Tuesday, November 11, 2014

Is UMEME's Yaka Smart Metering a security time bomb?

Is UMEME's Yaka Smart Metering a security time bomb?

Nov 11 2014 9:14AM
James Wire

In 2010, Uganda's largest electricity distribution company UMEME put out a tender for a Pre-Payment Metering turnkey Business Solution which led to the deployment of the Yakasmart electricity meters as we know them today.
As a company, UMEME expects to address some challenges like poor payment of electricity bills, current high cost of billing as well as create an opportunity for easier monitoring of consumers' meters and energy consumption. It was also anticipated that this new system will reduce the fraud that has been largely peddled by illegal electricity technicians who prey on unsuspecting customers by extorting money out of them under the guise of disconnecting and reconnecting them. By the first half of 2013, the company had 32,000 customers converted to the pre-paid Yaka system a number that is likely to have doubled by the close of 2014.
A good look at how Smart Meters operate shows a heavy reliance on ICT systems. A smart meteris usually an electronic device that records consumption of electric energy in intervals of an hour or less and communicates that information at least daily back to the utility for monitoring and billing purposes
Governments globally are rooting for Smarter metering systems in order to encourage better and sustainable usage of the limited electricity energy available. This has led to a sudden boom in the production of smart meters as utility companies are buoyed to take on this direction in response to Government support. However, these smart meters have been found vulnerable and subject to tampering by intruders with the wrong intentions. The lack of proper security controls can make them susceptible attacks. Now hackers have the ability to carry out billing related fraud and shutdown electricity supplies at will. By accessing their memory chips, one can carry out some re-progamming as well as exploit any flawed code there-in to tamper with meter readings, transfer readings to other customers as well as insert network worms that can potentially leave entire neighborhoods in a blackout. This is easily achievable if one takes control of the meter box since they can switch its unique ID to mimic another customer's or use it to launch attacks on the network.
In IT security, physical access to the hardware is one of the loopholes one can use to initiate any compromise. The fact that these meters are easily accessible to the consumers means a lot. Access to the onboard software (firmware) of these meters can enable one find the encryption keys used to scramble all the information that the meter shares with hosts found higher up in the power distribution network. One can then fool the hosts and send them false data.
Other flaws these meters are likely to have are shared IDs like factory default passwords (I recall this with Cisco networking gear at the turn of this century) and poor protection from tampering. 
Some of the quick hacks one can use to render a smart meter dumb are;
1. Attacking its memory through hardware; With insufficient protective features, all that one needs is to insert a needle on each side of the device's memory chip. The needle intercepts the electrical signals in the memory chip. From these signals, a device's programming can be determined.
2. Use of a digital radio; The two-way radio chip in a smart meter allows the device to be read remotely and receive commands over the network. Once one has cracked the smart meter's programming, they can use security codes from the software in the chip to get network access thereby issuing commands at will.
3. Interfering the Smart Meter's energy monitoring; By placing strong magnets on the devices, it can cause the meter to stop measuring usage while still providing electricity to the customer.
UMEME has a big challenge ahead considering that meter tampering is likely to be facilitated by collusion between meter manufacturing employees, current or former UMEME employees and consumers. In Puerto Rico, it costs between US$ 300 – US$ 1000 to tamper with a residential smart meter while industrial ones cost upto US$ 3000. So, while UMEME expects to have higher payment compliance by customers, there is a real possibility of this not achieving the expected levels. A number of cases have been registered of current and former UMEME employees and contractors that are already involved in this lucrative illicit activity.
At a higher level, concern arises with the national security. What is likely to happen if a hacker breaks into the national electricity grid and shuts it down? Currently the likely purveyors of such an attack are driven by mere profit and thus may not be of much concern to our internal security organs. However, as these skills become more mainstream, those driven with more political motives like terrorists and rebels could swap their gun totting activities for infrastructure based attacks using available electronic systems that are easily procurable on websites like e-bay among others. I once queried the digital readiness of Uganda's Security forces and each time an imagination of such possibilities comes up, it sends a chill down my spine.
What could the likely anti-dote be to all this?
UMEME, the distribution company needs to ensure that it carries out a proper and thorough analysis of its entire data network at both the software and hardware level. The smart meters need to be verified by an independent party to rule out vulnerabilities as well as regularly employing the services of security professionals to carry out penetration tests. Blind belief in the assurances from internal IT staff or vendors could lead to a grave catastrophe. 
There needs to be standards set for smart metering systems by the Electricity Regulatory Authority (ERA) to ensure that any deployed technologies are in consonance with latest trends. ERA would have to take on a pro-active approach towards standards setting and a lot can be learnt from what the Uganda Communications Commission (UCC) has done in the Communications sector.
ERA needs to lobby for an Electricity Theft law to be put in place that sets out stringent punishments for defaulters. This can serve the purpose of shoring up the current Computer Misuse Act of 2011  that caters for some of the actions related with smart meter systems tampering.
While most current techniques used by the kamyufus (electricity tampering technicians) are largely old school like use of foreign objects including magnets to compromise performance of these smart meters, the availability of hacking information online coupled by the ever increasing computer knowledge shall lead to more advanced tampering operations by these guys. I foresee a scenario where the kamyufus start charging cooperating consumers to transfer their bills to other consumer accounts.
God forbid but a more sophisticated operation would involve these kamyufus working in cohort with gangs of thieves and by having access to the power grid, they can cause an artificially induced power outage in an entire neighborhood to give the thugs ample time to carry out their theft.
UMEME, are we safe?
Lunghabo [at] gmail [dot] com
Twitter - @wirejames

No comments:

Post a Comment