from the power company noticing an anomaly to someone walking down the street with equipment to detect the source? A week, maybe? There's money at stake, and these aren't stupid people.
Also not a very hard thing to investigate and track down for someone who is interested. I think a good portion of the readers here can design the equipment to do that.
The power company would notice the discrepancy between the sum of reported energy use of the houses vs the actual energy used in that neighborhood and track it down.
I wonder if they do any sort of audit of the amount of power used vs billed and, if so, at what scale. How long would it take them to identify the discrepancy? As long as it was pretty small-scale and not trying to hide a huge crypto-mining operation of something I suspect it would be a very long time before anyone figured it out.
That depends on the power company. But it's quite trivial to compare your average consumption with similar users and find the outliers.
That's how people who steal power get caught for example and grow-houses :)
And it's also a useful tool for the consumers themselves to know if they are spending more/less/equal amounts of electricity as people with similar profiles.
The older meters had serial-numbered lockout tags that would break if you attempted to remove them, that prevented access to the mechanicals of the meter under the glass. I imagine that the gearing in the meter had some mechanism to prevent a simple 'rewind' attack.
I also imagine (Hope?) that the power company would measure @ the pole level at some key points to make sure everything added up, and they have lots of data to help spot discrepancies.
It was possible to run them backwards. He mentions possible evidence this would leave behind, and notes (taken from the description):
> Latterly devices to detect this activity were added to meters in the form of non-resettable flags that would move out if the meter ran in the wrong direction, or in the case of digital meters a tamper indicator.
...though once this kind of attack became common, the utility meter manufacturers started adding anti-tamper features like hall effect sensors that record the presence of an unusually strong magnetic field near the meter equipment. You'd get some questions next time the meter reader came around and the tamper indicator was lit.
Utilities have a lot of financial incentive to keep people from (at least blatantly) manipulating their billing.
Yes but that’s one data point at one singular moment in time being collected by one person. Smart meters continually broadcast a constant stream of data to anyone who cares to listen.
Ha, interesting, if there really are no security mitigations, I can wardrive 2 days in a row and figure out which houses have very low power consumption, and deduce from that they are empty and I can go rob them. Ha, maybe even figure out if some power consumption means they have security devices, or just a fridge and a cooler.
And to make it worth my while I can just war-drive around the swanky areas of the city.
lol - I don't grow (obviously) but I know people who do (legally). They don't use LEDs, but I did use LED lights to grow some indoor veggies. From what I read (again I'm no expert) the low end LED stuff just doesn't cut it. Maybe there's a high-end LED market I'm unware of?
If you could design an algorithm for your wardriver gear, you might be able to detect when growers switch from 18/4 to 12/12 hour light cycles.
From my understanding, commercial grows all use LEDs. You can roll your own and buy 50w+ LED modules, old CPU coolers and constant current inverters to get as high-end as you want.
A lot of the all-in-one “grow lights” aren’t well evaluated, but I’m sure some out there get the job done.
Or you can just war-drive around collecting the high-energy infra-violet emissions that escape through the walls at night, finding out which houses are not occupied! OMG!
Also, please excuse my pedantry, but it is impossible to rob an unoccupied dwelling.
The range is pretty limited, and there's generally nothing to stop me from either walking up to your house and reading your meter directly or from getting a pair of binoculars and doing so from your property line.
How is this? I’ve never seen meters installed in the open with the display readable. Here in the Netherlands they are usually behind two doors. The front door and the door to the cabinet with all the meters and utility connections.
Depends on the meters. My electric utility just replaced their old (circa 1999) smart meters which were one way broadcast with a new smart meter that's supposed to be two way capable. I didn't notice a lot of change at their data collection base station (which happens to be at the corner of my driveway), so I don't know if they already had a transmitter in addition to a receiver, or if it's small enough to fit in the existing equipment box or if they're using a different station.
Well, looks like smart meters started appearing in US slightly later than e.g. here in Finland, around 2006-2007, so I'm not sure that explains the difference. Could be explained by lower mobile network coverage in U.S., I guess.
3x 63A is the reasonable maximum a normal consumer would want at their house. Normal houses are around 3x 32A.
