Alright, we’re calling it — we need a pejorative equivalent to “script kiddie” to describe someone using a Flipper Zero for annoyingly malign purposes. If you need an example, check out the apparent smart meter snuff video below.
The video was posted by [Peter Fairlie], who we assume is the operator of the Flipper Zero pictured. The hapless target smart meter is repeatedly switched on and off with the Flipper — some smart meters have contactors built in so that service can be disconnected remotely for non-payment or in emergencies — which rapidly starts and stops a nearby AC compressor. Eventually, the meter releases a puff of Magic Smoke, filling its transparent enclosure and obscuring the display. The Flipper’s operator mutters a few expletives at the results, but continues turning the meter on and off even more rapidly before eventually running away from the scene of the crime.
We qualify this as “apparent” because the minute we saw this over on RTL-SDR.com, we reached out to reverse engineer par excellence and smart meter aficionado [Hash] for an opinion. Spoiler alert: [Hash] thinks it’s an elaborate hoax; the debunking starts at the 4:32 mark in the second video below. The most damning evidence is that the model of smart meter shown in the video doesn’t even have a disconnect, so whatever [Peter] is controlling with the Flipper, it ain’t the meter. Also, [Hash] figured out where [Peter] lives — he doxxed himself in a previous video — and not only does the meter shown in the video not belong to the Canadian power company serving the house, StreetView shows that there’s a second meter, suggesting that this meter may have been set up specifically for the lulz.
It should go without saying that Hackaday is about as supportive of hardware experimentation as an organization can be. But there have to be some boundaries, and even if this particular video turns out to be a hoax, it clearly steps over the line. Stuff like this paints a poor picture of what hardware hacking is all about, and leads to unintended consequences that make it harder for all of us to get the tools we need.
Meanwhile even researchers can’t get one where I live because the bad press caused the telecoms agency to ban importing it.
Flipper makes the schematics open source don’t they? Can’t your research team build one from base components?
P.S. one wonders if the vid appearing to show vandalism of a meter via a Flipper Zero is some sort of false-flag, an attempt by someone who wants them banned to fabricate evidence that makes them look scary.
Occam’s razor. The simplest solution is often the right one. This isn’t a false flag, this is a goober skid trying to get internet clout. They wouldn’t have doxxed themselves with their full name as well as home address if they weren’t pants-on-head braindead.
Maybe this is the smart meter marketing department at work? Manufacturing fake crisis is accepted lobbying technique these days.
But 3rd party
Yes, that is a pretty bad move on someone’s part, as whoever lived inside would have a bunch of other potential problems, not to mention being wiothout power if it caused the power to fail.
That also why I hatyed the TV-Be-Gone product, as you be turning off somone else TV. What right do you have to do that?
I see this more as a problem of the meter. We need MORE, not less, of such fun and games out there, as there is no other way to force vendors to implement even the most basic security.
We NEED people who cause minor trouble, in order to build up systemic immunity against people who operate with higher stakes and actual malicious intent.
As of TV-B-Gone, what right does the TV owner to pollute typically public or semipublic spaces with sound and/or propaganda? That’s the second side of the coin.
Causing a meter to short out and catch on fire? that’s not fun and games AT. ALL. That’s an destruction of property charge at the least, and goes progressively worse from there.
Causing trouble or pulling a stunt like this to demonstrate a security issue should be done SAFELY and with an eye to minimize risk of property damage and/or loss of life or limb, and it should be stated at the beginning of the video, even if the title is clickbait. This was just irresponsible.
Remember the remote attacks on moving cars back around 10 years ago? An attacker was able to shut off a journalist’s car while they were on a highway. (it was done with consent, and while the attacker was in communication with the journalist, and the journalist had full knowledge of what was going on.)
You are completely missing the point. The attacks shouldn’t be possible to begin with, the fact that a smart meter is designed in such a way that it even can practically catch on fire is insane!
The fact that the control systems for the driving of a car are even accessible wirelessly is INSANE. It should be completely fire walled from any entertainment or vehicle to vehicle communication.
I disagree. Mailboxs are super venerable but people mostly leave them alone because the penalty is HARSH.
IF we went to securing everything that was open to vandals we’d live in a closed box.
