GCHQ saves UK smart meter system from potential mass hack

Posted: March 18, 2016 by oldbrew in Energy

image credit: takebackyourpower.net

image credit: takebackyourpower.net

It’s not even been rolled out yet, but already the UK’s ultra-expensive new smart meter system has hit a security problem, reports PEI.

The UK’s electronic intelligence agency has had to act with haste to secure smart meters destined for large scale roll-out, after a security loophole was discovered on the devices. GCHQ intervened to change the original designs and save the £11bn nationwide system of smart energy meters against hackers on discovery of a fault, which meant all of the meters were given the same encryption key.

The communication channel between each meter and the utilities operating them was designed to be encrypted. But the encryption key — the code used to unscramble the data each meter sends and receives — was the same for all of them. If a hacker was able to crack the key, they could potentially gain control of every meter, GCHQ feared, according to a senior Whitehall official. That would allow them to “start blowing things up” the official told the Financial Times.

Dr Ian Levy, the technical director of GCHQ’s communications electronic security group, said in a separate interview a number of security challenges surrounded the millions of gas and electricity smart meters being installed.“The issue is will they let someone disconnect all the power to your house? Or can someone turn off the right number of meters in the right way to cause a collapse in the grid’s systems?” he said.

GCHQ is helping the Department of Energy and Climate Change to securely design the new metering system, one of the UK’s biggest IT projects in a generation.

Source: Intervention saves £11bn UK smart meter system from potential mass hack – Power Engineering International

  1. oldbrew says:

    That should stick a few more millions on the total bill.

  2. catweazle666 says:

    “…one of the UK’s biggest IT projects in a generation.”

    The mind boggles…

  3. Fanakapan says:

    No doubt the meter’s themselves will be ‘Made in China’ ???

    Were that to be the case, and with China’s reputation for compromising computer networks, it would maybe render this PR exercise for the inheritors of the Bletchley mantle, into complete bollox 🙂

  4. E.M.Smith says:

    Since the meters will know exery Watt you take, they will know when you sleep and wake, every meal you make, they’ll be watching you….

    What could possibly go wrong…

    (I’m much more worried by the potential for “official” abuse than any hacker issues… Police here already use high power usage to justify raids on the theory you are growing marijuana. Don’t expect to do hydoponic home gardening and be left in peace.)

    I already get “reports” in the mail comparing my use profile with my neighbors and nagging me if I use above average duing given times. Complete with the square footage of comparative homes…

    I expect to put in a battery box and inverter eventually (when they start telling me when I can’t use power on my schedule)) and that ought to result in interesting nanny nagging reports…

    None of my appliances will ever communicate with the power company or others listening in. They will never have an internet connection.

  5. ivan says:

    @Fanakapan, I think you are correct in as much as all the parts are made in China although they might be assembled in the EU by a company partly owned by Al Gore.

    From what I have heard that security loophole is only one of many in this type of meter, but they don’t want to disclose all the others or the public will reject them and we don’t want that to happen because if people did then they wouldn’t be able to remotely switch off users when there is not enough wind and the sun isn’t shining.

  6. BLACK PEARL says:

    Can you refuse to have one installed ?

  7. p.g.sharrow says:

    Any meter that can be turned on or off remotely is hackable. As to refusing one, I declined several times and one day they changed it anyway. They own it and all the 1,500 feet of service that I paid them of install to get service. When I had a telephone line installed, they charged me to use their poles that I paid for. That is why they are “loving” known as Public Graft & Extortion by their customers…pg

  8. Wayne Job says:

    These are not smart meters they are big brother meters, they are not even the thin end of the wedge, they are part of the last piece of the total manipulation, control and monitoring. Hacking is the least of your problems, monitoring measuring is the aim, use too much power or water in the not to distant future you will get a visit from big brother.

  9. oldbrew says:

    Car hacking, or the risk of it, is on the rise too. Not that they’re making us paranoid, not at all… :/

    ‘FBI warns on risks of car hacking’

    One day private cars will probably be operated by remote control, like drones.

  10. oldbrew says:

    BLACK PEARL says: ‘Can you refuse to have one installed ?’

    Probably not unless you go ‘off-grid’. They could refuse to supply the power.

  11. Richard111 says:

    And France gets all the profit.

  12. Ian Dempster says:

    The fitting of a smart electricity meter is not at present mandatory. This has been stated in the House of Commons and in a letter to me from EON after I refused to allow one into my house. Supply Companies are however bound by the regulations to get them fitted wherever possible. Should the company consider that your meter is inaccurate, I have no doubt that the only replacement meter available, will be one of the new type.

  13. Dave Ward says:

    EM Smith:

    “None of my appliances will ever communicate with the power company or others listening in. They will never have an internet connection”

    As far as I’m aware (at least in the UK), they don’t need an internet connection. “Smart” home appliances will communicate with smart meters using local radio networks (“Zigbee” is mentioned in documents I have). And the meters themselves will utilise existing mobile or dedicated networks to communicate with the power company.

    Once you have a smart meter installed in your home, any new “Smart” appliance you buy will be able to be controlled by the power company whether you like it or not. It’s getting difficult to buy old fashioned “dumb” appliances: mechanical thermostats & timers with a simple control knob are being replaced with digital electronic controls – how do you know what extra functionality these include?

  14. Power Grab says:

    I’m wondering how much official tampering with the usage levels will be done. Since people have lowered their electricity bill by using less electricity, and utilities are complaining about lower revenue, what’s to prevent them from “adjusting” your total usage upward every month. The phone companies have been known to stuff people’s phone call records with calls they never made. Yeah, if you complain they will remove it, but they just move it to someone else’s bills. Most people don’t look closely at their bills, so they likely get away with it all the time.