Everything over that is a commercial building and they get billed with different rules and measurements due to the equipment they tend to have. Something about three phase engines and power phases in commercial lighting. I zoned out during those meetings :D
Finland has 230V, so if you're from the US with 110V the low current rating might be confusing ;-) I'd also guess that in Finland they also run three phases into each house/unit (we do in Germany), meaning that's 3*63A = 189A. (Or just shy of 400A on a 110V grid). For us that's the default grid connection you get for your house.
As for your guess: That's just a cultural thing I suppose. I've never seen outdoor meters around here.
The US is 240 volt for power purposes. The 120 volt thing is just dividing that in half - the meters don't measure that. These days most US houses get 200 amp service, but in the past 30, 60, and 100 were all common (100 is still done). I know of a few houses with more than that, but those are not normal.
3 phase is different from us split phase. In the us that would be 404 volts (or about that, I don't work with it just know it exists) or 208 volt if you that the split phase in 3 phase.
Anyway the point is 3 phase is not added in the same way as split phase. I think you know that, but I'm sure someone else doesn't.
Naw, Canadian. Cool to have 3ph at home (even without the #1 thing that fails here because we don’t have 3ph: a/c (capacitors)), but why’s your industrial supply just 400V instead of a soup of 347V, 480V and 600V?
Cellular being backdoored by design might have something to do with it too. Although I think it really is just a $$$ question; cellular providers didn't want utilities competing with handsets for service, so utilities built their own.
> A power company vehicle drives around the neighbourhood, collecting the values, storing them and moves on.
Maybe it used to work this way, or some uncommon types of meters work this way, but I've never seen them. The only ones I've seen broadcast to collectors that are usually on street lights, which are then connected to the power company's network. If you go to the wiki that's linked at the end of the article, they've even got pictures of one: https://wiki.recessim.com/view/Landis%2BGyr_Collector
The connector on the front would have an antenna, and they're usually placed right before the light on the pole facing down.
I've lived in a couple (new) houses in Texas that all use the method described above. I see the utility trucks driving around pretty frequently, and have even had a guy get out and get closer to my meter until his handheld device beeped, apparently indicating he got the data.
Never because it doesn't work this way. All the smart meters I have seen form a peer-to-peer mesh and relay data until it hits a collector (every 8-10 blocks) on a telephone pole that has a connection to the power/water company.
> US Smart Meters use RF to shout out their values everywhere like an RF beacon. A power company vehicle drives around the neighbourhood, collecting the values, storing them and moves on.
> Source: I did smart metering software for L+G.
How long ago? I believe that was how the earliest meters that did not require someone to actually look at the dials worked, but many or most have moved on.
For example the meters that Puget Sound Energy is in the middle of upgrading too (they did mine a couple months ago) (Landis+Gyr meter using their Gridstream RF system) form a mesh network to communicate with the mothership, which they describe thusly [1]:
> At the center of the Gridstream RF Mesh solution is a true mesh, peer-to-peer network where each endpoint, device and router communicate in a peer-to-peer fashion, extending the coverage and reliability of the network. The asynchronous, multi-channel communication structure allows for increased data throughput and opens more paths to the data collector.
> The self-healing network features dynamic routing messages that automatically adjust for changes to endpoints and the introduction of obstructions, such as foliage or new construction. System routers utilize one Watt of power to increase transmit distance and throughput, while data collectors support up to 25,000 meters, further minimizing infrastructure and maintenance costs.
The documents tab on that page has PDFs with product sheets for the various components (endpoints, collectors, routers).
The previous meters PSE used looked like traditional analog meters, but my account page at PSE showed my daily usage, updated daily, so they definitely had some kind of remote reading capability. I'm sure it was not someone driving around the neighborhood daily because it continued updating even whenever weather made it so it was very difficult to get a vehicle into my area for several days. I don't know if those were a mesh network--they were installed sometime in the very early 2000s I believe which seems a little early for that. Could have been cellular or power line networking. I know that both of those techniques have been used fairly widely--I just don't know what my particular meter was using.
The RF stuff is old, I didn't touch those that much. Americans had their own systems, did hear the stories though.