I see you completely missed that this was a hoax.
Is responsible disclosure not a thing any more? Setting aside this appears to be a hoax, every bit of code written has the potential for bugs and exploits. The company responsible should be given the opportunity to fix it.
What attack; If I install a device in my home and turn it on and off with a Flipper Zero I haven’t demonstrated a security issue with the houses electrical meter. I have insteon and Home Assistant and I can turn lights on and off too. Nothing to do with RG&E’s power meter measuring how much power I’m using. Maybe its an April Fools entry. Wiring two meter up helps sell a great prank.
I think the point you’re missing is that it was a hoax. It wasn’t possible at all.
Lame for hackaday to repeat debunked claims.
The TV owner has to pay for the “broadcast” right to the Legal Mafia MPAA/RIA/BMG/ASCAP/BMI/Global Music Rights LLC/SESAC/etc
If you don’t…they will find you.
Yes, I’m not a fan of MPAA. etc.
I take the view that if you are replaying the media on commercial boradcast, the advertisers have a greater audience.
“if you are replaying the media on commercial boradcast, the advertisers have a greater audience.”
A fact that the broadcasters repeatedly and idiotically ignore, going so far as to sue companies that want to EXPAND their audience at no charge to the networks. Look up their despicable suit against Aereo, a company that wanted to rent antennas to people so they could get broadcast channels.
Then there’s the fact that broadcasters demand PAYMENT from cable operators to carry their commercial-ridden content. This is why you can’t just shrug off other people’s stupid behavior, because once one permits himself to be ripped off, the business model is validated and we ALL get ripped off.
You guys know this isn’t even real, right? It’s a literal smoke show.
As long as you do it to your house, thats fine. But I’m sick & tired of “protestors” destroying other people property to express their personal opinion. I catch someojne in my yard screwing with my “smart meter” (not that i was a fan of them to start with, largely becase of this sort of thing) but you are going to enter the war embrace of our legal system (both criminal & civil)
As for polluting public spaces, I’m not sure the people who use such gimmics know the difference of private and private property. In most cases, its in display in a store, bar or restaurant.
ok, I will send a few kids with rocks to your place to demonstrate how the vendors of window glass lack systemic security against malicious intent.
Black hats do less damage long-term than white hats. It doesn’t make much sense on the face of it, but that’s how it always plays out.
The difference between black hat and white hat is merely the size of the criminal organization you work for, and thus its perceived legitimacy.
You are so full of shit!
Black hats do less damage?
Where did you get that statistic?
You must have an odd definition of the hats. Some people have a vested interest in making sure there’s plenty of goodies that are poorly secured and ripe for the taking. Others have an interest in warning the owners of said goodies about their poor security, and would much rather that security were taken seriously so that their work is highly valued, even though it’s harder to find vulnerabilities if people behave more securely.
No we do not need people going around and messing with people’s lives and property. Say you do this to a random persons house, you have no idea what they are powering in the house, you can leave them without heating or lights, without being able to cook, without hot water, switching their fridges and freezers off, leaving them without phones or internet. Those are the obvious ones, now what if they have medication in the fridge (can get very expensive)? What if they need power for medical equipment? Now you have started to get into very serious consequences, especially if the person isn’t home and doesn’t find out until hours later or the next day. This isn’t just fun and games. Then there are the costs of repairing the damage and any potential damage to other devices caused by the rapid switching on and off of the disconnect.
Sure get a hold of a device like this and expose the flaws in a safe way, don’t go messing with other people property. If you think it is just fun and games if you go and do this to someone’s house then you need help.
As for TVs they have the right to display what they want or play whatever sound they want with their property on their property, what gives you the right to go around dictating what people can and can’t do with their property? If you don’t like what they have on the TV or what audio they are playing, you don’t have to go there, simple as. Stop thinking you are entitled to do what you want with other people’s property and stop thinking you are superior.
If someone turns off an entire country worth of smart meters through a flaw, it would be the end of the world if they couldn’t get the supply back on within a few hours! I’d rather they simply didn’t have that ability – which they do in the UK, unfortunately.
How could we possibly need more of that? The video is fake. The meter in the video isn’t even capable of remote disconnect.
