0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/721 Thanks! 1 00:00:12,960 --> 00:00:15,149 Here to tell us all about the 2 00:00:15,150 --> 00:00:17,639 subject is Netanel 3 00:00:17,640 --> 00:00:19,829 Rubin, you may know 4 00:00:19,830 --> 00:00:22,019 him from his various sessions on 5 00:00:22,020 --> 00:00:23,020 trashing Pearl 6 00:00:24,390 --> 00:00:25,950 the Pearl community. Love them for that. 7 00:00:32,100 --> 00:00:34,229 He also recently co-founded the 8 00:00:34,230 --> 00:00:35,280 company Valtierra, 9 00:00:36,690 --> 00:00:39,089 and with no further ado, 10 00:00:39,090 --> 00:00:40,949 I'd like to help. 11 00:00:40,950 --> 00:00:43,169 I'd like you to help me welcome 12 00:00:43,170 --> 00:00:44,639 onto the stage to talk about smart 13 00:00:44,640 --> 00:00:45,640 cities. 14 00:00:53,390 --> 00:00:55,489 Hello, this is it, it's 15 00:00:55,490 --> 00:00:57,559 been it's great to be here. 16 00:00:57,560 --> 00:00:59,659 Let me start with a little apology. 17 00:00:59,660 --> 00:01:01,759 I am feeling a bit sick today, so 18 00:01:01,760 --> 00:01:04,128 if I start coughing or spontaneously 19 00:01:04,129 --> 00:01:06,139 dying, just bear with me. 20 00:01:06,140 --> 00:01:07,099 Forgive me. 21 00:01:07,100 --> 00:01:08,329 Thank you. 22 00:01:08,330 --> 00:01:10,639 And today we are going 23 00:01:10,640 --> 00:01:13,189 to talk about something that 24 00:01:13,190 --> 00:01:15,229 doesn't work for you. 25 00:01:15,230 --> 00:01:17,089 We're going to talk about the smart 26 00:01:17,090 --> 00:01:19,790 industry now, basically. 27 00:01:20,890 --> 00:01:23,109 What we'll do today is talk how 28 00:01:23,110 --> 00:01:25,509 they talk about how the smart revolution 29 00:01:25,510 --> 00:01:27,579 is changing all of our lives without 30 00:01:27,580 --> 00:01:28,719 us knowing. 31 00:01:28,720 --> 00:01:30,699 As a disclaimer, we involved from my 32 00:01:30,700 --> 00:01:33,159 company are developing security solutions 33 00:01:33,160 --> 00:01:35,229 for the smart industry, not 34 00:01:35,230 --> 00:01:36,909 just putting it out there. 35 00:01:36,910 --> 00:01:39,099 So let's talk about smart 36 00:01:39,100 --> 00:01:40,479 cities. 37 00:01:40,480 --> 00:01:43,569 Smart cities are popping everywhere 38 00:01:43,570 --> 00:01:45,789 in Amsterdam, Singapore, 39 00:01:45,790 --> 00:01:47,979 Barcelona and in many other 40 00:01:47,980 --> 00:01:49,389 different cities around the world. 41 00:01:49,390 --> 00:01:51,609 But what exactly are 42 00:01:51,610 --> 00:01:53,769 smart cities now? 43 00:01:53,770 --> 00:01:56,229 Well, in Amsterdam, they decided 44 00:01:56,230 --> 00:01:58,269 being a smart city means they'll have 45 00:01:58,270 --> 00:02:00,450 birdhouses that offer free Wi-Fi. 46 00:02:01,540 --> 00:02:03,789 And in Kansas City, 47 00:02:03,790 --> 00:02:05,709 they decided to take the concept into a 48 00:02:05,710 --> 00:02:08,168 more American approach and implemented 49 00:02:08,169 --> 00:02:09,219 gunshot sensors, 50 00:02:10,270 --> 00:02:11,829 among other things. 51 00:02:11,830 --> 00:02:13,929 Now, it is very 52 00:02:13,930 --> 00:02:16,569 clear to everyone 53 00:02:16,570 --> 00:02:18,999 in the industry that smart cities 54 00:02:19,000 --> 00:02:21,669 are nothing but a mere concept, 55 00:02:21,670 --> 00:02:23,859 an idea of sorts. 56 00:02:23,860 --> 00:02:26,619 That means absolutely nothing, 57 00:02:27,700 --> 00:02:29,859 because each city is implementing 58 00:02:29,860 --> 00:02:32,589 the ideas fit for their own culture, 59 00:02:32,590 --> 00:02:34,869 their own atmosphere, 60 00:02:34,870 --> 00:02:37,269 in order for us to understand 61 00:02:37,270 --> 00:02:39,519 the industry and understand 62 00:02:39,520 --> 00:02:41,529 who gains the most out of this 63 00:02:41,530 --> 00:02:43,779 technological advancement, 64 00:02:43,780 --> 00:02:46,149 we need to look at one specific 65 00:02:46,150 --> 00:02:48,249 market, the smart 66 00:02:48,250 --> 00:02:49,599 energy market. 67 00:02:49,600 --> 00:02:52,239 Smart energy is basically a concept 68 00:02:52,240 --> 00:02:54,699 allowing utilities, energy, utilities 69 00:02:54,700 --> 00:02:56,889 to better connect with their end 70 00:02:56,890 --> 00:02:58,959 consumers as 71 00:02:58,960 --> 00:03:01,029 well as municipal authorities, the 72 00:03:01,030 --> 00:03:02,169 cities themselves. 73 00:03:02,170 --> 00:03:03,639 I know it sounds complicated, but it's 74 00:03:03,640 --> 00:03:04,869 really not. 75 00:03:04,870 --> 00:03:07,599 Now, energy utilities gained a lot 76 00:03:07,600 --> 00:03:10,209 from this whole smart revolution. 77 00:03:10,210 --> 00:03:12,339 Using smart energy, 78 00:03:12,340 --> 00:03:14,619 they managed to implement devices 79 00:03:14,620 --> 00:03:16,149 that allow them to define different 80 00:03:16,150 --> 00:03:18,249 tariffs for different hours, allowing 81 00:03:18,250 --> 00:03:20,469 them to earn more money on peak 82 00:03:20,470 --> 00:03:22,779 hours. They could also connect 83 00:03:22,780 --> 00:03:24,699 or disconnect consumers electricity 84 00:03:24,700 --> 00:03:27,009 remotely if, for example, 85 00:03:27,010 --> 00:03:29,169 they are overdue on their electricity 86 00:03:29,170 --> 00:03:31,629 bill or ran out on their 87 00:03:31,630 --> 00:03:33,759 electricity prepaid card. 88 00:03:33,760 --> 00:03:36,069 They could also receive consumers 89 00:03:36,070 --> 00:03:38,319 electricity usage instantly 90 00:03:38,320 --> 00:03:40,209 without having the need to send someone 91 00:03:40,210 --> 00:03:41,859 over physically. 92 00:03:41,860 --> 00:03:44,229 All in all, utilities gained 93 00:03:44,230 --> 00:03:46,449 the option to better manage 94 00:03:46,450 --> 00:03:48,609 their electricity grids and 95 00:03:48,610 --> 00:03:50,829 in some cases save over 96 00:03:50,830 --> 00:03:52,899 15 percent of their 97 00:03:52,900 --> 00:03:55,029 expenses in that area. 98 00:03:55,030 --> 00:03:57,939 So basically, energy utilities 99 00:03:57,940 --> 00:04:00,609 have a lot to gain 100 00:04:00,610 --> 00:04:02,320 from this whole revolution. 101 00:04:03,640 --> 00:04:05,529 Basically, when we were talking about 102 00:04:05,530 --> 00:04:07,509 smart energy, we're actually talking 103 00:04:07,510 --> 00:04:09,759 about the smart grid 104 00:04:09,760 --> 00:04:12,879 containing all the utilities devices. 105 00:04:12,880 --> 00:04:15,039 And the main appliance that 106 00:04:15,040 --> 00:04:17,588 makes it so smart 107 00:04:17,589 --> 00:04:19,659 is the smart meter. 108 00:04:19,660 --> 00:04:21,909 Smart meters are ordinary 109 00:04:21,910 --> 00:04:24,159 electricity meters with two extra 110 00:04:24,160 --> 00:04:25,239 features. 111 00:04:25,240 --> 00:04:27,699 The first is that this allows the utility 112 00:04:27,700 --> 00:04:29,919 to monitor and communicate with a meter 113 00:04:29,920 --> 00:04:31,839 remotely using p.l.c. 114 00:04:31,840 --> 00:04:33,219 or 4G networks. 115 00:04:33,220 --> 00:04:35,439 And the second, which truly makes 116 00:04:35,440 --> 00:04:37,539 the smart meter smart, is that 117 00:04:37,540 --> 00:04:39,669 it allows the utility to 118 00:04:39,670 --> 00:04:41,769 communicate with consumers, home 119 00:04:41,770 --> 00:04:44,439 appliances, with your 120 00:04:44,440 --> 00:04:46,359 home appliances. 121 00:04:46,360 --> 00:04:48,459 So you are now probably asking yourself 122 00:04:48,460 --> 00:04:50,769 where these things 123 00:04:50,770 --> 00:04:53,409 can control my home devices, 124 00:04:53,410 --> 00:04:55,689 the utility can control my home. 125 00:04:55,690 --> 00:04:58,089 Well, not only they can, 126 00:04:58,090 --> 00:04:59,599 but communicate with their home devices 127 00:04:59,600 --> 00:05:01,659 is just the first step in 128 00:05:01,660 --> 00:05:03,879 the future. These things will create 129 00:05:03,880 --> 00:05:06,459 a massive mesh network all 130 00:05:06,460 --> 00:05:08,499 over the city, allowing them to 131 00:05:08,500 --> 00:05:10,809 communicate with the city smart 132 00:05:10,810 --> 00:05:12,969 appliances, as well as 133 00:05:12,970 --> 00:05:15,099 the entirety of the electricity 134 00:05:15,100 --> 00:05:17,679 grid. Your home, your city 135 00:05:17,680 --> 00:05:19,749 and everything in between will 136 00:05:19,750 --> 00:05:21,939 be in control by your energy 137 00:05:21,940 --> 00:05:22,839 utility. 138 00:05:22,840 --> 00:05:24,459 And that's a bit scary. 139 00:05:24,460 --> 00:05:26,589 But how does the smart meter 140 00:05:26,590 --> 00:05:28,659 communicate both with the city 141 00:05:28,660 --> 00:05:30,699 and your home devices? 142 00:05:30,700 --> 00:05:32,679 One word, Zygmunt. 143 00:05:34,440 --> 00:05:35,099 Nice. 144 00:05:35,100 --> 00:05:37,199 By now, most of you 145 00:05:37,200 --> 00:05:39,299 already know Zogby is an 146 00:05:39,300 --> 00:05:42,119 extremely insecure protocol, exploited 147 00:05:42,120 --> 00:05:44,519 many times before. 148 00:05:44,520 --> 00:05:46,649 But for now, I'll just say that if you 149 00:05:46,650 --> 00:05:48,929 thought being is insecure in regular 150 00:05:48,930 --> 00:05:51,209 smart houses, just wait and see 151 00:05:51,210 --> 00:05:53,519 how it's implemented in the smart energy 152 00:05:53,520 --> 00:05:54,520 industry. 153 00:05:56,010 --> 00:05:59,039 Another important point is who developed 154 00:05:59,040 --> 00:06:00,149 these smart meters? 155 00:06:00,150 --> 00:06:02,249 Currently, there are about 60 156 00:06:02,250 --> 00:06:04,319 different smart meter manufacturers, but 157 00:06:04,320 --> 00:06:06,389 the top three covering about 30 158 00:06:06,390 --> 00:06:08,459 to 40 percent of the market are 159 00:06:08,460 --> 00:06:10,559 Itron lenses and Gear 160 00:06:10,560 --> 00:06:11,759 and Alster. 