how-to block ads
|
|
Uniqs:
4598 |
Share Topic
 |
 |
|
|
|
| reply to ropeguru
Re: Hackers steal BMWs in 3 minutes using security loophole said by ropeguru:said by Duncan Hurst :Smartmeters will do the same thing for your home, a hackers delight, and also a delight for the feds to intrude on your privacy. All of this technology is a trojan horse that makes your privacy evaporate, and gives the control freaks and power monger sickos more manipulative ability.
This will end badly, mark my words.
So a hacker getting into a smart meter can get what? My electricity usage history? MY GOD! THEY CAN GET MY USAGE HISTORY! Running now to put tin foil around my meter!!! Give me a break! Maybe you should stop and think for a moment.. Smart-meters can provide intense detail on a home. Such as who is home, what they are doing, if they are sleeping or not, or if they are heading to work, etc. Then we can go further into how they can isolate voice discussions from the signal variances of the lines, this of course isn't new technology. I happen to know a few insiders at our power company who tell me their ability to extract data is quite stunning. This doesn't even address the potential for your device to be hacked, or what about the ability to potentially cause overloads? CIA has already been bragging how much they will 'enjoy' every home being hooked up. Each device in your home has a specific EMF signature that can be remotely identified when a smart-meter is installed. In the old days pot growers could be spotted based on power usage, that's nothing with what they can do with the meters installed! | |
davePremium,MVM
join:2000-05-04
not in ohio
kudos:8 | reply to Shady Bimmer
Good point... although the config option could simply come with a warning that you're totally screwed if you lose all your keys. So, the owners choices would be (1) leave it alone, or (2) make sure there is always an offsite backup key somewhere.
But I imagine that BMW themselves know the VIN to keycode mapping. At what point is the keycode baked in, and how hard? By definition, if I choose this config option, I am locking out the 'independent garage'.
Does BMW have any vacancies for amateur security programmers?  | |
 BlitzenZeusBurnt Out CynicPremium
join:2000-01-13
kudos:2
 ·Frontier FiOS
| It does seem like they were backed into a corner, and advertising this exploit in the regulation would have only made the problem worse. Yet hiding it, and claiming ignorance is just as bad.
It would seem a multi-layer method would mostly work, definitely not allow the car to be stolen in a few minutes. A new set of keys comes with a rom controller, you can't just replace it as the cars main controller needs to register it with a series of codes to register the device which even register via the satellite uplink, and when this car is stolen the kit can be tracked to the shop/person who sold it. The kits could only be bought by licensed dealers, and all must be accounted for. Any stolen kits can be reported so they can be blacklisted in the database. This assumes that there is no other exploit to bypass this, and that employees are not part of an inside job. Nothing is perfect. Remotes already tend to have revolving codes, so the next time they communicate they send a different code so a scanner just can't send the previous code, but even that code generation could be cracked.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent out necks before emperors. But today we kneel only to the truth- Kahlil G. | | |
|
| reply to dave
said by dave:But I imagine that BMW themselves know the VIN to keycode mapping. At what point is the keycode baked in, and how hard? By definition, if I choose this config option, I am locking out the 'independent garage'. Without going into too much detail, every key has a unique electronic ID along with technology to thwart snooping/copying/replicating, which could potentially include but would not be limited to rolling codes. It wouldn't matter if anyone knew an existing individual key ID alone as this would not be valid. This is where adding an electronic ID to a physical key provides its benefit: uniquely identifying every key with the ability to authenticate only a specific authorized set of keys. That authentication is two factor, combining physical characteristic ("something you have") with an electronic characteristic ("something you know"). Take away either, as is the case with pure electronic key fobs or with pure physical keys, and you have what could now be considered a vulnerability or weakness.
Does BMW have any vacancies for amateur security programmers? | |
davePremium,MVM
join:2000-05-04
not in ohio
kudos:8 | Maybe not, but that's the only one of concern to me! | |
| reply to ropeguru
My electricity usage history? MY GOD! THEY CAN GET MY USAGE HISTORY!
Exactly. From that, someone can determine what time you go to work, go to bed, when you've gone on vacation, etc. to determine the best time to break in. You'd be suprised to know what can be determined from a log. Some of these systems allow for remote appliance control. How would you like getting pranked: Coming home to a house w/ no AC and temp of 100 degrees...