Who has TVs setup in public??????? That’s right no one. Sure they may have them setup on their property which inherently makes it not public and they can do what they want with it. Just cause anyone is free to enter doesn’t means it’s public space.
Rather the attitude against this isn’t “Oh look, those little scampy hackers have caused shenanigans again, those rascals, well, we better up our security shouldn’t we chaps? Can’t have them running around with their fun and games!”
Instead it’s:
“Those hackers have been breaking our stuff, that’s illegal, sue/arrest them, any sane person wouldn’t be doing this kind of thing, we don’t have to do anything except stop those criminals!”
That’s a ridiculous second side of the coin regarding the TV-B-Gone thing. First off, lot’s of TV’s in the public are used to display important information (take arrivals and departures at airports and train stations as an example). Secondly, I’m not sure what qualifies a semi-public space in your opinion, but even if the TVs are used to broadcast entertainment or news or whatever qualifies as an annoyance to you, if this is within a privately owned space such as a restaurant, it’s totally up to the restaurant owner to decide. And even if that’s not what you meant, we all know that a great chunk TV-B-GONE users don’t really discriminate between TV’s displaying “annoying content” and informative content.
1. the meter doesn’t belong to him or the home owner.
2. Even if the hoe owner owned the meter, he’s not the home owner.
That makes it nothing but vandalism. you may have a point (I don’t agree with it) but he needs to prove it with his own property.
No, if that was real then you maybe just fried thousands or tens of thousands of dollars of electronics. Breaking peoples stuff isn’t a game, best case you get jail time and banned from using computers for 5 years, worst case is better not stated in polite company.
Social media is about the attention (Hi Ma!). The rest appears to be secondary.
The sorry state of the modern world
That’s a feature, not a bug, and the people who made social media knew that from the outset
Yeah, if the power were going off multiple times in a row in bad weather you’d normally disconnect or power off many of your devices to save them. Doing this could translate to quite a bit of property damage.
The TV remote product, or things like it, at least have a use when e.g. you’re in an empty lobby or the like, and the TV is high on the wall and the employees don’t know where the remote is. Often, there’s no actual preferred setting except maybe the channel; it’s just however the last person who cared enough to set it has left it.
It is fake. So there are zero issues other than Peter is a douche, but you could have guessed that anyway
So if I go and make a fake video of me stabbing someone that somehow means that stabbings aren’t an issue?
Yes this video is fake but the concept isn’t.
Show me a single REAL video that shows power being shut off with RF.
No proof of concept = its not an issue. But hey wtf do I know, I just create RF signals from scratch.
Oh wow, good for you, you are so smart creating RF signals from scratch, do you want a medal?
The smart meters can be switched off remotely in the case of non payment, that means there is a way switch them off just with RF signals. It doesn’t take a genius to figure that out. It is a function built into the smart meters that could be abused, so it isn’t just a concept it is a feature of the device, the concept is someone figuring out what signals they need to send to do it.
>But hey wtf do I know, I just create RF signals from scratch.
50% of my job is to create RF signals from scratch. The other 50% is to put ferrites, capacitors and foil everywhere to try and suppress those signals :-)
The smart meters might not use RF they could just as easily use the electrical wiring that is connected to them for signaling purposes.
I did check online and Power Line Communications are definitely a possibility for smart meter communications. It is not guaranteed to be used, other options mentioned include 2G, ethernet, and M-Bus.
So it is possible that they use wireless, but not certain.
The owner of that buildingis going to have to have a difficult conversation with their power company, if that’s a legit meter.
The story wasn’t really that long, but you chose not to read it anyway.
Did you catch the quote marks in the title? Was it really that hard to decode?
It’s almost as if readers were baited into clicking on the headline. I didn’t read it either, I just came for these spicy comments.
I had a little remote instead of a TV B Gone but if a TV is gonna blast me with advertising it should be able to handle a little IR blasting right back.
Agreed on the TV-B-Gone, nobody ever gave me a satisfactory justification for having or using one. At least the Flipper has enough generic uses that aren’t just “screw with stuff that isn’t yours”.
Also, if I make videos of me destroying equipment with a hammer, will that get hammers banned?