161 00:06:11,760 --> 00:06:14,039 Remember these names as they will 162 00:06:14,040 --> 00:06:15,290 pop up a bit later. 163 00:06:16,470 --> 00:06:19,709 For now, what you need to understand 164 00:06:19,710 --> 00:06:21,899 is that smart meters are offering 165 00:06:21,900 --> 00:06:23,969 a lot of benefits 166 00:06:23,970 --> 00:06:26,079 for utilities and cities. 167 00:06:26,080 --> 00:06:28,379 They have so much to gain by 168 00:06:28,380 --> 00:06:30,659 installing these meters that utilities 169 00:06:30,660 --> 00:06:33,059 are now forcing smart 170 00:06:33,060 --> 00:06:35,069 meter installation in a wide range of 171 00:06:35,070 --> 00:06:37,469 cases, even though it is costing 172 00:06:37,470 --> 00:06:39,839 them billions upon billions 173 00:06:39,840 --> 00:06:40,840 of dollars. 174 00:06:41,880 --> 00:06:44,189 But utilities aren't the only ones 175 00:06:44,190 --> 00:06:46,229 trying to implement these devices. 176 00:06:46,230 --> 00:06:48,539 Governments all over the world 177 00:06:48,540 --> 00:06:50,969 are pushing it even farther. 178 00:06:50,970 --> 00:06:53,129 We can see a very sharp increase 179 00:06:53,130 --> 00:06:54,989 in positive regulation all over the 180 00:06:54,990 --> 00:06:57,869 world, in the Middle East, in Australia 181 00:06:57,870 --> 00:06:59,639 and Japan, in all of East Asia in 182 00:06:59,640 --> 00:07:01,889 general, in the U.S. 183 00:07:01,890 --> 00:07:04,199 But the key region for 184 00:07:04,200 --> 00:07:06,389 that industry, the one with 185 00:07:06,390 --> 00:07:08,549 the most progressive regulation 186 00:07:08,550 --> 00:07:10,709 and goals, is actually 187 00:07:10,710 --> 00:07:11,710 Europe. 188 00:07:12,120 --> 00:07:14,549 The European Union has declared 189 00:07:14,550 --> 00:07:16,889 it aims to replace at least 80 190 00:07:16,890 --> 00:07:19,139 percent of all electricity meters 191 00:07:19,140 --> 00:07:21,269 in the region with smart meters by 192 00:07:21,270 --> 00:07:23,399 2020, four years from now, with 193 00:07:23,400 --> 00:07:25,469 a total investment of approximately 194 00:07:25,470 --> 00:07:28,049 forty five billion euros. 195 00:07:28,050 --> 00:07:30,329 Seventy two percent of all European 196 00:07:30,330 --> 00:07:32,429 consumers will have a smart meter for 197 00:07:32,430 --> 00:07:34,619 electricity, 72 percent from all 198 00:07:34,620 --> 00:07:36,389 of all the people in the crowd, for that 199 00:07:36,390 --> 00:07:37,689 matter. 200 00:07:37,690 --> 00:07:39,749 That extreme push both by 201 00:07:39,750 --> 00:07:41,879 governments and by utilities, has 202 00:07:41,880 --> 00:07:44,489 made it so that over 100 203 00:07:44,490 --> 00:07:46,739 million smart meters are already 204 00:07:46,740 --> 00:07:49,529 installed today all over the world. 205 00:07:49,530 --> 00:07:51,479 And if you thought that the installation 206 00:07:51,480 --> 00:07:54,119 of smart meters doesn't concern you, 207 00:07:54,120 --> 00:07:56,399 you should think again, because these 208 00:07:56,400 --> 00:07:58,499 are the countries that will replace 209 00:07:58,500 --> 00:08:00,269 at least 80 percent of their meters in 210 00:08:00,270 --> 00:08:01,349 the near future. 211 00:08:01,350 --> 00:08:03,899 Austria, Denmark, Estonia, 212 00:08:03,900 --> 00:08:06,329 Finland, France, Greece, Ireland, 213 00:08:06,330 --> 00:08:08,429 Italy, Luxembourg, Malta, the 214 00:08:08,430 --> 00:08:09,839 Netherlands, Poland, Romania, Spain, 215 00:08:09,840 --> 00:08:11,669 Sweden and the United Kingdom. 216 00:08:11,670 --> 00:08:14,609 Almost all of Europe 217 00:08:14,610 --> 00:08:16,739 will take part in this massive 218 00:08:16,740 --> 00:08:19,169 technological revolution. 219 00:08:19,170 --> 00:08:22,139 But what's the problem with that? 220 00:08:22,140 --> 00:08:24,509 Progress is always a good thing, 221 00:08:24,510 --> 00:08:25,799 right? 222 00:08:25,800 --> 00:08:28,649 The problem starts when governments 223 00:08:28,650 --> 00:08:31,109 and government agencies are forcing 224 00:08:31,110 --> 00:08:33,239 the installation of appliances that can 225 00:08:33,240 --> 00:08:35,668 interfere and communicate 226 00:08:35,669 --> 00:08:37,769 with civilians home appliances. 227 00:08:37,770 --> 00:08:39,869 The problem starts when 228 00:08:39,870 --> 00:08:42,119 there's a product to the market so huge 229 00:08:42,120 --> 00:08:44,279 it is installed in hundreds of 230 00:08:44,280 --> 00:08:46,349 millions of homes worldwide. 231 00:08:46,350 --> 00:08:48,509 The problem starts when 232 00:08:48,510 --> 00:08:50,459 that product is accessing the internal 233 00:08:50,460 --> 00:08:52,529 network of both the utility and 234 00:08:52,530 --> 00:08:54,719 the consumer. You see, the 235 00:08:54,720 --> 00:08:56,969 problem starts when 236 00:08:56,970 --> 00:08:59,249 this product, forced by governments 237 00:08:59,250 --> 00:09:01,589 installed everywhere with critical access 238 00:09:01,590 --> 00:09:03,779 points, is also dangerously 239 00:09:03,780 --> 00:09:04,780 insecure. 240 00:09:06,000 --> 00:09:08,099 But why are smart meters 241 00:09:08,100 --> 00:09:09,329 so critical? 242 00:09:09,330 --> 00:09:10,709 Let's have a look at what a hacker can 243 00:09:10,710 --> 00:09:11,249 do. 244 00:09:11,250 --> 00:09:13,889 If a hacker made their first of all, 245 00:09:13,890 --> 00:09:16,319 he could see exactly when and how much 246 00:09:16,320 --> 00:09:17,849 electricity you're using. 247 00:09:17,850 --> 00:09:19,799 He could know when you're in the house, 248 00:09:19,800 --> 00:09:21,509 if you have any expensive electronic 249 00:09:21,510 --> 00:09:23,609 equipment that might be worth stealing 250 00:09:23,610 --> 00:09:25,859 and obtain a lot of information about you 251 00:09:25,860 --> 00:09:27,509 and your family in general. 252 00:09:27,510 --> 00:09:29,999 The second thing it can do is basically 253 00:09:30,000 --> 00:09:30,989 billing fraud. 254 00:09:30,990 --> 00:09:32,579 He could set your bailing them out to 255 00:09:32,580 --> 00:09:34,739 whatever amount he'd like, whether it's 256 00:09:34,740 --> 00:09:36,869 one euro or ten thousand euros. 257 00:09:36,870 --> 00:09:39,179 You're going to be in a world of pain 258 00:09:39,180 --> 00:09:41,339 just by having to explain to the utility 259 00:09:41,340 --> 00:09:43,679 why their meter is faulty, why you didn't 260 00:09:43,680 --> 00:09:46,259 use ten thousand euros 261 00:09:46,260 --> 00:09:48,539 worth of electricity 262 00:09:48,540 --> 00:09:49,319 if you even catch it. 263 00:09:49,320 --> 00:09:50,819 I think time, of course. 264 00:09:50,820 --> 00:09:53,069 But these scenarios aren't that 265 00:09:53,070 --> 00:09:54,029 frightening. 266 00:09:54,030 --> 00:09:55,709 Sure. And attacker can make your life 267 00:09:55,710 --> 00:09:57,839 miserable, but it's not really 268 00:09:57,840 --> 00:09:59,819 dangerous. If you see when you turn on 269 00:09:59,820 --> 00:10:02,099 your TV, the scary 270 00:10:02,100 --> 00:10:03,149 stuff begins. 271 00:10:03,150 --> 00:10:04,679 When you think about the power these 272 00:10:04,680 --> 00:10:07,289 mothers have over your electricity 273 00:10:07,290 --> 00:10:09,479 network. If an attacker will hack your 274 00:10:09,480 --> 00:10:11,999 meter, he will have complete access 275 00:10:12,000 --> 00:10:13,859 to all the smart devices connected to 276 00:10:13,860 --> 00:10:15,689 this meter, whether it's your air 277 00:10:15,690 --> 00:10:17,789 conditioner, your fridge or your 278 00:10:17,790 --> 00:10:19,889 door lock. And attacker will be able 279 00:10:19,890 --> 00:10:22,409 to control each and every device. 280 00:10:22,410 --> 00:10:25,019 This will have very severe consequences 281 00:10:25,020 --> 00:10:26,639 the more your house is connected to the 282 00:10:26,640 --> 00:10:27,839 grid. 283 00:10:27,840 --> 00:10:29,909 Just imagine waking up 284 00:10:29,910 --> 00:10:31,919 in the morning just to find out you've 285 00:10:31,920 --> 00:10:33,319 been robbed by a burglar. 286 00:10:33,320 --> 00:10:35,389 Who didn't even had to break in 287 00:10:35,390 --> 00:10:37,429 because he could control and open your 288 00:10:37,430 --> 00:10:38,430 door through the meter. 289 00:10:39,380 --> 00:10:41,719 But even if your house doesn't 290 00:10:41,720 --> 00:10:44,299 contain any smart appliance, 291 00:10:44,300 --> 00:10:46,849 you are very far from being safe. 292 00:10:46,850 --> 00:10:49,459 Smart meters are positioned in a critical 293 00:10:49,460 --> 00:10:51,979 point in the electricity grid 294 00:10:51,980 --> 00:10:54,469 because of the high amounts of voltage 295 00:10:54,470 --> 00:10:56,179 the meter is handling. 296 00:10:56,180 --> 00:10:58,459 One faulty line of code 297 00:10:58,460 --> 00:11:00,559 could cause serious damage, 298 00:11:00,560 --> 00:11:03,109 and attacker who controls the meter 299 00:11:03,110 --> 00:11:05,209 also control the meter software 300 00:11:05,210 --> 00:11:07,669 allowing to literally blow 301 00:11:07,670 --> 00:11:10,009 the meter up just cause it 302 00:11:10,010 --> 00:11:12,259 to explode and start to fire where 303 00:11:12,260 --> 00:11:13,489 it used to be. 304 00:11:13,490 --> 00:11:15,319 And these aren't just imaginary 305 00:11:15,320 --> 00:11:16,589 scenarios. 306 00:11:16,590 --> 00:11:18,949 Puerto Rico has just suffer 307 00:11:18,950 --> 00:11:21,199 from a massive amount of billing fraud 308 00:11:21,200 --> 00:11:23,359 attacks, causing their utility to lose 309 00:11:23,360 --> 00:11:25,759 four hundred million dollars. 