  15. sensferguson says:

    There is no way I am having any smart meters etc in the house!

  16. oldmanK says:

    Power Grab says “I’m wondering how much official tampering with the usage levels will be done. Since people have lowered their electricity bill by using less electricity, and utilities are complaining about lower revenue, what’s to prevent them from “adjusting” your total usage upward every month.”

    Good point, that kind of tampering is possible. For a small sum one can install his own mechanical meter (they are cheap) behind his main switch. It will allow him to control and at the same time check for variance.

  17. Dave Ward says:

    “Since people have lowered their electricity bill by using less electricity”

    Don’t count on it – smart meters have the ability (unlike older units) to measure “reactive power”. This means any load with poor power factor correction will show a higher usage than before. Virtually all modern appliances utilise “switch mode” power supplies, and from the tests I’ve made, very few have proper PF correction. Some of the worst offenders are “Low Energy” lamps (both CFL & LED) – many have a PF as low as 0.5, meaning a “10watt” lamp will be registering 20watts from the supply if the meter is able to show this. Even the meters themselves have a small parasitic load (just to power the circuitry), so you are almost certain to get higher bills, even if you make no changes to your consumption patterns.

  18. catweazle666 says:

    This is informative.


    Figure 1 is particularly interesting.

  19. Power Grab says:

    @ Dave Ward: That is news to me! I would like to learn more about that.

    So maybe that’s behind the stories some have told about how their electricity bill only got higher when they allowed a smart meter to be installed, and they also “updated” their lamps and appliances to the latest, energy-saving technology, and also signed up for the special supposedly lower rates if they shift their appliance usage to lower-demand time periods.

    What about how the new flat-screen TVs are registered, especially as compared with how old-style TVs are registered? Is there a similar discrepancy there? I ask because I have old TVs. I refuse to buy a new flat screen because it would force me to scrap my entertainment center for a piece of furniture that has only a tiny fraction of the storage capacity of my current one. I guess most people stream their entertainment these days, but the newest mass entertainment is so uninteresting to me, and my own collection of tapes and DVDs is so much more appealing to me, I just can’t justify it on the basis of “keeping up with the Joneses”, as we say on this side of the pond.

    Besides, it’s creepy to think that if I were to switch to watching everything online, it would undoubtedly leave a precise footprint of my entertainment preferences (boring as they may be!)

  20. Dave Ward says:

    @Power Grab – just Google “Power Factor”. In a DC circuit resistance is the only factor when considering losses. However with AC it isn’t straightforward – you can have “inductive” circuits (wound components like transformers and motors) or “capacitive” circuits (which until recently weren’t that common). The advent of compact “Switch Mode” power supplies has changed this – they are invariably capacitive, unless proper PF correction has been incorporated. If you have mixture of both types of similarly rated equipment connected at the same time the net result is a cancellation – large industrial users, with lots of motors for instance, normally have specialist PF correction equipment to keep their bills (and cable sizes) down, but domestic users are rarely aware of these considerations. Better quality fluorescent fittings incorporate PF correction capacitors – cheap ones don’t…

    I don’t know where you live, but in the UK Maplin sell a plug-in energy monitor which displays PF as a number, and also real and apparent power in watts and VA.
    I’ve seen versions suitable for other countries from the same manufacturer.

    It only takes a few minutes to test various domestic appliances to see how they perform, and a well known name does not necessarily mean good design. I have a CFL lamp made by Osram with a PF of 0.6, yet an unbranded one from a discount store was 0.95 (1.0 being perfect). I doubt that you will find any domestic appliance made in the last 10 years with a transformer based (inductive) power supply – they all use switch mode. Old style rotating disc meters can’t deal with PF, and as a result the energy companies are regularly supplying more power than they are billing customers for. But “Smart Meters” have the ability (if the suppliers choose to use it) of measuring apparent power, and so you could well find your bills increasing!

  21. E.M.Smith says:

    Per appliance radio…

    I have a screw driver and diagonal cutters and know how to use them… a radio without an antenna doesn’t do much.

    I expect that there will be a configuration needed to make it work anyway. My washer dryer are closer to my neighbor’s meter than mine, so something has to sort that. Meaning I can just not config it.

    BTW, for many cases, a razorblade to a card circuit trace will be easier than cutting the antenna. One wishing to retain “resale value” or denyability can do any of: wrap with metal foil, put a magnet on some types of circuits, clip on capacitors or resistors at useful places, or just unplug some leads. The internet will fill with howtos.

    Wosrt case is just put an RF noise maker near the meter or feed the RF input a “small” microwave pulse… of a kW or three…

    Roughly paraphrasing TNG Scotty “The fancier the make the equipment, the easier it is to gum up the works!”

    I can Faraday cage things pretty easily… or put a ground wire to the antenna, too.

  22. catweazle666 says:

    “BTW, for many cases, a razorblade to a card circuit trace will be easier than cutting the antenna.”

    The application of a high voltage device – a piezoelectric gas igniter for example – works a treat with most microelectronics, and doesn’t leave any visible marks.

  23. oldbrew says:

    Of course we don’t advocate such jiggery-pokery here 😉

  24. oldbrew says:

    More car security hacking headaches.

    Modern cars ‘increasingly vulnerable’ to cybersecurity threats, FBI warns
    Hackers are able to achieve engine shutdown, disable brakes and manipulate steering through wireless connections

  25. castianira hatten says:

    brilliant- we know they have a weakness. so when they are compulsary and they misuse our data as per ususal and get off scott free as per usual, and rip us off at peak times and get even more fatter off us we can cooperate with outside powers and take the whole power network down in revenge!
    thanks gov, nice one!