I’ve never owned a TV-B-Gone, so I have no horse in the race. But in the U.S.A., there was once a time when you could own things without having to justify them with “satisfactory justification.” Maybe I want to have fun pranking my spouse or kids…
As to your remark about hammers… the answer is yes. In the post-personal-responsibility world that the left has created, hammers will eventually be banned. Why blame the poor choices of certain human beings when we can blame the object/tool instead?
Let’s leave the politics out of this space at least and remain on topic.
You’re mistaken if you think this topic isn’t inherently political
I didn’t think the TV-Be-Gone should be banned, just that the only purpose it had was to facilitate being a dick. So seeing it spammed across the maker community at the time just left a bad taste in my mouth.
Actually, it was supposed to facilitate turning airport TVs off for someone who took the plane rather often and did not really enjoy this kind of distraction in a public space.
Since then, I have lamented my lack of said device on several occasions, such as when spending an evening in a pub where there was only our group and 3 humongous screens totally distracting us due to human instinctual need to watch fire. Personnel did not know where the remove was, they turned the power for the whole circuit when they arrived and then again when they left.
I didn’t have that particular device but I used something similar which had a volume control. Sometimes no-one minds if you adjust a TV, even if they aren’t going to make the remote available to you. They just don’t want to have to mess with it. Just like you might adjust the window blinds at your booth in a restaurant if the sun is in your eyes, it’s reasonable to want a painfully loud TV to be quieter if you’re not sharing it with anyone. Messing with something others are using is a different scenario. Or messing with things that are obviously set to a specific value that they don’t want changed, like a thermostat inside an acrylic case. And you should put things back how you found them when you leave, even if it’s not such a situation. Of course, all of that would sound like “screw with whatever you want and then play dumb” to the sort of person that pulls dumb stunts with a flipper.
Probably so. Theyve all but banned knives in certain U.K. cities. After they took firearms of course. No leaving your gun at a gun club is not “ownership”, either before someone chirps in with that garbage. If people can blame something else, besides the person who did it and it being their sole fault, its most likely gonna get banned. Its not about safety, its about control.
At least glance at the laws you’re wailing about before you start, eh?
>What right do you have to do that?
Rights are what people beg for when they don’t have power. If you have power (i.e. a TV-Be-Gone) you don’t need rights at all!
This Sunday, we are building TV-B-Gone in our programming club. I am teaching the kids about amplitude modulation and some basic soldering and hardware design skills. We have already went over most of the theory and built the basic circuit in Falstad.
The cocky nature of the device greatly facilitates learning. It tastes like forbidden fruit.
He said in the comments that it’s his ex-wife’s house and he’s harassing her and breaking her stuff on purpose
Clickbait staged videos aside, it would be interesting to find out if disconnector attacks on meters work as well as the Aurora attack on gensets does.
You can look at smart meter RF signals with rtl_433. TLDR: They are very complex with 16 bit CRC and tamper bits. I have done a bit of signal creation, but I don’t want to deal with that headache.
Yeah. There might be some per-model vulnerabilities or the authentication codes used by companies at specific area could be leaked, but the standards for the protocols I have seen have all the basics done correctly.
The attack on gensets exploits the fact that connecting an alternator directly to AC that it’s not synchronized with forces it to synchronize so hard that it breaks things. A meter disconnecting just takes a load out of circuit suddenly; maybe if your load is a big motor you’ll have problems, but even then the normal operation of big motors at home is to switch them on when they’re not moving at all, which is harsher than the normal operation of a generator. I can think of a number of things that *could* go wrong but they’re not quite as violent as connecting a big alternator when its voltage/frequency/phase are severely mismatched.
Probably not good for the AC unit either
The fan is fine with being switched off but the compressors are hooked up to a short cycle protection circuit. Usually a 3 minute delay before it can start up again.
But can it keep track of that 3 minute delay during a power outage?
Often they have a delay-on so even if the power is out for an hour, it still has the 3-something minute delay when power is restored.
This reminds me of a youtube “short” I saw. In it, someone was claiming credit for a traffic light switching to green because of code run on their flipper. That’s not how this works, that’s not how any of this works. Of course the comments were turned off for that video…
Probably not, but that sounds like it refers to the infrared override that some street lights have/had for emergency vehicles.