310 00:11:25,760 --> 00:11:27,859 And in Ontario, Smart 311 00:11:27,860 --> 00:11:30,079 Meters has literally caught 312 00:11:30,080 --> 00:11:32,809 fire and exploded without 313 00:11:32,810 --> 00:11:35,099 a cause to be found. 314 00:11:35,100 --> 00:11:36,889 Allow me to quote one of the 315 00:11:36,890 --> 00:11:39,679 firefighters, the response to the event. 316 00:11:39,680 --> 00:11:41,839 It's your hydrometer. 317 00:11:41,840 --> 00:11:44,029 You have a smart meter. 318 00:11:44,030 --> 00:11:46,309 If your house had been a wooden structure 319 00:11:46,310 --> 00:11:48,679 and not a brick structure, you wouldn't 320 00:11:48,680 --> 00:11:49,909 be alive today. 321 00:11:51,080 --> 00:11:53,149 And just so you realize how extremely 322 00:11:53,150 --> 00:11:55,759 dangerous these fires are. 323 00:11:55,760 --> 00:11:57,829 This is an image of the damage an 324 00:11:57,830 --> 00:11:59,570 exploding meteor caused in one case. 325 00:12:01,870 --> 00:12:03,339 So let's get technical. 326 00:12:03,340 --> 00:12:04,449 How do you hexameter? 327 00:12:13,930 --> 00:12:16,059 First off, there's the physical way, 328 00:12:16,060 --> 00:12:18,339 there's always the physical way in order 329 00:12:18,340 --> 00:12:19,989 to tamper with the meat or physically, 330 00:12:19,990 --> 00:12:22,009 you have to have physical access to it, 331 00:12:22,010 --> 00:12:24,279 obviously, which isn't 332 00:12:24,280 --> 00:12:26,109 very viable most of the time. 333 00:12:26,110 --> 00:12:28,869 And these are very easy to detect anyway, 334 00:12:28,870 --> 00:12:30,999 even if you did have access to the meter. 335 00:12:31,000 --> 00:12:33,219 There are tons of physical and temporary 336 00:12:33,220 --> 00:12:35,709 mechanisms inside the meter, hardware 337 00:12:35,710 --> 00:12:38,019 ranging from actual locks to 338 00:12:38,020 --> 00:12:39,759 flesh operating mechanisms. 339 00:12:39,760 --> 00:12:41,979 So the physical approach isn't really 340 00:12:41,980 --> 00:12:42,969 going to work. 341 00:12:42,970 --> 00:12:44,499 Trust me, I tried. 342 00:12:44,500 --> 00:12:47,019 Unfortunately, smart meters 343 00:12:47,020 --> 00:12:49,089 also support a wide range of 344 00:12:49,090 --> 00:12:50,829 wireless protocols. 345 00:12:50,830 --> 00:12:53,439 Protocols like Zogby and GSM 346 00:12:53,440 --> 00:12:56,019 are considered standard in the industry 347 00:12:56,020 --> 00:12:58,599 and they're used practically everywhere. 348 00:12:58,600 --> 00:13:00,699 These wireless protocols have 349 00:13:00,700 --> 00:13:02,769 been left in the dark with little to 350 00:13:02,770 --> 00:13:05,139 no security and doesn't require 351 00:13:05,140 --> 00:13:06,879 an attacker to be physically present near 352 00:13:06,880 --> 00:13:09,039 the meter in order to exploit an 353 00:13:09,040 --> 00:13:10,869 implementation vulnerability. 354 00:13:10,870 --> 00:13:13,209 These protocols also allow an attacker 355 00:13:13,210 --> 00:13:15,459 direct access to the smart meter 356 00:13:15,460 --> 00:13:17,499 firmware, which allows them to exploit 357 00:13:17,500 --> 00:13:19,689 many types of high level bugs like 358 00:13:19,690 --> 00:13:22,029 memory corruptions, for example. 359 00:13:22,030 --> 00:13:24,279 So naturally we focused 360 00:13:24,280 --> 00:13:26,289 more on these wireless protocol in our 361 00:13:26,290 --> 00:13:27,639 research. 362 00:13:27,640 --> 00:13:30,759 So how does the smart meter communicate? 363 00:13:30,760 --> 00:13:33,009 Well, in order to communicate with the 364 00:13:33,010 --> 00:13:35,349 energy utility, the meter often 365 00:13:35,350 --> 00:13:38,049 uses regular GSM, sometimes 366 00:13:38,050 --> 00:13:39,819 especially in crowded cities and 367 00:13:39,820 --> 00:13:40,929 skyscrapers. 368 00:13:40,930 --> 00:13:42,639 The meter communicates with the closest 369 00:13:42,640 --> 00:13:44,739 electric lock box using 370 00:13:44,740 --> 00:13:46,959 p.l.c., which then transmits 371 00:13:46,960 --> 00:13:49,359 the data back to the utility using 372 00:13:49,360 --> 00:13:50,559 GSM. 373 00:13:50,560 --> 00:13:53,019 So far, nothing too proprietary, 374 00:13:53,020 --> 00:13:55,269 just ordinary GSM operating 375 00:13:55,270 --> 00:13:57,459 on 3G or 4G networks. 376 00:13:57,460 --> 00:13:59,739 But what about home appliances? 377 00:13:59,740 --> 00:14:01,569 How does the meter communicate with them? 378 00:14:01,570 --> 00:14:03,939 Well, this is where the notorious Ziggler 379 00:14:03,940 --> 00:14:05,619 protocol comes into effect. 380 00:14:05,620 --> 00:14:07,029 In order to communicate with home 381 00:14:07,030 --> 00:14:09,789 appliances, the Smart Energy Standard 382 00:14:09,790 --> 00:14:11,859 has declared Digby smart energy 383 00:14:11,860 --> 00:14:14,799 should be used whenever possible. 384 00:14:14,800 --> 00:14:16,929 So the utility is using GSM to 385 00:14:16,930 --> 00:14:18,399 control the meter. 386 00:14:18,400 --> 00:14:19,509 And this could be smart. 387 00:14:19,510 --> 00:14:22,299 Energy is used to control your home. 388 00:14:22,300 --> 00:14:24,669 So why won't we 389 00:14:24,670 --> 00:14:26,679 use GSM to control the meter? 390 00:14:28,090 --> 00:14:30,429 Well, let's talk about encryption. 391 00:14:30,430 --> 00:14:32,769 What prevents attackers from 392 00:14:32,770 --> 00:14:35,379 using a GSM broadcaster near the meter 393 00:14:35,380 --> 00:14:37,089 in order to control it? 394 00:14:37,090 --> 00:14:39,429 Well, nothing. 395 00:14:39,430 --> 00:14:42,189 Some some utilities are not implementing 396 00:14:42,190 --> 00:14:44,359 any kind of encryption by the 397 00:14:44,360 --> 00:14:46,719 standard on their smart meters. 398 00:14:46,720 --> 00:14:48,789 This has been discussed even at twenty 399 00:14:48,790 --> 00:14:50,979 eight, fifty five years 400 00:14:50,980 --> 00:14:53,289 ago by Dario 401 00:14:53,290 --> 00:14:55,599 Carluccio and Stephan Brancowitz. 402 00:14:55,600 --> 00:14:57,459 I hope I pronounce that correctly. 403 00:14:57,460 --> 00:14:59,529 Yet many utilities didn't 404 00:14:59,530 --> 00:15:01,359 quite get a message and left their 405 00:15:01,360 --> 00:15:02,739 communication protocols completely 406 00:15:02,740 --> 00:15:03,740 unencrypted. 407 00:15:04,390 --> 00:15:06,969 But let's assume our utility 408 00:15:06,970 --> 00:15:09,039 is very security oriented and 409 00:15:09,040 --> 00:15:10,659 they are using encryption. 410 00:15:10,660 --> 00:15:13,359 What kind of encryption are they using? 411 00:15:13,360 --> 00:15:15,669 Well, most, if not all smart meters 412 00:15:15,670 --> 00:15:18,339 around the world only supports 413 00:15:18,340 --> 00:15:20,829 the A5 algorithm 414 00:15:20,830 --> 00:15:23,119 in order to communicate using GSM. 415 00:15:23,120 --> 00:15:25,299 I really heard that from the crowd. 416 00:15:25,300 --> 00:15:27,299 And you're completely right because the 417 00:15:27,300 --> 00:15:29,619 A5 algorithm has been known for 418 00:15:29,620 --> 00:15:32,229 many years to be relatively broken, 419 00:15:32,230 --> 00:15:33,999 but still kind of secure. 420 00:15:34,000 --> 00:15:36,129 So it can just brute force the encryption 421 00:15:36,130 --> 00:15:39,249 key and decrypt all communications. 422 00:15:39,250 --> 00:15:41,019 But what about hijacking? 423 00:15:41,020 --> 00:15:43,299 What happens if an attacker use some 424 00:15:43,300 --> 00:15:45,939 kind of a GSM test station 425 00:15:45,940 --> 00:15:48,249 and force the meter to use it 426 00:15:48,250 --> 00:15:50,349 by broadcasting stronger than 427 00:15:50,350 --> 00:15:52,479 the original base station? 428 00:15:52,480 --> 00:15:54,549 Well, in that case, the meter 429 00:15:54,550 --> 00:15:57,099 will not only connect to the station, 430 00:15:57,100 --> 00:15:59,499 it will also try to authenticate itself 431 00:15:59,500 --> 00:16:02,079 using its hard coded credentials, 432 00:16:02,080 --> 00:16:04,239 allowing the attacker to hijack the GPS 433 00:16:04,240 --> 00:16:06,279 traffic and completely take over the 434 00:16:06,280 --> 00:16:08,739 meter. But, you know, 435 00:16:08,740 --> 00:16:10,929 that's just one meter, right? 436 00:16:10,930 --> 00:16:13,059 Why can't attackers do that to 437 00:16:13,060 --> 00:16:15,429 all meters, one at a time? 438 00:16:15,430 --> 00:16:18,609 Well, not only they can, 439 00:16:18,610 --> 00:16:20,679 they won't have to, because all 440 00:16:20,680 --> 00:16:22,749 meters of the same thing is using 441 00:16:22,750 --> 00:16:24,769 the same. A finger then shows. 442 00:16:31,480 --> 00:16:33,729 If an attacker will gain access to one 443 00:16:33,730 --> 00:16:35,979 meter, it will have access to 444 00:16:35,980 --> 00:16:38,259 all one key 445 00:16:38,260 --> 00:16:39,260 to rule them all. 446 00:16:46,570 --> 00:16:48,819 The sad thing is that this 447 00:16:48,820 --> 00:16:51,429 whole security fiasco 448 00:16:51,430 --> 00:16:53,739 could have been avoided if 449 00:16:53,740 --> 00:16:56,769 utilities were using proper encryption 450 00:16:56,770 --> 00:16:59,049 in their GSM traffic and attacker 451 00:16:59,050 --> 00:17:01,359 wouldn't be able to hijack it if 452 00:17:01,360 --> 00:17:03,459 utilities were segmenting 453 00:17:03,460 --> 00:17:05,409 parts of the network instead of using one 454 00:17:05,410 --> 00:17:07,598 gite, LAN and Ataka wouldn't 455 00:17:07,599 --> 00:17:10,239 be able to access all the meters. 456 00:17:10,240 --> 00:17:12,549 And if utilities were actually 457 00:17:12,550 --> 00:17:14,979 monitoring the Smart Meter network, 458 00:17:14,980 --> 00:17:17,229 they would stop an attacker way before 459 00:17:17,230 --> 00:17:19,479 it could compromise their entire network. 