Meshnets are the newer system, but still use RF and have their own issues (like car keyfobs in the same frequency either freezing completely or randomly opening/locking car doors :D)
The reason we got smart meters in Austin, TX is because they weren't even recording readings just guessing what that reading should be based on historical data.
A power company vehicle drives around the neighborhood, collecting the values, storing them and moves on.
Actually, most is collected now via Internet connected reception points typically installed on traffic lights and electrical poles strategically stationed near neighborhoods.
Still you've got RF meters shouting their statistics to everyone.
The Germans would have a fit about that. It's illegal to measure electricity with under 24 hour granularity in Germany and IIRC in Switzerland. And there are really specific rules on what can be measured and how much of the data can be stored in the meter.
Someone told me a long time ago that this arrangement was due to employment agreements with the so-called "meter maids." They originally wanted to fully automate it, but they didn't want to un-employ their fleet of meter readers, so the compromise was for the meter readers to simply drive down all the streets rather than go behind all the houses. The meter readers' jobs got a lot easier but they got to collect the same amount of money.
I believe a union was involved but don't quote me on that.
This is what someone told me, I am not presenting it as fact. If you know differently, please debunk.
In the UK, new smart meters can apparently function as a mesh network and forward readings through each other. They also use "Long Range Radio" instead of 2g/3g service in some locations.
The drive-by van stuff is old tech, I think most new metering platforms are on mesh networks now where there is some kind of central receiver connected via wire that all the meters communicate to. I don't know if they still use RF to do so, but the van driving is specifically considered very old fashioned these days.
Some countries (like France or Spain), use communications via PLC which are encrypted to the local transformer. They are then sent to the distributor via 4g/whatever
From my desk in a residential but dense area I can see 60-70 meters at any given time with a usb sdr.
Water meters in our area do the same, but since it is near the street and below-grade I can only see a few of those.
After having looked around for a while in disbelief, I now filter the capture from the SDR to just the ids of my meters. And I accept the fact that someone sufficiently-motivated could figure out when we're on vacation based on the broadcast consumption values...
This is one of the reasons Germans/Swiss freak out about too exact power metering, it's a privacy issue.
Germans did royally fuck this up at one point and they had a provider that measured power consumption at so high a frequency that you could detect what TV show people were watching based on the power consumption. [0]
>US Smart Meters use RF to shout out their values everywhere like an RF beacon. A power company vehicle drives around the neighbourhood, collecting the values, storing them and moves on.
I use my RTL-SDR to read my own power meter and then pipe that data into my Home Assistant instance so I can get depressed when I see the spike when I use my central AC. It's actually quite cool. I haven't yet figured how to do it for my water meter yet though.
FWIW, this is also how some organizations collected data from grow houses in the 2000s and early 2010s. Though they didn't broadcast SSIDs and wouldn't chat on the network unless they saw a specific sequence broadcast by the mobile station.
I've noticed that US utilities generally have a "dependency hierarchy": the telephone company is allowed to rely on the electrical utility, but not vice-versa. Water+sewer are another step up (and often have large, expensive diesel generators).
I think most electrical utilities in the US would balk at being dependent on a cellular telephone company. Many of them won't even lease fiber from the telcos, insisting on stringing up their own instead.
My neighbors basically heat my home in the winter so that would wind it back below zero which they probably would not like. One of them is close to a refrigerator and actually measured heat output but the radiator is disconnected. I got my 60ct of charge back that year.
You might not be able to wind them back (they are digital) but I'm pretty sure you can manipulate them with sufficient heat shielding something like your method to change the value.
The rest of the world uses 3G/4G modems in their smart meters
I'd suspect this is an exaggeration. I've been plenty of places in the world (yes, even Europe) with no cellular connectivity. So clearly "the rest of the world" is a generalization.
It’s not terribly signal worthy imho. It’s obvious what are critical loads: finance, healthcare, telecom (local CO or your local datacenter, comms), government services such as first responders and dispatch, water/sewer. This is yet another excuse and data obfuscation to hide incompetence and less than good faith decisions.
ERCOT and utilities didn’t even to know which circuits not to shed to keep gas pipeline infra (compressor stations) running during the spring winter event.