That was the same douche. He was generating a 14hz pulse to cycle external ir leds. A camera on the light actually changes the light.
That is how MIRT’s used to work. I believe they have been changed though and there was nothing to prove he was actually doing anything
Just remember, the world is not, and cannot ever be utopia. Tools made for legitimate purposes will always be used by *MANY* for illegitimate purposes. Keep your expectations low, and you won’t suffer from people not living up to your excpectations. While I agree those people should be shamed, the reality is, there are far more of them than any of us would like to admit. Look at the hyundai theft issue. People who will take advantage of others, especially when its easy, far outweigh any of our expectations.
Thats not to say the world is an apocalyptic hellscape either. You can be quite happy living in the real world, in fact, happier than those expecting utopia due to the lack of unfulfilled expectations. Utopia isn’t possible, but in the developed world, we’re far closer to utopia than we are the apocolytic hellscape. That’s more than enough to live a happy life.
What’s more, the lengths you’d have to go to to make sure that no tools can be used improperly would be FAR worse than occasional nogoodniks messing things up here and there.
Fake video. You can operate the bistable relay all day long and you will not have any smoke. Simple as that.
That’s what the second video explained
It doesn’t sound like there’s a compressor in that A/C compressor. It sounds and acts like a generic fan on a relay.
Also – 811 is a “call before you dig” number in the US, but it’s a “non-urgent telehelth” number in Canada.
So this is likely a video shot in the US
That’s a very interesting observation.
I know Ameren is in the Saint Louis region.
I know Ameren is in the Saint Louis area.
during the startup you can see the meter reports 1 P 120. Meaning the meter is only seeing 120V. I would agree with the second video, that this was a test setup. Also if it were someone’s actual power service, and they were a ham radio operator, they would definitely not be cycling the power like that.
This “incident” might be a faked one, but i am afraid that the security of those “smart meters” (and even “smart” anything) is horrible. How about somebody nasty (a TLA, a nation, some terrorists, …) switching on and off a HUGE number of those meters at the same time? This could make the electrical system become instable and crash and there are probably a lot of other possible scenarios. And don’t even let me start about privacy and stuff. I think a lot of independant whitehat research needs to be done on these damn things (and a lot of other devices). But manufacturers of those devices and power companies and people who makes the laws probably won’t agree and will find ways to make such research more difficult/impossible/illegal. What a great world…
The RF comms for these meters are encrypted. The power companies aren’t stupid. If the keys have been leaked, they’ll change them.
While your concern is good, you should at least give the meter manufacturers credit for doing their homework. After all, if these meters were easily hacked, don’t you think that would have made the news? And, since they’re microprocessor based, (Google the meter manual online) changing the keys is easy.
It’s not because it’s “encrypted” that it is save… Encryption is a difficult topic. But it probably depends on the country too if there are any standards/… and if they are public or not.
Also i am concerned about the entire infrastructure. It not only the meters, its the entire backend with multiple servers, concentration points where the data is collected and redirected and stuff that needs to be secure. Time will tell i guess…
An RF signal is literally bits. 1’s and 0’s. How they are encoded may be obfuscated, but a replay attack will always be a valid signal excluding rolling code, which smart meter’s don’t and can’t use. Rolling code would negate the purpose of these, to easily collect usage information.
Cmon man, do some research before you act like you know something you don’t.
To mitigate replay attacks, you can do something as simple as a shared-secret hash, with a nonrepeating field in the hashed portion of the message. (Eg. a timestamp, or an enough-bits counter, always incrementing, and remember last value used and ignore it when it is used again.)
You baically just described rolling code. Which is not valid for a smart meter who’s purpose is to allow meter readers to drive through a neighborhood and simply collect usage readings.
They need to make sure people don’t spoof usage values, which they do with massive crc’s and tamper bits.
99% of smart meters do NOT have a remote kill switch. Simply put security is not needed for a smart meter.
@Sword doesn’t need to be a rolling code. something as simple as a timestamp in header, and the whole thing encrypted in a private key that the meter has the public key to. if you try to replay the packet, timestamp no longer within X time of the current timestamp so is denied. but no counter or other roling code stuff.
