You can now hack electricity meters in Spain
The configuration of the PLC communication protocols with which the meters remotely report consumption travels in plain text and with the password 00000001, which makes it easy to modify the firmware to commit electrical fraud by declaring less consumption or modifying the power limit.
Electricity meters in Spain can be hacked quite easily, and it seems that they do not care at all that any user can leave an entire block without electricity, and even alter consumption or change the electrical power of the meter. telemanagement.
The well-known cybersecurity firm Tarlogic has been working for some years to check the security of this type of remote management meters that are used in the vast majority of our homes,
and taking into account that according to the electricity companies there is nothing to fix, they have launched a hardware tool and all the necessary software to exploit the different security holes at RootedCON 2022.
Vulnerabilities discovered by Tarlogic
The well-known Galician cybersecurity company Tarlogic has been investigating how electricity meters work for about two years,
and they have discovered different vulnerabilities that could allow total control of them.
The company has contacted on many occasions with the main electricity distributors in Spain,
but the only answers they have had is that the system is secure and there is no vulnerability.
The company offered to the power companies to solve these vulnerabilities, but the power companies have not responded, in addition,
They went to the PRIME Alliance, which is the telemanagement network for all meters, and they have also been informed that their network is completely secure.
Now this company at RootedCON 2022 has published all the research in full, in addition, they have provided the code
source of the developed tool and they have also communicated the hardware that we must use to carry out all the tests.
Right now, anyone who wants to check the security of their remote management meter will be able to do it from the plug in their kitchen.
The first vulnerability discovered is that the exchange of messages is not encrypted, so they can be read without any problem and also modified on the fly.
Another vulnerability is that it does not allow secure authentication.
Although part of the traffic does travel encrypted using the DLMS protocol, most of it does not and uses unencrypted keys, so it can be hacked really easily.
With these vulnerabilities, a possible attacker could take control of a network of meters and issue orders to cut off supply, alter registered consumption and much more.
In addition, these meters communicate directly with the distributors through a network of “hubs”,
and Tarlogic has shown that these hubs can also be controlled remotely from any outlet in the house.