460 00:17:19,480 --> 00:17:21,789 All in all, in its current state, 461 00:17:21,790 --> 00:17:24,098 the Smart Meter Network is 462 00:17:24,099 --> 00:17:27,429 completely exposed to attackers. 463 00:17:27,430 --> 00:17:29,679 But that's just how we attack 464 00:17:29,680 --> 00:17:30,879 the meters. 465 00:17:30,880 --> 00:17:33,069 What if an attacker doesn't want to use 466 00:17:33,070 --> 00:17:34,269 GSM? 467 00:17:34,270 --> 00:17:36,519 What if he wants to take over 468 00:17:36,520 --> 00:17:37,520 your house? 469 00:17:38,840 --> 00:17:41,139 Now's the time to talk about Ziggy. 470 00:17:41,140 --> 00:17:43,209 Ziggy is a communication protocol 471 00:17:43,210 --> 00:17:45,339 used in home area networks, as 472 00:17:45,340 --> 00:17:47,439 in the local networks used by your smart 473 00:17:47,440 --> 00:17:48,339 appliances. 474 00:17:48,340 --> 00:17:50,529 Now this protocol has 475 00:17:50,530 --> 00:17:52,689 been standardized in two thousand 476 00:17:52,690 --> 00:17:54,879 and three a year, in which 477 00:17:54,880 --> 00:17:57,219 the term information security 478 00:17:57,220 --> 00:17:59,529 made as little sense as 479 00:17:59,530 --> 00:18:01,659 collecting Donald Trump president for 480 00:18:01,660 --> 00:18:02,660 that matter. 481 00:18:03,220 --> 00:18:05,379 Now, keeping that in mind, Zogby 482 00:18:05,380 --> 00:18:07,809 also supports a huge amount 483 00:18:07,810 --> 00:18:10,029 of different devices, ranging from 484 00:18:10,030 --> 00:18:12,609 a simple light bulb to the most complex 485 00:18:12,610 --> 00:18:13,899 air conditioner. 486 00:18:13,900 --> 00:18:16,479 In order to do that, hundreds 487 00:18:16,480 --> 00:18:18,729 of hundreds of specifications has 488 00:18:18,730 --> 00:18:20,739 been created and implemented in the 489 00:18:20,740 --> 00:18:22,899 application layer of the protocol. 490 00:18:22,900 --> 00:18:25,149 This created a situation 491 00:18:25,150 --> 00:18:27,729 in which sometimes two different 492 00:18:27,730 --> 00:18:30,219 devices serving the same purpose 493 00:18:30,220 --> 00:18:32,559 say two toasters, had 494 00:18:32,560 --> 00:18:34,959 the same features implemented 495 00:18:34,960 --> 00:18:37,399 in a completely different way. 496 00:18:37,400 --> 00:18:39,789 On top of that, because 497 00:18:39,790 --> 00:18:42,069 of all the various use cases, 498 00:18:42,070 --> 00:18:44,289 smart devices serve this report, 499 00:18:44,290 --> 00:18:47,019 the secret protocol have 15 500 00:18:47,020 --> 00:18:49,149 different flavors, including home 501 00:18:49,150 --> 00:18:51,429 automation, health care and, of course, 502 00:18:51,430 --> 00:18:53,949 smart energy, among others. 503 00:18:53,950 --> 00:18:56,469 This unique situation 504 00:18:56,470 --> 00:18:59,319 in which amendatory protocol 505 00:18:59,320 --> 00:19:01,929 covers an enormous amount 506 00:19:01,930 --> 00:19:04,389 of possible use cases 507 00:19:04,390 --> 00:19:06,969 is so difficult to implement. 508 00:19:06,970 --> 00:19:09,279 Vendors actually chose 509 00:19:09,280 --> 00:19:11,559 what they want to implement, and 510 00:19:11,560 --> 00:19:13,779 when vendors choose 511 00:19:13,780 --> 00:19:15,999 what to support, they 512 00:19:16,000 --> 00:19:18,549 more often than not completely 513 00:19:18,550 --> 00:19:19,690 skip security. 514 00:19:20,770 --> 00:19:22,809 So how do you use Igby in order to 515 00:19:22,810 --> 00:19:25,629 hexameter this question 516 00:19:25,630 --> 00:19:27,039 into three parts? 517 00:19:27,040 --> 00:19:28,809 The first is design problems. 518 00:19:28,810 --> 00:19:30,879 What misguided design decisions can 519 00:19:30,880 --> 00:19:32,589 we try to exploit? 520 00:19:32,590 --> 00:19:35,049 The second are implementation bugs. 521 00:19:35,050 --> 00:19:37,149 How was the protocol implemented 522 00:19:37,150 --> 00:19:39,219 inside them through firmware? 523 00:19:39,220 --> 00:19:41,289 And lastly, management. 524 00:19:41,290 --> 00:19:43,959 What mistakes does utilities do 525 00:19:43,960 --> 00:19:46,209 regarding their meters? 526 00:19:46,210 --> 00:19:47,829 So let's start straight with design 527 00:19:47,830 --> 00:19:49,149 problems. 528 00:19:49,150 --> 00:19:51,459 When a smart Hobb not a meter 529 00:19:51,460 --> 00:19:53,709 acting, basically a Sprouter detects 530 00:19:53,710 --> 00:19:55,989 a new device that wants to join the home 531 00:19:55,990 --> 00:19:57,249 area network. 532 00:19:57,250 --> 00:19:59,319 It prompts the user to approve it 533 00:19:59,320 --> 00:20:01,659 before starting any form of communication 534 00:20:01,660 --> 00:20:04,119 with it. That way, only approved 535 00:20:04,120 --> 00:20:06,189 devices will be able to access the 536 00:20:06,190 --> 00:20:07,359 private network. 537 00:20:07,360 --> 00:20:08,679 Seems very logical. 538 00:20:08,680 --> 00:20:11,289 That is important because the entire 539 00:20:11,290 --> 00:20:13,569 home area network is basically using 540 00:20:13,570 --> 00:20:15,909 the same network encryption key. 541 00:20:15,910 --> 00:20:18,369 This means that if an attacker is able 542 00:20:18,370 --> 00:20:20,739 to obtain that key, he could 543 00:20:20,740 --> 00:20:22,869 access and mask itself as any 544 00:20:22,870 --> 00:20:25,089 device. For example, he might 545 00:20:25,090 --> 00:20:27,159 mask himself as the hub itself 546 00:20:27,160 --> 00:20:28,929 and send different commands to devices 547 00:20:28,930 --> 00:20:30,309 around the house. 548 00:20:30,310 --> 00:20:32,379 Thus, this network is a 549 00:20:32,380 --> 00:20:34,719 very important thing. 550 00:20:34,720 --> 00:20:36,789 That's why Zuby Smart Energy 551 00:20:36,790 --> 00:20:38,889 Networks are using a one hundred 552 00:20:38,890 --> 00:20:41,049 twenty eight bits in order to encrypt 553 00:20:41,050 --> 00:20:43,179 its communication, which is my 554 00:20:43,180 --> 00:20:46,119 emails are encrypted with two thousand 555 00:20:46,120 --> 00:20:46,449 bits. 556 00:20:46,450 --> 00:20:48,879 But sure, now 557 00:20:48,880 --> 00:20:51,279 in a regular smart jobs, the only 558 00:20:51,280 --> 00:20:52,969 way an attacker might be able to steal 559 00:20:52,970 --> 00:20:55,359 the keys by sniffing the network 560 00:20:55,360 --> 00:20:57,309 traffic the exact moment the device is 561 00:20:57,310 --> 00:20:59,769 added, which is kind of difficult. 562 00:20:59,770 --> 00:21:01,299 This is because whenever the device is 563 00:21:01,300 --> 00:21:03,549 approved to the network, the hub 564 00:21:03,550 --> 00:21:05,709 sends it the networking, 565 00:21:05,710 --> 00:21:06,909 abstracting the whole process a bit. 566 00:21:06,910 --> 00:21:08,829 But that's the bottom line. 567 00:21:08,830 --> 00:21:10,989 Smart meters or on 568 00:21:10,990 --> 00:21:13,059 the other hand, are very different 569 00:21:13,060 --> 00:21:15,219 from smart hubs because 570 00:21:15,220 --> 00:21:16,839 that's a bit amazing. 571 00:21:16,840 --> 00:21:18,339 But whenever a device want to join the 572 00:21:18,340 --> 00:21:20,499 network, the meter does not try 573 00:21:20,500 --> 00:21:22,779 to make sure it actually should 574 00:21:22,780 --> 00:21:25,149 and just replies with short. 575 00:21:25,150 --> 00:21:26,150 There's the key 576 00:21:27,790 --> 00:21:30,219 that this means 577 00:21:30,220 --> 00:21:32,289 that if we disguise ourselves as a 578 00:21:32,290 --> 00:21:34,569 new smart device, we will be added 579 00:21:34,570 --> 00:21:36,759 automatically to the home area 580 00:21:36,760 --> 00:21:40,329 network, granting us the secret network. 581 00:21:40,330 --> 00:21:42,249 Using that networking, we could 582 00:21:42,250 --> 00:21:44,439 impersonate ourselves as 583 00:21:44,440 --> 00:21:46,659 the actual. Meter, we could communicate 584 00:21:46,660 --> 00:21:48,789 and control any device around the house 585 00:21:48,790 --> 00:21:51,189 from way across the street, for example, 586 00:21:51,190 --> 00:21:53,439 we can open up locks, try to shorten 587 00:21:53,440 --> 00:21:55,479 the electricity system and basically 588 00:21:55,480 --> 00:21:57,119 whatever we want. 589 00:21:57,120 --> 00:21:59,409 Now, another 590 00:21:59,410 --> 00:22:01,659 thing we can do is start communicating 591 00:22:01,660 --> 00:22:03,729 with the meter itself by communicating 592 00:22:03,730 --> 00:22:05,439 with the meter. We are actually granting 593 00:22:05,440 --> 00:22:08,049 ourselves a fast attack surface, 594 00:22:08,050 --> 00:22:10,449 the entire Zogby handling 595 00:22:10,450 --> 00:22:11,379 mechanism. 596 00:22:11,380 --> 00:22:13,839 This is not dangerous by itself, 597 00:22:13,840 --> 00:22:17,439 but leads us directly to implementation. 598 00:22:17,440 --> 00:22:19,629 Now, today, smart meters are based 599 00:22:19,630 --> 00:22:21,819 either on our Linux or 600 00:22:21,820 --> 00:22:24,849 plain proprietary are embedded systems. 601 00:22:24,850 --> 00:22:27,039 Keep that. Keep in mind the smart 602 00:22:27,040 --> 00:22:29,229 meters are supposed to be cheap. 603 00:22:29,230 --> 00:22:31,509 Thus they are often lacking both CPU 604 00:22:31,510 --> 00:22:33,609 power and memory 605 00:22:33,610 --> 00:22:35,709 because these processors are 606 00:22:35,710 --> 00:22:37,989 so modest, so to speak, 607 00:22:37,990 --> 00:22:40,209 the embedded code handling 608 00:22:40,210 --> 00:22:42,549 Ziba communication is often shortened 609 00:22:42,550 --> 00:22:44,169 and optimized. 610 00:22:44,170 --> 00:22:46,239 This sounds nice, but in reality 611 00:22:46,240 --> 00:22:48,309 this leads to code that often lacks 612 00:22:48,310 --> 00:22:50,709 security checks like buffer 613 00:22:50,710 --> 00:22:52,479 size checks, for example. 