Local permit data around electrical infra and ground truth from open data sources will take you far if you want to identify these loads. Folks answer a lot of questions they shouldn’t if you roll up with a hard hat, clipboard, and hi viz vest from your non descript pickup truck if you’re more bold.
Those are the ones that should be kept on line so it'd be interesting to see what areas if any retained power that don't have any of those critical facilities in them.
I wish that power companies were required to publish outage information, at least down to the neighborhood level.
In my area the chance of an outage can vary considerably between one neighborhood and an adjacent neighborhood. It would be nice when considering buying a house to be able to know if it is one of the lower outage neighborhoods or not.
What if that server is a brand new shiny right out of the box? That's not very representative of the old and dull gray boxes that have been there for years.
I follow the researcher on TikTok, whilst I enjoy his work this article is a big nothing burger. Each individual ERCOT customer is able to access fine grained meter data *of their own meter*, not the meter data of others. If everyone is so concerned about what the meters actually say Texans can volunteer their data for the purposes of this research.
Since the meters broadcast in the clear I would not be surprised if war driving becomes standard practice for the retail electricity providers. Yes that's right. When you sign up with a REP they don't know your habits: how much power you're actually going to use or when. Having historic meter data is a competitive advantage in building your pricing models.
I'm getting really tired of people who have no idea how the system functions in Texas making strong assertions based on errors and sweeping generalizations from journalists that don't have a clue how things work either.
I have two U.S. ISO's, multiple REPs, and a large generator as clients. I know people on the board of ERCOT and get the back story on everything, especially things the public will never hear about. This business has nothing in common with anything you've probably read unless it comes from industry insiders.
Sort of agree, the only "secret" in this case is how long the meter has been up?, I assume they can mitigate the "hack" by just rebooting RF part of the meter randomly? (I only say this because I read they have remote capability to reboot zigbee feature)
I know they stopped accepting zigbee device pairing starting this year, and only allow authenticated API based requests which is delayed by 24 hours. Right now there is no way for customer to get real time data from the meters themselves.
I think this is interesting not necessarily in a security sense, but more in a "wow, you can do that" kind of sense. Also considering how distribution companies have refused to provide this data, you'd think it would be harder to obtain.
There are two radio’s in the meter, one for zigbee and one for the 900MHz mesh that sends this data back to power company. The zigbee side isn’t used at all here anymore, they killed our ability to view our usage with it.
"A recent study published by the Lawrence Berkeley National Laboratory, Colorado School of Mines, and University of Massachusetts-Amherst asserted that minority areas were over four times as likely to suffer from an energy blackout than white-majority areas."
Again though... this needn't be attributed to racism. It's not like power companies are like "hmm, grid is under strain, guess we better cut black people and latino people's power first"
Re-frame the problem in terms of rich vs. poor. Now it makes sense because power companies (which are privatized in Texas) will prioritize fixing infrastructure for their reliable, paying customers over fixing infrastructure for more unreliable customers (which poor people tend to be). And it happens that some minorities have a higher probability of being poor (because of inter-generational poverty, or just being an immigrant coming from a poor country).
> “Income status of areas did not appear to be a strong factor in the share of blackouts…” the study stated. “The presence of hospitals or police and fire stations—critical facilities—in a CBG [Census block group] reduces the chances of blackouts by around 0%-6%, a small difference that does not otherwise explain the disparity among communities.”
I'd clarify this as "needed be attributed to intentional, malicious racism."
A system can be racist in terms of outcome without having been intentionally designed to be racist. That still might be a problem. A sibling comment posited low-income areas are both more likely to have monitory residents and older infrastructure. That seems possible. But doesn't make it a non-issue.
> A system can be racist in terms of outcome without having been intentionally designed to be racist.
The problem with this line of thinking is it is so broad in its scope that it could literally be applied to anything where there isn't perfect uniformity of outcome. Just take out race:
> A system can be ___ist in terms of outcome without having been intentionally designed to be ___ist.
Consider these dubious outcome-based claims:
Classist: poor people don't own cargo ships, therefore the shipping industry is classist.
