How to Hack a Smart Meter and Kill the Grid

Last week was a watershed for the embedded security community, and by implication everyone else.  Bloomberg announced that rogue chips had been found on the motherboards of servers sold by Super Micro Computer to companies like Amazon and Apple.  Whoever had added these during the manufacturing process would have acquired the ability to control and access data from the servers when those companies installed them.  For the first time, it appeared there was evidence that the supply chain could be disrupted.  That meant hacking was happening during the manufacturing process, before the products had even left the production line.

Up until now, hacking has predominantly been viewed as getting malicious code into a device which is “clean”, by exploiting security flaws in its code.  That’s what’s happened with every PC virus; attacks like the WannaCry ransomware, and state sponsored attacks such as Stuxnet and the recently discovered attempt by Russian hackers to infiltrate the Organisation for the Prevention of Chemical Weapons in The Hague.  Although the concept of hacking a product before it has shipped has been discussed for years, the Bloomberg report signals that we’ve moved from academic debate to reality.

There is still debate about whether the report is correct.  Apple and Amazon deny much of the detail, but its publication has started people looking more closely at the supply line and concluding that whether or not it is true, the way we design, subcontract and manufacture complex electronic products today means that it is possible.  If it is true, this attack was probably commercial, where a company or a state wanted to discover what leading global companies were doing.  What is more worrying is the prospect of a future where malicious state actors target infrastructure with the aim of crippling a country.  Which brings me to smart meters.

Read More

Apple sticks Five Fingers in the Air

Apple’s big Special Event last week was marked by a noticeable lack of excitement in the days running up to it.  A few years back, everyone would have been on tenterhooks, but it seems that it’s increasingly becoming a so-what event.  If you use Google Trends to search for the word iPhone, you’ll find that it used to peak around these events, but they’re no longer generating the level of interest that they used to.  If you filter those searches down to news mentions, it’s apparent that these Apple events are not really news anymore.

Read More

GB Smart Metering no longer financially viable

Last week the British Infrastructure Group (BIG), comprising 93 Members of Parliament and the House of Lords, delivered a devastating report on the British Smart Metering Project.  Titled “Not So Smart”, their headline assessment is that it is a “roll-out which is set to become yet another large scale public infrastructure project delivered well over budget which fails to deliver the expected benefits.”

It is very gratifying to see the issues I’ve been writing about for the last six years confirmed.  In the past, the energy industry and civil servants have succeeded in pulling the wool over the eyes of various Parliamentary Committees, who, lacking adequate technical expertise, have simply repeated the mantra that the project is more or less on track.  The British Infrastructure Group have cut through that obfuscation.  In their summary they suggest that the average consumer saving will be reduced to just £11 per year.

Whilst I applaud this report, I fear that the group members may still be wearing their rose-tinted ermine.  Their conclusion about the reduced savings comes from looking back at BEIS’ numbers from 2016.  If you look forward at the additional problems and costs which are still in the pipeline it becomes clear that the GB Smart Metering programme is no longer financially viable.  Rather than a saving of £11 per year for each household, it’s more likely to result in an increase in annual energy bills of £67 for the next decade.  With the publication of this report, the last vestiges of BEIS accountability have been ripped away.

Let’s examine what is still going wrong.

Read More

Smart Meters and Fake Headlines

Last month I wrote about an advert from Smart Energy GB promoting the current smart metering programme.  The headline was that by having a smart meter installed you could save enough energy to charge your mobile phone for 177 years.  It’s a good headline to attract people’s attention, but it seemed high.  I was intrigued and decided to try and work out where that number had come from?  I found that the calculation was riddled with mistakes and that a more realistic analysis showed that the saving was equivalent to charging it for just 17 years.  I’ve since realised that even that figure was optimistic and in fact it’s just 16 years.

A reader kindly informed me that Smart Energy GB has produced a wider series of these adverts and have published how they calculated the claims.   They obviously think they understand what they’re doing, as they’ve put the basis of their calculations on their website.   (In case they change them after reading this, I’ve archived the version that was on their website when I wrote this article at http://bit.ly/dumbenergyGB.)   Their webpage explains the workings behind seven adverts and in every single case they’ve got their calculations wrong.  The mistakes range from a failure to understand how battery charging works, an inability to calculate percentages, getting formulas wrong, misreading much of their source data, including mistaking 2 x 12 for 212, not understanding the context of their source data or realising that electricity and gas have markedly different prices. 

Most of the adverts overestimated the savings, but a few underestimated them.  So, there was probably no deliberate attempt to mislead.  Just an unbelievable level of incompetence.  But we mustn’t fall into believing this type of fake data.  Once we stop questioning, we set the scene for Orwellian manipulation. 

Read More

Telling Lies about Smart Meters

What do you do when your smart metering plan isn’t working?  Looking at the efforts of Smart Energy GB, who are tasked with persuading the nation to install 50 million smart meters which aren’t really fit for purpose you do two things:

  • You ask the Government to double your funding with an additional £95 million of public money. Then…
  • You spend it on inaccurate adverts.

The particular advert I’m talking about demonstrates one of two things – either that Smart Energy GB are lying through their teeth, or they can’t add up.  Although given the sad history of this program, there’s a fair chance it could be both.

Read More

British Smart Meters cost £28 million EACH

That’s right.  Britain’s smart meters are now officially the most expensive smart meters in the world.  For those of you who have not been following the story, let me provide a brief précis.  Back in 2010 the Government mandated that every home in Britain should have a smart gas and a smart electricity meter by 2020.   Instead of using off the shelf smart meters, they decided to design their own.  DECC worked with some vested industry interests to do a classic Government IT committee job, producing the most complex smart meter specification the world has seen.  That design was called SMETS1 – short for Smart Metering Equipment Technical Specification.  Not only was it the most expensive, but it was also insecure.  When GCHQ looked at it and considered the potential implications of connecting it to our national infrastructure they demanded a redesign, resulting in the SMETS2 specification.  SMETS1 meters look as if they won’t work with the SMETS2 software infrastructure, so any SMETS1 meters already installed will probably need to be replaced.  Throughout this fiasco, the Government has not relaxed its requirements for every home to have a smart meter fitted by 2020, which means fitting around 50 million new meters.

Which brings us to today.  The SMETS2 meters are enormously complex and are pushing the limits of the industry to design them.  With the 2020 deadline barely 30 months away you’d hope that the bulk of them would be fitted by now.  But I’ve just been talking to contacts in the industry who have told me that currently there are only around 80 SMETS2 meters fitted.  Do the sums based on what has been spent so far on the GB smart Metering programme and you’ll find that it equates to around £28 million for each of these meters.  It is an obscene example of a Government IT project going wrong.  But it gets worse.  Not only will the overall project cost consumers around £12 billion, it has the potential to destroy Britain’s leading position in the development of the Internet of Things.  It also seems to be exerting a curse on any Government minister involved in the project, with Amber Rudd, our former Minister for Technical Illiteracy the latest to feel its effect.

Read More