614 00:22:53,710 --> 00:22:55,209 But successfully exploiting a buffer 615 00:22:55,210 --> 00:22:57,489 overflow attack in a meter might 616 00:22:57,490 --> 00:22:59,589 prove to be a very tough 617 00:22:59,590 --> 00:23:01,289 thing to do. 618 00:23:01,290 --> 00:23:02,589 That's why you don't actually have to do 619 00:23:02,590 --> 00:23:04,039 that in order to break the meter. 620 00:23:05,140 --> 00:23:07,419 A simple segmentation fault 621 00:23:07,420 --> 00:23:09,519 will completely crash the meter, 622 00:23:09,520 --> 00:23:11,739 causing an electricity shutdown at 623 00:23:11,740 --> 00:23:12,699 the premise. 624 00:23:12,700 --> 00:23:14,769 On top of that, some 625 00:23:14,770 --> 00:23:17,349 crashes will actually cause death, 626 00:23:17,350 --> 00:23:18,819 if you remember. 627 00:23:18,820 --> 00:23:21,039 So all you have to do in order 628 00:23:21,040 --> 00:23:23,619 to burn someone's house 629 00:23:23,620 --> 00:23:25,420 is send a very long header string, 630 00:23:29,690 --> 00:23:31,479 putting the memory corruptions and 631 00:23:31,480 --> 00:23:33,609 exploding meters inside 632 00:23:33,610 --> 00:23:35,949 the other very severe weakness 633 00:23:35,950 --> 00:23:37,359 often found in meters. 634 00:23:37,360 --> 00:23:39,459 And basically a lot 635 00:23:39,460 --> 00:23:41,739 of other devices are hard coded 636 00:23:41,740 --> 00:23:42,879 credentials. 637 00:23:42,880 --> 00:23:45,639 Most meeta have at least one 638 00:23:45,640 --> 00:23:48,219 debug board available for technicians. 639 00:23:48,220 --> 00:23:50,559 These debug boards are often using 640 00:23:50,560 --> 00:23:53,289 the same credentials over 641 00:23:53,290 --> 00:23:55,479 and over again. 642 00:23:55,480 --> 00:23:57,729 In one case, we saw the credentials 643 00:23:57,730 --> 00:23:59,529 for a very popular vendor. 644 00:23:59,530 --> 00:24:01,090 Let's call it Latron 645 00:24:02,140 --> 00:24:04,209 Smart Meter War route 646 00:24:04,210 --> 00:24:06,909 as the user name and Lutron 647 00:24:06,910 --> 00:24:07,960 as the password. 648 00:24:09,550 --> 00:24:11,619 Not surprising, though, as they 649 00:24:11,620 --> 00:24:13,899 don't think anyone will 650 00:24:13,900 --> 00:24:15,249 actually trying to communicate with it. 651 00:24:15,250 --> 00:24:17,199 They're not making any effort to make it 652 00:24:17,200 --> 00:24:18,200 secure. 653 00:24:18,700 --> 00:24:20,409 The other very important point about 654 00:24:20,410 --> 00:24:23,199 implementation problems is encryption. 655 00:24:23,200 --> 00:24:25,479 As we saw earlier, each utility 656 00:24:25,480 --> 00:24:27,699 is using only one Perski 657 00:24:27,700 --> 00:24:29,679 in order to control its entire network of 658 00:24:29,680 --> 00:24:30,759 smart meters. 659 00:24:30,760 --> 00:24:33,399 But what about the zombie network? 660 00:24:33,400 --> 00:24:35,529 If it was impossible to inject a new 661 00:24:35,530 --> 00:24:38,019 device and hijack the key, 662 00:24:38,020 --> 00:24:40,419 like I showed earlier, will still 663 00:24:40,420 --> 00:24:42,029 be possible to bring the encryption. 664 00:24:43,300 --> 00:24:45,399 Yes, because and 665 00:24:45,400 --> 00:24:46,389 you won't believe it. 666 00:24:46,390 --> 00:24:48,549 The one hundred twenty eight beat a 667 00:24:48,550 --> 00:24:50,559 yes guy was talking about. 668 00:24:50,560 --> 00:24:52,299 It's not really made out of one hundred 669 00:24:52,300 --> 00:24:54,429 twenty eight random bits. 670 00:24:54,430 --> 00:24:56,709 Instead, the key is derived out 671 00:24:56,710 --> 00:24:58,959 of Mehta's installation code. 672 00:24:58,960 --> 00:24:59,889 S in the code. 673 00:24:59,890 --> 00:25:02,169 The manufacturer assigns each meter, 674 00:25:02,170 --> 00:25:04,539 which can be as high as the sixteen 675 00:25:04,540 --> 00:25:06,819 by random string, but the saw as 676 00:25:06,820 --> 00:25:09,099 short as six, 677 00:25:09,100 --> 00:25:11,349 meaning the maximum amount of random 678 00:25:11,350 --> 00:25:13,689 beats is indeed one hundred twenty eight. 679 00:25:13,690 --> 00:25:15,999 But because the standard allows 680 00:25:16,000 --> 00:25:18,219 it, most keys are only 681 00:25:18,220 --> 00:25:20,769 made out of six random bytes, meaning 682 00:25:20,770 --> 00:25:23,319 forty eight bits. 683 00:25:23,320 --> 00:25:25,389 This is exactly what 684 00:25:25,390 --> 00:25:27,519 happens when you 685 00:25:27,520 --> 00:25:30,549 let vendors decide for themselves 686 00:25:30,550 --> 00:25:33,819 which parts of the standard to implement 687 00:25:33,820 --> 00:25:36,159 security is often 688 00:25:36,160 --> 00:25:37,160 neglected. 689 00:25:38,440 --> 00:25:40,629 Which leads us directly 690 00:25:40,630 --> 00:25:42,249 to bed management. 691 00:25:42,250 --> 00:25:44,439 Smart meters are already 692 00:25:44,440 --> 00:25:46,629 implemented in a very wide 693 00:25:46,630 --> 00:25:47,630 scale. 694 00:25:48,580 --> 00:25:50,649 These security problems 695 00:25:50,650 --> 00:25:52,929 are not going to just go away. 696 00:25:52,930 --> 00:25:55,059 On the contrary, we are going to see 697 00:25:55,060 --> 00:25:57,159 a sharp increase in smart meters 698 00:25:57,160 --> 00:25:58,779 hacking attempts because they they're 699 00:25:58,780 --> 00:26:00,879 such an easy target. 700 00:26:00,880 --> 00:26:03,129 Yet most utilities are 701 00:26:03,130 --> 00:26:05,169 not even monitoring their network of 702 00:26:05,170 --> 00:26:07,359 smart meters, let alone the smart 703 00:26:07,360 --> 00:26:09,069 meters themselves. 704 00:26:09,070 --> 00:26:11,919 Utilities have to understand 705 00:26:11,920 --> 00:26:14,349 that with great power comes great 706 00:26:14,350 --> 00:26:16,689 responsibility for 707 00:26:16,690 --> 00:26:18,879 their infrastructure, for their 708 00:26:18,880 --> 00:26:19,779 municipal. 709 00:26:19,780 --> 00:26:22,179 They operate in for 710 00:26:22,180 --> 00:26:24,639 their customers, for you, 711 00:26:24,640 --> 00:26:26,889 just as they monitor their other 712 00:26:26,890 --> 00:26:29,289 private networks, they have to step 713 00:26:29,290 --> 00:26:31,809 up and protect this one, too. 714 00:26:31,810 --> 00:26:34,299 And in order to do just that, we 715 00:26:34,300 --> 00:26:36,459 as a community have to act 716 00:26:36,460 --> 00:26:37,419 fast. 717 00:26:37,420 --> 00:26:39,579 This is why we had Valtierra. 718 00:26:39,580 --> 00:26:41,709 I really seen in the upcoming weeks 719 00:26:41,710 --> 00:26:44,289 our own meter fuzzing tool. 720 00:26:44,290 --> 00:26:46,089 So you will have the power to inspect 721 00:26:46,090 --> 00:26:48,909 smart meters legally by yourself. 722 00:26:48,910 --> 00:26:51,219 You need to be in charge 723 00:26:51,220 --> 00:26:53,349 again, discover new 724 00:26:53,350 --> 00:26:55,599 bugs and vulnerabilities and report them. 725 00:26:55,600 --> 00:26:57,789 Mail your government officials, 726 00:26:57,790 --> 00:27:00,489 arrange debates on a national level, 727 00:27:00,490 --> 00:27:03,189 inform the public of the dangers 728 00:27:03,190 --> 00:27:05,349 of neglecting security. 729 00:27:05,350 --> 00:27:07,809 We are giving you the tools 730 00:27:07,810 --> 00:27:10,179 to regain control, 731 00:27:10,180 --> 00:27:12,669 reclaim your home 732 00:27:12,670 --> 00:27:13,959 or someone else will. 733 00:27:15,110 --> 00:27:16,110 Thank you very much. 734 00:27:30,770 --> 00:27:31,770 I'm scared already, 735 00:27:33,770 --> 00:27:36,380 so we have plenty of time for questions. 736 00:27:37,910 --> 00:27:40,069 We have, I think, eight microphones 737 00:27:40,070 --> 00:27:41,299 here, one there, one there, one there, 738 00:27:41,300 --> 00:27:43,070 one there and two up there. 739 00:27:44,150 --> 00:27:45,559 If you can make your way up to the 740 00:27:45,560 --> 00:27:47,569 microphone. We will take your questions, 741 00:27:47,570 --> 00:27:49,430 make sure they actually our questions. 742 00:27:50,480 --> 00:27:52,399 No, preferably. 743 00:27:52,400 --> 00:27:53,539 I'll start with one. 744 00:27:55,050 --> 00:27:56,269 Yeah. 745 00:27:56,270 --> 00:27:58,340 You raise a number of very good points. 746 00:28:00,000 --> 00:28:01,939 I've been designing electricity meters 747 00:28:01,940 --> 00:28:04,069 for five years and two years 748 00:28:04,070 --> 00:28:05,479 ago I started designing the smart grid 749 00:28:05,480 --> 00:28:06,739 myself in the Netherlands 750 00:28:08,300 --> 00:28:09,409 as an I.T. 751 00:28:09,410 --> 00:28:11,599 security personnel or a 752 00:28:11,600 --> 00:28:13,609 security person in the digital grid. 753 00:28:13,610 --> 00:28:14,610 Right. 754 00:28:16,250 --> 00:28:17,929 I want to make one notice, and that is 755 00:28:17,930 --> 00:28:19,669 debt exploding meters. 756 00:28:19,670 --> 00:28:21,559 Using software is simply not possible. 757 00:28:23,600 --> 00:28:25,639 They simply do not have hardware that can 758 00:28:25,640 --> 00:28:26,959 explode that you can control with 759 00:28:26,960 --> 00:28:29,189 software. So simple as that. 760 00:28:29,190 --> 00:28:31,399 So don't 761 00:28:31,400 --> 00:28:33,349 be scared about your meter exploding 762 00:28:33,350 --> 00:28:34,609 because of a hacker. It's not going to 763 00:28:34,610 --> 00:28:35,610 happen, 764 00:28:37,340 --> 00:28:38,720 if I'm not mistaken. 765 00:28:45,300 --> 00:28:46,410 If I'm not mistaken, 766 00:28:47,580 --> 00:28:49,949 the Ontario government officials 767 00:28:49,950 --> 00:28:51,839 will probably disagree because their 768 00:28:51,840 --> 00:28:53,309 meters did explode. 