Sexist: spas attract more women than men, therefore the spa industry is sexist.
Racist: most Ethiopian universities have majority black student populations, therefore most Ethiopian universities are racist.
You get the idea. The question when assigning blame for ___ism shouldn't be What is the apparent outcome?, but What is the apparent intent? – and it's only fair to assume good intentions in others until proven otherwise.
I think you are talking past each other. Sure, yes, any system may evince disproportionate outcomes for various demographic groups. I think your point is that that variation doesn't matter. In your examples, that is likely the case.
But I think implicit in the parent comment is that there are some systems that have demographic variation and where that variation significantly impacts the power, agency, or well-being of one of the groups.
And for cases like that, real people are being harmed. They are unfairly not getting the same opportunity for success and liberty that other groups receive. That is a problem that anyone who cares about fairness should care to solve regardless of whether that's the intent of the system. It's not about blaming and shaming the architects of the system. It's simply a matter of something akin to good engineering to want systems that work well for all users.
The fact that men don't go to spas as much ultimately doesn't matter. But if black people in Houston disportionately lost power and froze to death that is an entirely different category of problem. We should not equate them.
I actually agree with most of your point here. The reason I objected is not because I think freezing to death is equally serious as a spa day. We have many serious problems that need to be solved quickly, including utility infrastructure. The very specific point I addressed, however, was that the claim that equal outcome itself is the singular measure of intent (and therefore some greater ___ism) is demonstrably false because it doesn't comport with the real world.
Orthogonal to that issue is the one you raised, and that is whether some people (regardless of race, income level, etc.) need improved utility infrastructure. Manifestly, they do. But I care about that issue because they're human beings. I care because the government has a moral duty to provide the life-critical services it promised its citizens. Freezing in the winter is a serious problem regardless of how we draw the demographic boundaries around those freezing.
Edit: It's for this reason I was frustrated in previous decades when politicians constantly used to say "do it for the children." No matter the issue, it was always "for the children." They still say it, but it's largely been replaced with "do it for the minorities." Why not just do it for people if it's a good idea? If it's a bad idea, let's skip it.
> The very specific point I addressed, however, was that the claim that equal outcome itself is the singular measure of intent (and therefore some greater ___ism) is demonstrably false because it doesn't comport with the real world.
I don't think that's an accurate representation of the parent comment. They said, "A system can be racist in terms of outcome without having been intentionally designed to be racist." So it's clear they aren't implying that unequal outcomes are a singular measure of intent.
Something I try to be more mindful of when commenting on social media is how my reply steers the conversation. I think we all fall into the trap of "Oh, I agree with 90% of this but I'm going to correct this 10% bit here." In practice, that often derails the conversation completely away from the 90% that actually matters.
I believe these online conversations can be a meaningful and important part of how we learn about and interact with the world, so I try to be mindful of the goal of the entire thread and not just whether my comment is technically correct or not.
In this case here, I think your point detracts from the very important general point that there are many systems in the US that are clearly, measurably racist against Black people. And quibbling about the intent of the current participants in that system takes attention and effort away from actually fixing anything.
Imagine you're standing in your bathroom and raw sewage is firehosing out of the toilet all over the ceiling and walls. There is an interesting discussion to be had with your roommate about the relative merits of plastic versus copper pipes, temperature-dependent material fatiguing effects in winter-time, etc. But maybe that should be tabled until the matter at hand is addressed.
Right now, Black people are jailed, assaulted, and killed at a significantly greater rate than other races in the US in large part because of persistent systems whose history stretches back to a time when its creators were deliberately, actively, intentionally racist.
> Why not just do it for people if it's a good idea? If it's a bad idea, let's skip it.
Let's say you have a classroom where half the students are failing because the teachers mumbles and speaks really quickly and those students don't speak English as their first language. You might rightly say that, "Well, we want to improve the test scores of all students, right?" So you do all sorts of study plans, etc. and raise the scores of the whole class by 10 points. Great. Everyone is better. But the scores of those ESL kids are still unfairly lower than the other kids because you deliberately ignored any relative inequities by choosing to only focus on things that improved scores for all kids.