Stuff like this needs to be designed with security built-in from the start. | |
| said by anon12345 :My electricity usage history? MY GOD! THEY CAN GET MY USAGE HISTORY!
Exactly. From that, someone can determine what time you go to work, go to bed, when you've gone on vacation, etc. to determine the best time to break in. You'd be suprised to know what can be determined from a log. Some of these systems allow for remote appliance control. How would you like getting pranked: Coming home to a house w/ no AC and temp of 100 degrees...
Stuff like this needs to be designed with security built-in from the start.
This can be deadly, what about coming home with a 100-110' home and a dead dog or cat from the heat? How about triggering an overload of smart appliances, or a surge on the meter itself? It's very likely all of this could be done. What about the govt. not liking an activist so much, deciding to surge his home, or tamper with things to mess with his mind? Very easy once everything gets hooked up.
My analog meter has a padlock on it, they've tried secretly switching it out multiple times. But if they eventually force me to do it it's a simple matter of installing a faraday cage over it, then removing it 'just before' they call to come out and see why it's not working. We can play that game for years and years if they want - watch me. Anyone can put one of these together quite simply, but enterprising folks are already selling them; »smartmetershield.com/order-shield/ | |
Reviews:
 ·SONIC.NET
·AT&T U-Verse
 ·Comcast
| reply to Ward Reyes
said by Ward Reyes :Then we can go further into how they can isolate voice discussions from the signal variances of the lines That would require a direct tap into the line with the voice monitoring equipment. Smart meters do not do this, nor do they monitor the line with enough granularity to extract this data from their logs. 15 minute (or even 5 minute) snapshots will tell you how much electricity someone has used, but can not tell you what that electricity was used for, who it was used by, whether it was used while someone was awake, asleep, home, at the store, out for a drive, at work, having sex, or eating dinner. | |
Reviews:
·SONIC.NET
·AT&T U-Verse
·Comcast
1 edit | reply to Russ Ewing
The remote appliance control aspect certainly does alarm me. Luckily, that is an optional "service" with most providers. There are two ways I've seen it set up: either two meters and two panels, with the "switchable" equipment being on one panel and the always-on stuff in another; or, one meter and panel, with remote-controllable breakers paired to the meter for some appliances. The first options kills the entire "switchable" panel, while the second allows for more granular control.
I, personally, would never allow such a system to be installed in my home, but I do see the merits of it for some people, provided that they carefully weigh the consequences of losing power to the connected appliances unexpectedly. Until these systems can be proven secure (current systems are quite the opposite, for certain), they should not be made available, though.
I guess, though, that my perspective is a bit different than some, given that I live in an area that sees rolling blackouts during the summer, due to an overstressed grid. If a system like this can allow my critical appliances (stove, fridge, some lighting) to stay on, while cutting power to non-essentials like HVAC, most lighting, TV, video games, microwave, and water heater, I could certainly support it. I would want some level of control in the matter, however, and some assurance of security. For example, if the temperature of my water heater drops below a defined level for some amount of time, kick power back over to it. Likewise if the temperature in my home goes too high or too low, restore power to my heater or AC. Something like this would allow my power company to selectively shut off non-essential appliances when the grid was overloaded, rather than killing my stove in the middle of cooking dinner. I'm all for that.
As for the nonsense of "surging someone's home"... The meters can turn power on and off, they do not control the voltage or current flowing through them beyond that, they simply measure it. There are two 120v hot wires, of opposing phases, and a neutral wire, which run to the meter; the same wires which run to your analog meter now. The meter can't suddenly dial up the voltage. Period.
Unless you have your windows blacked out, no more information about your activities can be gleaned from reading your meter log than can currently be gleaned from simply watching your house. Even with blacked out windows, there is still a huge amount of information that can be found out through other methods, without tapping your power lines. If you've already gone so far as to black out your windows, you can bet you're under other forms of surveillance, anyway; if they want your electrical usage without you knowing they've got it, they have a smart meter on the transformer and each of your neighbors' homes. Subtract their usage from the transformer output and BAM, what's left? | |
|