769 00:28:53,310 --> 00:28:55,829 Now, in the official report 770 00:28:55,830 --> 00:28:58,529 developed right after these explosions, 771 00:28:58,530 --> 00:29:00,719 they couldn't figure out how 772 00:29:00,720 --> 00:29:02,009 exactly they exploded. 773 00:29:02,010 --> 00:29:04,079 They said the same thing, that the 774 00:29:04,080 --> 00:29:06,599 meter isn't capable of exploding 775 00:29:06,600 --> 00:29:08,189 because it lacks the hardware. 776 00:29:08,190 --> 00:29:10,319 But later they found out that if 777 00:29:10,320 --> 00:29:12,629 one of the chips 778 00:29:12,630 --> 00:29:14,909 had the, uh, 779 00:29:14,910 --> 00:29:17,039 electricity a short, I 780 00:29:17,040 --> 00:29:18,040 think 781 00:29:19,620 --> 00:29:21,899 it could cause the meter to 782 00:29:21,900 --> 00:29:25,019 mishandle the entire 783 00:29:25,020 --> 00:29:26,879 voltage, you know, passing through it and 784 00:29:26,880 --> 00:29:29,249 just overheat and then explode 785 00:29:29,250 --> 00:29:31,529 like the chips just overheat and explode. 786 00:29:31,530 --> 00:29:32,729 And, you know, in that case, they didn't 787 00:29:32,730 --> 00:29:34,769 just explode because that amount of 788 00:29:34,770 --> 00:29:36,929 voltage was so great. 789 00:29:36,930 --> 00:29:38,969 So, you know, it's possible that the 790 00:29:38,970 --> 00:29:40,619 Netherlands doesn't have an exploding in 791 00:29:40,620 --> 00:29:41,620 meters. 792 00:29:42,210 --> 00:29:43,799 But, you know, I've seen plenty of 793 00:29:43,800 --> 00:29:45,959 exploding meters, but never because of 794 00:29:45,960 --> 00:29:47,159 anything related to sulfur. 795 00:29:47,160 --> 00:29:49,409 It's usually because the installer 796 00:29:49,410 --> 00:29:50,789 forgot to tighten the screws and they 797 00:29:50,790 --> 00:29:51,790 overheat. 798 00:29:52,860 --> 00:29:54,529 Yeah, that's what I'm talking about. 799 00:29:55,920 --> 00:29:57,809 I like to take the microphone next. 800 00:29:57,810 --> 00:29:59,049 That is somebody standing up there, isn't 801 00:29:59,050 --> 00:29:59,449 it? 802 00:29:59,450 --> 00:30:00,629 Yeah. 803 00:30:00,630 --> 00:30:03,029 My question is, is it possible 804 00:30:03,030 --> 00:30:05,199 to attack the vendor 805 00:30:05,200 --> 00:30:07,529 of the power 806 00:30:07,530 --> 00:30:09,809 plants of vuoso smart meters? 807 00:30:09,810 --> 00:30:12,390 If you attack the which is very XXVI 808 00:30:13,740 --> 00:30:16,079 defenders probably want to be a target 809 00:30:16,080 --> 00:30:18,569 because they are not using smart meters. 810 00:30:18,570 --> 00:30:21,509 The utilities will be a target 811 00:30:21,510 --> 00:30:23,129 because of that. That's why vendors 812 00:30:23,130 --> 00:30:24,749 doesn't really care about security, 813 00:30:24,750 --> 00:30:27,179 because they're not the ones affected. 814 00:30:27,180 --> 00:30:29,699 So you can hack the utility 815 00:30:29,700 --> 00:30:30,599 for the smart meter. 816 00:30:30,600 --> 00:30:32,699 It has been proven both by us and 817 00:30:32,700 --> 00:30:35,009 other researchers, but the vendors 818 00:30:35,010 --> 00:30:37,349 are probably out of the picture for now, 819 00:30:37,350 --> 00:30:38,350 thanks 820 00:30:39,780 --> 00:30:41,219 to police. 821 00:30:41,220 --> 00:30:42,959 Yeah, I used to work on an Iot company 822 00:30:42,960 --> 00:30:44,789 and it seemed like the problem with a lot 823 00:30:44,790 --> 00:30:46,829 of this is that there's not motivation 824 00:30:46,830 --> 00:30:48,929 for people installing these devices 825 00:30:48,930 --> 00:30:50,069 to make us secure. 826 00:30:50,070 --> 00:30:52,149 And even when some of us, 827 00:30:52,150 --> 00:30:54,179 as developers said, this is broken, it 828 00:30:54,180 --> 00:30:56,069 was usually schippert it because we have 829 00:30:56,070 --> 00:30:58,529 to. So how would you recommend 830 00:30:58,530 --> 00:31:00,629 us as engineers addressing the cultural 831 00:31:00,630 --> 00:31:02,909 problem of shipping shitty Iot 832 00:31:02,910 --> 00:31:03,910 devices? 833 00:31:04,530 --> 00:31:06,269 That's a great question. 834 00:31:06,270 --> 00:31:08,459 I think I think every software 835 00:31:08,460 --> 00:31:10,739 engineer has come to a point 836 00:31:10,740 --> 00:31:12,179 where you ask themselves that very 837 00:31:12,180 --> 00:31:14,339 question about, you know, 838 00:31:14,340 --> 00:31:16,829 bottom line management decisions. 839 00:31:16,830 --> 00:31:19,199 You ask software engineers can't really 840 00:31:19,200 --> 00:31:21,569 spend that much time on security 841 00:31:21,570 --> 00:31:23,309 unless you're told so. 842 00:31:23,310 --> 00:31:26,249 So the problem should be solved, 843 00:31:26,250 --> 00:31:28,319 you know, from the top, not from 844 00:31:28,320 --> 00:31:29,729 the bottom. In that case, no. 845 00:31:29,730 --> 00:31:31,419 In my opinion. 846 00:31:31,420 --> 00:31:32,579 All right. 847 00:31:32,580 --> 00:31:34,529 Internet there was a question from the 848 00:31:34,530 --> 00:31:36,929 Internet just before, are these 849 00:31:36,930 --> 00:31:39,570 searchable if you on or other methods? 850 00:31:40,590 --> 00:31:41,669 Well, if they're connected to the 851 00:31:41,670 --> 00:31:43,619 Internet, then the answer is yes. 852 00:31:43,620 --> 00:31:45,989 But most often they're not there. 853 00:31:45,990 --> 00:31:48,509 They have their own LAN network 854 00:31:48,510 --> 00:31:49,829 and they are not really connected to the 855 00:31:49,830 --> 00:31:50,830 Internet. 856 00:31:51,780 --> 00:31:53,849 If you do happen to find some, please 857 00:31:53,850 --> 00:31:54,850 let me know. 858 00:31:55,820 --> 00:31:58,409 That will be interesting to please. 859 00:31:58,410 --> 00:32:00,059 Hi, thanks for the great talk. 860 00:32:00,060 --> 00:32:02,309 We'd like to ask you to watch 861 00:32:02,310 --> 00:32:03,839 to present and all the talks presented 862 00:32:03,840 --> 00:32:05,609 here regarding mass surveillance, 863 00:32:05,610 --> 00:32:07,709 everything about it. 864 00:32:07,710 --> 00:32:09,839 What do you think if all 865 00:32:09,840 --> 00:32:12,209 this bad design decisions are made, 866 00:32:12,210 --> 00:32:12,929 then purpose. 867 00:32:12,930 --> 00:32:14,819 So we would be easily 868 00:32:16,200 --> 00:32:16,859 correct. 869 00:32:16,860 --> 00:32:19,169 We're looking at it with bad 870 00:32:19,170 --> 00:32:20,999 design decisions because we're, you know, 871 00:32:21,000 --> 00:32:21,929 security people. 872 00:32:21,930 --> 00:32:22,889 We do security. 873 00:32:22,890 --> 00:32:24,539 And for us it's bad. 874 00:32:24,540 --> 00:32:26,549 But for the government is actually very 875 00:32:26,550 --> 00:32:28,139 good. They want to know what you're 876 00:32:28,140 --> 00:32:29,909 using. They want to know when you're 877 00:32:29,910 --> 00:32:32,189 using it. They want to predict what 878 00:32:32,190 --> 00:32:33,629 you will be using. 879 00:32:33,630 --> 00:32:36,239 There's a very obvious reason 880 00:32:36,240 --> 00:32:38,639 as to why this whole industry industry 881 00:32:38,640 --> 00:32:40,619 is booming right now, and that is 882 00:32:40,620 --> 00:32:42,239 definitely control. 883 00:32:42,240 --> 00:32:43,949 I don't know if surveillance is the 884 00:32:43,950 --> 00:32:45,900 correct word, but 885 00:32:47,010 --> 00:32:49,679 better understanding civilians 886 00:32:49,680 --> 00:32:51,509 is definitely on the topic here. 887 00:32:52,620 --> 00:32:53,939 I'm number one. 888 00:32:53,940 --> 00:32:56,369 I'm just asking, is there actually a 889 00:32:56,370 --> 00:32:58,469 central patch management or stuff 890 00:32:58,470 --> 00:33:00,719 for that? Because we saw, you 891 00:33:00,720 --> 00:33:02,909 know, some weeks ago that 892 00:33:02,910 --> 00:33:04,829 because of shitty implementation of a 893 00:33:04,830 --> 00:33:06,899 home router, like a big part of Germany 894 00:33:06,900 --> 00:33:09,029 was offline because of an attack. 895 00:33:09,030 --> 00:33:11,099 And if I think about, you 896 00:33:11,100 --> 00:33:13,289 know, you just shut off whole 897 00:33:13,290 --> 00:33:15,209 smart meters and nobody has a way to 898 00:33:15,210 --> 00:33:17,459 patch them, it would be quite bad 899 00:33:17,460 --> 00:33:18,460 for a country. 900 00:33:19,650 --> 00:33:21,749 That's a good question, because, first 901 00:33:21,750 --> 00:33:23,789 of all, they do have a sort of patching 902 00:33:23,790 --> 00:33:26,129 system. They do have a few more upgrades. 903 00:33:26,130 --> 00:33:28,469 All right. But the hardware 904 00:33:28,470 --> 00:33:30,569 itself is not going to change 905 00:33:30,570 --> 00:33:31,749 the meters. 906 00:33:31,750 --> 00:33:34,019 You know, life cycle is approximately 907 00:33:34,020 --> 00:33:35,489 twenty five years. 908 00:33:35,490 --> 00:33:37,739 So, you know, even with 909 00:33:37,740 --> 00:33:40,199 the best firmware upgrading 910 00:33:40,200 --> 00:33:42,449 the world and the best encryption keys 911 00:33:42,450 --> 00:33:44,109 in the world, the meter. 912 00:33:44,110 --> 00:33:46,119 Can support, you know, up to a certain 913 00:33:46,120 --> 00:33:48,249 level, so we'll 914 00:33:48,250 --> 00:33:51,039 see what happens in about 20 years and 915 00:33:51,040 --> 00:33:53,899 if the patching system really worked, 916 00:33:53,900 --> 00:33:55,389 like to take a question from the Internet 917 00:33:55,390 --> 00:33:56,390 again. 