Just to be clear, because I don't think you're making this mistake, but it seems like people replying to you are, this research data is referring to all blackouts nationwide over some study period, not the Texas ten-year storm from a few months ago.
When that storm hit, ability to pay meant absolutely nothing. Poor and rich alike all lost power. When the generating stations and lines all freeze, it becomes impossible to get energy out, whether anyone can pay or not. Money doesn't magically make capacity appear when the delivery network itself fails. That was really the downfall of the Texas approach. Naive economics assumes you can deal with shortages by just rationing using price, and higher prices will incentivize producers to produce more. But if the delivery infrastructure stops working, it makes no difference what the producers' incentives are. They can't deliver anything whether they want to or not, no matter what you're willing to pay them.
This would be an example of systemic or long lasting results of racism. Having less dependable power means your foods more likely to spoil, your work is going to be disrupted, all kinds of things that are comparative disadvantages. And if these communities are artifacts of redlining, then it would be very obvious the clustering had racist origins.
> Now it makes sense because power companies (which are privatized in Texas) will prioritize their reliable, paying customers over less reliable customers that might miss payments.
Not that I necessarily disagree with this but do you have any data to back this claim up?
When you have to pay thousands of dollars per mwh it is pretty likely that many in poorer areas wont pay. And yeah, that rate is not impossible in Texas, they even have a law capping how high it can go since it is a problem.
Edit: I am pretty sure that many poor homes wouldn't be able to pay a power bill of a few thousand dollars, which is what you'd pay if you have variable rate and ran as normal throughout the texas power crisis.
How many people had to pay higher than usual rates? As far as I can tell there were very few people who were on plans that passed those rates down to the consumer and I don't see any reason that poorer areas would have more people on that kind of plan.
At the bottom of the article: the prescience of these important facilities decreased the probability of a shutdown from 0-6%. Probably look for a better hypothesis.
What was also interesting is that it correlated with altitude of the meter which indicates a preference for wealthier neighborhoods.
The problem is that the data Hash collected is incomplete and hard to draw conclusions from:
* It’s a war driving effort of a small strip of Dallas
* The data becomes impossible to capture as normal interruptions happen and reset the uptime counter.
It’s also unclear to me if these uptime counters are affected by having a generator or other backup power supply. One of the examples he noted was a Chase Bank that hadn’t experienced an interruption at all.
The effect sizes and neighborhood-level disparities were referring to a nationwide study of all blackout conducted by the cited universities (and LLNL), in case that wasn't clear. Hash's war-driving data from Dallas is totally separate.
I live in Dallas and can tell you there was no disparity during this last winter storm. Unless you were critical infrastructure, they blacked out everyone. I live within spitting distance of city hall and I was still losing power every few hours for two weeks.
US infrastructure hasn't improved in decades. All the top firms are now building new cities in the middle east and China. Parts of the US are stuck in the 1970 with nothing new built since then, and other parts are decaying back into third world infrastructure levels.
Poorer areas are going to have poorer infrastructure in place more susceptible to natural disaster. If you fix the infrastructure, it stops being as poor of a region and then the poor leave due to higher property taxes.
Also “over [N] times higher” is usually a marker that you’re being misled. Four times 0.00001 is still an extremely small number, not even statistically significant.
Statistical significance is whether or not the data support rejecting the null hypothesis. Effect size is the difference between the two samples. You can have statistically significant results with a very small effect size.
I don't buy their security excuse. Oh you don't want people to know you weren't cutting power to hospitals and other critical infrastructure buildings? No shit.
There's something else they are hiding IMHO. Perhaps it includes answers to how the few million without power is either a BS number, or an explanation as to why my city alone(which owns a power company and had enough power generation for its citizens/owners) had 1-2/3 of the resident without power for days.. If only about 1/10th of the state was without power why did the rolling blackouts stop rolling for so many people? We essentially "took one for the team".
My guess is they are hiding layers of yet-uncovered incompetence.
> My guess is they are hiding layers of yet-uncovered incompetence.
I'd call you Captain Obvious(tm), but this is the Texas Laboratory for Shitty Government (to paraphrase Molly Ivins) we're talking about.