918 00:33:57,620 --> 00:33:59,929 Why roll out smart meters on home level 919 00:33:59,930 --> 00:34:01,849 anyway, would technically not be enough 920 00:34:01,850 --> 00:34:04,039 to roll them out on street level to 921 00:34:04,040 --> 00:34:06,829 adjust the power in the grid. 922 00:34:06,830 --> 00:34:09,049 It will be enough if the cities 923 00:34:09,050 --> 00:34:11,119 themselves would would be 924 00:34:11,120 --> 00:34:13,189 the only ones wanting smart 925 00:34:13,190 --> 00:34:15,408 meters. But utilities are wanting smart 926 00:34:15,409 --> 00:34:17,749 meters. Utilities want to control 927 00:34:17,750 --> 00:34:19,968 each and every consumer's home. 928 00:34:19,969 --> 00:34:22,339 So, you know, setting up, setting 929 00:34:22,340 --> 00:34:24,678 them up on the street can be effective 930 00:34:24,679 --> 00:34:26,539 to a certain point for cities. 931 00:34:26,540 --> 00:34:28,999 But the utilities, they have to have 932 00:34:29,000 --> 00:34:31,279 a meter for every consumer, for 933 00:34:31,280 --> 00:34:33,429 every house, for every apartment. 934 00:34:34,820 --> 00:34:35,820 Microphone three. 935 00:34:37,670 --> 00:34:39,979 In Germany, we have the situation that 936 00:34:39,980 --> 00:34:42,439 the smart meters are becoming 937 00:34:42,440 --> 00:34:44,569 mandatory over a couple of 938 00:34:44,570 --> 00:34:46,819 years, which is a bad thing 939 00:34:46,820 --> 00:34:48,948 in my opinion. And but they are also 940 00:34:48,949 --> 00:34:51,109 going through a very rigid certification 941 00:34:51,110 --> 00:34:53,238 process, which is a good thing, although 942 00:34:53,239 --> 00:34:55,369 it does not open source and verifiable by 943 00:34:55,370 --> 00:34:57,559 the U.S. to see, for example, not 944 00:34:57,560 --> 00:35:00,349 so good. However, what is the status 945 00:35:00,350 --> 00:35:02,479 in your community and your 946 00:35:02,480 --> 00:35:03,480 sphere? 947 00:35:04,280 --> 00:35:05,869 Are they becoming mandatory? 948 00:35:05,870 --> 00:35:08,089 And is there are 949 00:35:08,090 --> 00:35:10,159 other plans 950 00:35:10,160 --> 00:35:12,319 to certify them before 951 00:35:12,320 --> 00:35:14,689 they can be put online and 952 00:35:14,690 --> 00:35:16,729 put into operation? 953 00:35:16,730 --> 00:35:18,799 Well, um, part of the 954 00:35:18,800 --> 00:35:20,689 German specifications is online. 955 00:35:20,690 --> 00:35:21,690 You can read it. 956 00:35:22,750 --> 00:35:24,169 I did so myself. 957 00:35:24,170 --> 00:35:26,749 Um, anyway, did the whole 958 00:35:26,750 --> 00:35:28,909 you know, German standardization 959 00:35:28,910 --> 00:35:31,219 is often taken security 960 00:35:31,220 --> 00:35:33,709 as a recommended thing to have 961 00:35:33,710 --> 00:35:35,839 both the Germany in the US and 962 00:35:35,840 --> 00:35:37,909 all Europe in its entirety 963 00:35:37,910 --> 00:35:40,429 are just recommending utilities 964 00:35:40,430 --> 00:35:41,989 to implement security. 965 00:35:41,990 --> 00:35:44,299 But once you recommend 966 00:35:44,300 --> 00:35:46,699 something to these large organizations, 967 00:35:46,700 --> 00:35:48,829 they are you know, they often won't 968 00:35:48,830 --> 00:35:50,389 really implement it. 969 00:35:50,390 --> 00:35:52,549 So my hope is 970 00:35:52,550 --> 00:35:54,799 that this stock will bring 971 00:35:54,800 --> 00:35:56,089 some change. 972 00:35:56,090 --> 00:35:57,409 This is why I'm standing here. 973 00:35:57,410 --> 00:35:59,629 I want these standards and 974 00:35:59,630 --> 00:36:01,889 situation to be changed. 975 00:36:01,890 --> 00:36:04,249 Uh, but that's going to happen only 976 00:36:04,250 --> 00:36:06,499 if we as a community will, 977 00:36:06,500 --> 00:36:08,719 you know, act together to make 978 00:36:08,720 --> 00:36:10,219 that happen. 979 00:36:10,220 --> 00:36:11,419 So microphone seven. 980 00:36:15,870 --> 00:36:18,869 Hi, as I'm destined, 981 00:36:18,870 --> 00:36:20,939 Europe wants to 982 00:36:20,940 --> 00:36:23,099 install it right out everywhere, 983 00:36:23,100 --> 00:36:25,439 so they will probably go on 984 00:36:25,440 --> 00:36:27,779 by being a good example and rolling 985 00:36:27,780 --> 00:36:30,119 out in every public administration 986 00:36:30,120 --> 00:36:31,619 and so on. 987 00:36:31,620 --> 00:36:33,779 So there might be a bit of leverage here 988 00:36:33,780 --> 00:36:35,639 if, you know, you go to your 989 00:36:35,640 --> 00:36:37,649 administration and, oh, well, the 990 00:36:37,650 --> 00:36:39,269 computers don't work anymore because 991 00:36:39,270 --> 00:36:41,189 there is no current, no energy. 992 00:36:42,460 --> 00:36:44,759 Well, I do not support any illegal 993 00:36:44,760 --> 00:36:46,889 activities for or for 994 00:36:46,890 --> 00:36:47,639 the protocol. 995 00:36:47,640 --> 00:36:48,640 And 996 00:36:50,130 --> 00:36:51,539 something needs to be changed and 997 00:36:51,540 --> 00:36:54,119 something needs to be done in order for 998 00:36:54,120 --> 00:36:55,619 these large organization to actually 999 00:36:55,620 --> 00:36:57,059 change something. 1000 00:36:57,060 --> 00:36:58,979 How it's going to be done, that's up to 1001 00:36:58,980 --> 00:37:01,379 you, because your your German 1002 00:37:01,380 --> 00:37:04,019 is. I'm unfortunately not, but, 1003 00:37:04,020 --> 00:37:05,020 uh. 1004 00:37:06,070 --> 00:37:08,259 I don't know if threatening will 1005 00:37:08,260 --> 00:37:10,659 will be the key 1006 00:37:10,660 --> 00:37:13,059 in this in this debate, 1007 00:37:13,060 --> 00:37:14,060 but. 1008 00:37:14,760 --> 00:37:16,819 Definitely something like I don't know, 1009 00:37:16,820 --> 00:37:18,599 I don't want to recommend anything 1010 00:37:18,600 --> 00:37:21,119 specific, so microphone 1011 00:37:21,120 --> 00:37:22,859 to talk. 1012 00:37:22,860 --> 00:37:25,439 Did you look at any data that show 1013 00:37:25,440 --> 00:37:27,959 the balance between big consumers 1014 00:37:27,960 --> 00:37:30,119 like factories and shopping malls and 1015 00:37:30,120 --> 00:37:32,309 offices and households with 1016 00:37:32,310 --> 00:37:34,260 smart meters and smart devices? 1017 00:37:35,760 --> 00:37:37,979 The question is, can the 1018 00:37:37,980 --> 00:37:39,900 controlling of smart devices 1019 00:37:41,130 --> 00:37:43,679 have a benefit for the managing 1020 00:37:43,680 --> 00:37:46,919 of the change to renewable energies? 1021 00:37:46,920 --> 00:37:49,199 Well, of course, smart meters also 1022 00:37:49,200 --> 00:37:51,629 allow consumers to generate 1023 00:37:51,630 --> 00:37:53,759 electricity himself and sell it back 1024 00:37:53,760 --> 00:37:55,859 to the utility through solar panels or 1025 00:37:55,860 --> 00:37:58,049 whatnot. So there are 1026 00:37:58,050 --> 00:38:00,239 a lot of reasons for why 1027 00:38:00,240 --> 00:38:02,549 smart meters are becoming so popular, for 1028 00:38:02,550 --> 00:38:04,929 why they are being regulated so heavily. 1029 00:38:04,930 --> 00:38:06,229 A lot of reasons, trust me. 1030 00:38:07,500 --> 00:38:09,629 Microphone for I 1031 00:38:09,630 --> 00:38:11,939 have a question about your 1032 00:38:11,940 --> 00:38:15,149 2038 problem 1033 00:38:15,150 --> 00:38:17,579 because you say, well, smart 1034 00:38:17,580 --> 00:38:19,769 meters are installed for 25 1035 00:38:19,770 --> 00:38:20,759 years now. 1036 00:38:20,760 --> 00:38:22,829 Well, at least if you can sum 1037 00:38:22,830 --> 00:38:25,289 up this year 1038 00:38:25,290 --> 00:38:27,989 plus twenty five and you come 1039 00:38:27,990 --> 00:38:30,119 in the area of two thousand thirty 1040 00:38:30,120 --> 00:38:32,339 eight, is the problem handled 1041 00:38:32,340 --> 00:38:34,799 and is it a security issue 1042 00:38:34,800 --> 00:38:35,800 at all? 1043 00:38:36,930 --> 00:38:39,029 Are you asking about two thousand thirty 1044 00:38:39,030 --> 00:38:40,599 eight right now? Yes. 1045 00:38:40,600 --> 00:38:42,569 I have no idea what's going to be two 1046 00:38:42,570 --> 00:38:44,369 thousand for. I have no idea. 1047 00:38:44,370 --> 00:38:47,069 Well because the time will overflow 1048 00:38:47,070 --> 00:38:48,209 so. 1049 00:38:48,210 --> 00:38:50,669 Well will it then just stop 1050 00:38:50,670 --> 00:38:52,079 or will it just 1051 00:38:53,340 --> 00:38:55,589 put a wrong date on the data 1052 00:38:55,590 --> 00:38:57,749 or what will happen or is 1053 00:38:57,750 --> 00:38:58,829 it handled at all? 1054 00:39:00,250 --> 00:39:02,919 I have no idea this 1055 00:39:02,920 --> 00:39:04,329 going to be at the center for the I 1056 00:39:04,330 --> 00:39:05,739 understand the question. 1057 00:39:05,740 --> 00:39:07,989 I think I 1058 00:39:07,990 --> 00:39:10,219 think most of them, you know, date 1059 00:39:10,220 --> 00:39:12,309 wise, we'll probably 1060 00:39:12,310 --> 00:39:14,559 need a software update patch, 1061 00:39:14,560 --> 00:39:16,779 but they are acting on, 1062 00:39:16,780 --> 00:39:19,669 if I'm not mistaken, a 30 to bit 1063 00:39:19,670 --> 00:39:21,639 kind of professor. So we'll see. 1064 00:39:23,180 --> 00:39:24,729 Sounds like a great debate for Twitter. 1065 00:39:24,730 --> 00:39:26,959 Your microphone eight. 1066 00:39:26,960 --> 00:39:28,099 See you in twenty five years. 1067 00:39:29,900 --> 00:39:31,159 Yeah, hi. 1068 00:39:31,160 --> 00:39:33,319 I'm happy that you put 1069 00:39:33,320 --> 00:39:35,839 this topic to 1070 00:39:35,840 --> 00:39:38,089 this conference and I think it's very 1071 00:39:38,090 --> 00:39:40,339 important to talk about this topic. 1072 00:39:40,340 --> 00:39:42,739 But I'm kind of unhappy 1073 00:39:42,740 --> 00:39:45,169 that you did this by 1074 00:39:45,170 --> 00:39:47,449 fearing and 1075 00:39:47,450 --> 00:39:50,359 I'm not very happy about 1076 00:39:50,360 --> 00:39:52,129 how you presented it, because you're 1077 00:39:52,130 --> 00:39:54,139 simplified a lot and. 1078 00:39:59,940 --> 00:40:02,459 You simplified a lot, and I don't think 1079 00:40:02,460 --> 00:40:04,739 that this is the way we get a better 1080 00:40:04,740 --> 00:40:07,139 solution, and that's what we should 1081 00:40:07,140 --> 00:40:08,369 aim for. 1082 00:40:08,370 --> 00:40:09,929 That's a good point. That's a good point. 1083 00:40:09,930 --> 00:40:12,269 I did frighten a lot 1084 00:40:12,270 --> 00:40:14,879 of it was on purpose, of course, because 1085 00:40:14,880 --> 00:40:16,499 we are security experts. 1086 00:40:16,500 --> 00:40:18,119 We hear something can get hacked and we 1087 00:40:18,120 --> 00:40:20,009 want to do something about that. 1088 00:40:20,010 --> 00:40:21,569 We care about these things because we 1089 00:40:21,570 --> 00:40:23,499 understand the situation. 1090 00:40:23,500 --> 00:40:25,919 But, you know, common people 1091 00:40:25,920 --> 00:40:28,109 who aren't in the security industry 1092 00:40:28,110 --> 00:40:30,539 doesn't really know the effects of 1093 00:40:30,540 --> 00:40:32,219 someone hacking their meters. 1094 00:40:32,220 --> 00:40:34,769 So it is 1095 00:40:34,770 --> 00:40:37,529 mainly, you know, all the 1096 00:40:37,530 --> 00:40:39,659 frightening points, so 1097 00:40:39,660 --> 00:40:42,149 to speak, is targeted to them. 1098 00:40:42,150 --> 00:40:44,219 So they will understand what's going 1099 00:40:44,220 --> 00:40:46,409 on. But that that is a valid 1100 00:40:46,410 --> 00:40:47,410 point, you know. 1101 00:40:49,560 --> 00:40:50,880 The Internet has another question. 1102 00:40:53,690 --> 00:40:55,939 Why use wireless protocols and not 1103 00:40:55,940 --> 00:40:58,009 use a power line, 1104 00:40:58,010 --> 00:40:59,689 they do use power line. 1105 00:40:59,690 --> 00:41:01,489 I mentioned they use power lines on 1106 00:41:01,490 --> 00:41:03,859 skyscrapers and so 1107 00:41:03,860 --> 00:41:04,339 on. 1108 00:41:04,340 --> 00:41:06,619 There is a very hard 1109 00:41:06,620 --> 00:41:09,079 limit to the extent p.l.c. 1110 00:41:09,080 --> 00:41:10,099 will work. 1111 00:41:10,100 --> 00:41:12,559 So they are using it for 1112 00:41:12,560 --> 00:41:13,999 short distances. 1113 00:41:14,000 --> 00:41:15,499 But when they are trying to communicate 1114 00:41:15,500 --> 00:41:17,509 with the command and control server, they 1115 00:41:17,510 --> 00:41:18,859 have to use some kind of wireless 1116 00:41:18,860 --> 00:41:19,860 protocol. 1117 00:41:20,950 --> 00:41:23,349 Microphone two, I 1118 00:41:23,350 --> 00:41:25,299 did you look into any other protocols in 1119 00:41:25,300 --> 00:41:27,219 Hollywood formation, not only sick, 1120 00:41:27,220 --> 00:41:29,559 because I think many American 1121 00:41:29,560 --> 00:41:31,449 big thing there and other countries, 1122 00:41:31,450 --> 00:41:33,699 continents, there are other protocols. 1123 00:41:33,700 --> 00:41:35,429 If you look into that, there are there 1124 00:41:35,430 --> 00:41:37,149 are protocols. The main protocol in the 1125 00:41:37,150 --> 00:41:39,219 smart energy industry is igby. 1126 00:41:39,220 --> 00:41:41,829 And, you know, its power is about 99 1127 00:41:41,830 --> 00:41:43,749 something percent of all smart meters in 1128 00:41:43,750 --> 00:41:46,149 the world. So we try to focus on that. 1129 00:41:46,150 --> 00:41:48,249 We didn't really look at other more 1130 00:41:48,250 --> 00:41:49,330 proprietary protocols. 1131 00:41:50,680 --> 00:41:52,779 Micron three I have 1132 00:41:52,780 --> 00:41:54,399 a question about the possibility of 1133 00:41:54,400 --> 00:41:56,679 controlling local Iot devices 1134 00:41:56,680 --> 00:41:58,839 because I'm not aware of many smart 1135 00:41:58,840 --> 00:42:01,299 meters designs, but ultimately 1136 00:42:01,300 --> 00:42:03,369 these are connected totally passively 1137 00:42:03,370 --> 00:42:04,269 to the power grid. 1138 00:42:04,270 --> 00:42:06,369 So what are the chances of 1139 00:42:06,370 --> 00:42:09,459 controlling local Iot devices 1140 00:42:09,460 --> 00:42:11,739 separately, not only by turning 1141 00:42:11,740 --> 00:42:13,839 on or off the whole power 1142 00:42:13,840 --> 00:42:16,429 grid, if it's even possible? 1143 00:42:16,430 --> 00:42:17,319 Um. 1144 00:42:17,320 --> 00:42:19,779 Well, let me answer on a journal, 1145 00:42:19,780 --> 00:42:21,129 General note here. 1146 00:42:21,130 --> 00:42:23,679 If the device 1147 00:42:23,680 --> 00:42:26,049 is using certain wireless protocols, 1148 00:42:26,050 --> 00:42:28,149 then it won't be only possible 1149 00:42:28,150 --> 00:42:29,799 to hack it. It will be probably pretty 1150 00:42:29,800 --> 00:42:32,019 easy. But if 1151 00:42:32,020 --> 00:42:33,969 it won't use any wireless protocol, you 1152 00:42:33,970 --> 00:42:36,579 know, it is going to use only p.l.c. 1153 00:42:36,580 --> 00:42:39,149 or, you know, 1154 00:42:39,150 --> 00:42:42,249 uh, I don't know, Ethernet or something. 1155 00:42:42,250 --> 00:42:44,319 It will be more difficult to to hack 1156 00:42:44,320 --> 00:42:46,419 it just for, you know, because 1157 00:42:46,420 --> 00:42:48,369 of the simple reason that utilities can 1158 00:42:48,370 --> 00:42:50,409 detect it more easily than wireless 1159 00:42:50,410 --> 00:42:51,369 attacks. 1160 00:42:51,370 --> 00:42:52,839 Mm hmm. OK, thanks. 1161 00:42:52,840 --> 00:42:53,840 Microphone eight. 1162 00:42:54,850 --> 00:42:55,239 Hi. 1163 00:42:55,240 --> 00:42:57,069 I'd like to know if you had a look at it 1164 00:42:57,070 --> 00:42:59,559 from way of deploying smart metering, 1165 00:42:59,560 --> 00:43:01,629 especially the, uh, the 1166 00:43:01,630 --> 00:43:04,239 whole hierarchy of smart meters, 1167 00:43:04,240 --> 00:43:06,309 smart meter database and then up to the 1168 00:43:06,310 --> 00:43:08,099 gateway administrator you're talking 1169 00:43:08,100 --> 00:43:10,359 about. I'm sorry. 1170 00:43:10,360 --> 00:43:12,099 You're talking about Itron. 1171 00:43:12,100 --> 00:43:14,169 I don't know the 1172 00:43:14,170 --> 00:43:16,299 let's call it Chumby of smart 1173 00:43:16,300 --> 00:43:17,919 metering because we have quite a 1174 00:43:17,920 --> 00:43:20,079 different approach to it, if less 1175 00:43:20,080 --> 00:43:22,149 secure Nosik be and 1176 00:43:22,150 --> 00:43:23,229 more like a 1177 00:43:24,280 --> 00:43:27,219 more centralized infrastructure. 1178 00:43:27,220 --> 00:43:29,589 In what way is it more centralized? 1179 00:43:29,590 --> 00:43:32,019 Just so I get the whole picture, 1180 00:43:32,020 --> 00:43:34,179 you have your Amita's not only smart 1181 00:43:34,180 --> 00:43:36,459 meters, but also analog meters may 1182 00:43:36,460 --> 00:43:38,529 connect to a smart meter gateway 1183 00:43:38,530 --> 00:43:41,079 and those cables connect to a 1184 00:43:41,080 --> 00:43:42,549 gateway administrator. 1185 00:43:42,550 --> 00:43:44,019 Deliver all the data. 1186 00:43:44,020 --> 00:43:45,579 Mm hmm. So we have 1187 00:43:47,200 --> 00:43:49,569 Nosik B MASH 1188 00:43:49,570 --> 00:43:51,699 devices in your home and. 1189 00:43:51,700 --> 00:43:54,129 Well, I don't have a definitive 1190 00:43:54,130 --> 00:43:55,779 answer for that because we focused on 1191 00:43:55,780 --> 00:43:58,419 smart meters that do use Digby. 1192 00:43:58,420 --> 00:44:00,759 And, um, 1193 00:44:00,760 --> 00:44:02,799 you know, that's a good question. 1194 00:44:02,800 --> 00:44:05,379 Maybe come later and we'll discuss it 1195 00:44:05,380 --> 00:44:07,179 a bit further because I don't want to, 1196 00:44:07,180 --> 00:44:09,339 you know, steal time from 1197 00:44:09,340 --> 00:44:11,589 anyone else right now. 1198 00:44:11,590 --> 00:44:13,419 So I think there was one question from 1199 00:44:13,420 --> 00:44:14,739 the Internet. 1200 00:44:14,740 --> 00:44:16,119 There are still a couple of questions, 1201 00:44:16,120 --> 00:44:17,829 but I'll start with one here. 1202 00:44:17,830 --> 00:44:19,419 Since the smart meters are being 1203 00:44:19,420 --> 00:44:21,549 legislated into being installed, could we 1204 00:44:21,550 --> 00:44:23,379 also work on improving legislation 1205 00:44:23,380 --> 00:44:24,699 regarding security? 1206 00:44:24,700 --> 00:44:25,809 Of course. Of course. 1207 00:44:25,810 --> 00:44:27,339 That's what we should do. 1208 00:44:27,340 --> 00:44:29,529 We should improve legislation about 1209 00:44:29,530 --> 00:44:30,339 security. 1210 00:44:30,340 --> 00:44:32,439 And, uh, that's the 1211 00:44:32,440 --> 00:44:34,359 whole point, basically, because if we 1212 00:44:34,360 --> 00:44:36,519 force vendors and utilities to implement 1213 00:44:36,520 --> 00:44:38,379 better security, they just won't do it. 1214 00:44:38,380 --> 00:44:40,419 But if the government will force them, 1215 00:44:40,420 --> 00:44:41,530 it's a whole different story. 1216 00:44:43,520 --> 00:44:45,709 So we've none no more from the floor, 1217 00:44:45,710 --> 00:44:46,710 do I take another one? 1218 00:44:48,540 --> 00:44:50,759 On to the book, Portus 1219 00:44:50,760 --> 00:44:52,920 talked about protected by SEALs 1220 00:44:53,940 --> 00:44:56,219 in some areas, they are in some meters 1221 00:44:56,220 --> 00:44:56,999 they aren't. 1222 00:44:57,000 --> 00:45:00,059 It really depends on the vendor, but 1223 00:45:00,060 --> 00:45:01,530 the technicians that 1224 00:45:02,700 --> 00:45:04,859 do come physically to the meter 1225 00:45:04,860 --> 00:45:06,269 will have access to it. 1226 00:45:06,270 --> 00:45:08,369 So even if it is sealed, we 1227 00:45:08,370 --> 00:45:10,499 can still communicate with it and not 1228 00:45:10,500 --> 00:45:11,880 worry about the ceiling later. 1229 00:45:14,720 --> 00:45:16,309 And I think that's the end of the 1230 00:45:16,310 --> 00:45:18,379 questions I would like to thank 1231 00:45:18,380 --> 00:45:20,899 Marty for his great presentation. 1232 00:45:20,900 --> 00:45:21,900 Thank you very much.