Things they are likely hiding:
1) The grid is shit and has no control granularity.
The granularity is sufficiently high that they couldn't disconnect enough load. Too many things are on the same circuits as the essential things. To fix this requires new power feeds (read: expensive copper wire) and the controls to run the smaller granularity. Nobody wants to to pony up the cash to fix this, so this will not get fixed.
2) Factories aren't connected with controls
ERCOT couldn't summarily disconnect manufacturing plants with controls and had to fiddle with pricing games to finally force the plants to disconnect. The fact that people were without power but manufacturing plants still had power will make some people upset. But, don't worry, they'll still vote for Republicans.
3) The "critical" portions of the grid are now larger than the "non-critical"
At least in the winter, residential simply just isn't pulling enough load to be able to stop a grid collapse. People have energy efficient residences. Consequently, essential things like your water treatment plant are consuming an amount of energy that takes a lot of residences to match. The only way to fix this is to keep fuel and backup turbine generators on-site to allow the plant to keep working after it disconnects. This costs money, so nobody will do it.
The whole point of Texas not being on the national grid is so that the pieces of the grid don't have to spend money and be useful when things go to shit.
> “If we want a secure system that’s resilient against attack then it must be openly attacked, otherwise nothing will be done.”
this is a brilliant bit of knowledge that I had somehow slightly understood and had never seen verbalized anywhere previously. as a bonus, it is perfectly worded.
he is exactly right; to use an analogy: an immune system that is never attacked cannot defend against any attack, because only attacks can teach the immune system how to defend. it's the same (mostly) for computer security concerns.
I live five minutes away from my sister and my house gets cut three seconds the entire time. Meanwhile my sister's family had to huddle around the fireplace in their den for warmth. Does she live in the ghetto? Her neighborhood is nicer than mine. If I were to guess, it's because I live near the local police station and she doesn't. It's no grand mystery here. Stop tying to make it about inequality or some other BS.
Nice neighborhoods were powered down. Poor neighborhoods were powered down. Maybe some had essential infrastructure. Maybe they didn't. There's a possibility that poor or minority majority neighborhoods were unfairly targeted. The inverse is also possible.
The bottom line is, you and I both have NO idea who was affected, how, or how that decision was made. So stop trying to pretend racism or inequality can't exist. There literally is a grand mystery here because the companies responsible won't inform anyone.
And yes, I fully accept that while it can exist that doesn't mean that it does exist in this situation but you have to also accept that with incomplete data you can't prove it doesn't.
Just because I can't know every variable doesn't mean I'm going to dismiss what I've seen. Inner cities also have some of the best hospitals and infrastructure in the state while containing the most poor. It's just nonsense what you're preaching.
I mean the whole idea that "I don't know every variable, but I'm going to jump to a singular conclusion while pointing out that a hypothesis I disagree with is nonsense" seems like a bad take to me but I'm a fan of science.
The person mentioned in the article bought the meters off eBay and is reversing the firmware off those. Perhaps they’re identical to what’s on his house but it’s implied he’s ‘phreaking’ over his city’s power grid and that’s not the case at all. There’s nothing illegal here. Remember when we understood and applauded this behavior?
I also don't buy their security excuse for not releasing info on whose power never got turned off.
If the ERCOT Grid was really concerned about cyber attacks they wouldn't be partnering with Bitcoin mining companies that have access to the grid, and have a special partnership with ERCOT.
using this: https://github.com/bemasher/rtlamr, I could read the meters of about 30 of my neighbors... and I was not living in apartments... Yards in that neighborhood were about 150ftx75ft. And I would get meter reading updates about every other minute. I used the stock rtl-sdr antenna and didn't even place it outside my home.
The rest of the world uses 3G/4G modems in their smart meters, they are usually also connected to a different APN than generic mobile data. Sometimes multiple meters are connected to a central hub with a physical wire (in apartment buildings for example). The hub is then the only gateway to the internet.
The hack in question is only viable because of the weird way US smart meter collection is done.
US Smart Meters use RF to shout out their values everywhere like an RF beacon. A power company vehicle drives around the neighbourhood, collecting the values, storing them and moves on.
Source: I did smart metering software for L+G.