There is no “encryption” for RF save for maybe rolling code…..which isn’t used for smart meters because it would make it more difficult for meter readers to read the meters…. Maybe learn a bit.
I don’t know the specifics of what these meters typically do apart from what’s on https://www.arrl.org/smart-meters – but true bidirectional encrypted wireless communication is practical on much lesser things than these – for instance, rfid tags. Rolling code is far from the only reason why not everything wireless is vulnerable to replay attacks. They may choose not to bother with encryption, but it’s not because it isn’t possible.
RF doesn’t negotiate handshakes. look at the baud of an RF signal and you would see why. Princeton has a fairly high baud ~15000 or 15 kbps. So your typical handshake negotiation isn’t very feasible. Typically a signal is transmitted fully, received, decoded, and a response sent stating it was received at best. RFID isn’t very “encrypted” to the point where most can be copied straight up if you can read them. Flipper can copy a lot and a proximark can basically copy all rfid tags.
NFC with ~424 kbit/s can and does have encryption….but it also has the bandwidth to actually negotiate encryption.
Ignoring whatever you mean by RF, emulating the uid of a tag doesn’t mean you copied it, it means someone’s using an old system that just checks the serial number instead of something like the ev2 desfire stuff. It shouldn’t take many bits or multiple exchanges to do simple stuff – I could sign something with a small key and you could sign your reading with your own key, or I could xor with the hash of a pre-shared key concat some changing shared value like a timestamp and you could do the same or use it in your response. Time variance doesn’t make it a rolling code; that term is used for more like HOTP garage doors, a shared sequence with a moving validity window.
With any due respect, you might want to “learn a bit” yourself. Many AMI systems don’t require “meter readers” to go out and read the devices. Most use either data over powerline or encrypted RF (with not only rolling codes, but regular change intervals for code sets and sometimes per-device codes) which transmit the readings back to central office. Water meters with AMI/AMR or gas meters with AMI/AMR and older AMR electric meters may still require a drive-by from an local RF reader, often those types don’t have the remote disconnect capabilities.
Additionally, many (not all) of those older types that DID have disconnects (electric only) or newer ones have a safety bypass circuit requiring the person physically at the meter to re-engage power; this was called (by some around here) the “pizza box” safety (just in case a person who’d been cutoff for non-payment left a pizza box on top of a stove top that was accidentally left on when the power was cut. Stovetop comes on, catches pizza box on fire, calamity ensues. These meters have either a physical button to actuate the contactors inside the meter ones they had been remotely commanded on, or in my case, they use an IR sensor, and the utility tells the customer to go outside to the meter with a TV remote and press any buttons while aiming it at the meter to reactivate.
This is completely excepting the security measures that AMI meters have to reject commands that don’t have a good provenance from the command and control systems. The commands are (depending on utility setup) encrypted with the time sync as part of the key, meaning a simple replay attack without being able to encrypt the traffic isn’t exactly trivial. The meters I’ve worked with deployment on have GPS sync for time on-board, and use that in addition to known routes and neighbors to secure the transmission pathways, and use that and a number of other decent security measures to secure the readings and the command/control functions.
And then there is the problem of the RF systems themselves. Even if you get past ALL of that, the timeslicing of the RF channels means that any mass signal for cutoffs will definitely take significant time to deploy. A single meter command for shutoff takes upwards of 10 seconds roundtrip, and thats on a high-priority. These networks are designed to only send back their telemetry data usually 1-4 times a day so as to not overload the very minimal bandwidth they have, and sending out a massive storm of control signals simply couldn’t happen in any network of size fast enough to hammer grid stability. There’s no master broadcast “off” switch; it’s individual commands.
So, the thought of massive grid instability due to rapidly on-off power loading really isn’t possible. Any threat actors would know that remotely there are much easier targets to get an actual grid affecting event, and in person the endpoint meters are the least effective target for grid instability.
Right buddy, they are so “encrypted” rtl_433 can readily decode them ahahahahaha
When a smart meter cuts out, just the output switches off leaving the display on. He’s controlling a smart relay inside the box. The compressor overload fries the meter
I doubt the meter itself is actually fried past smoke damage from the gunpowder that burned to produce the smoke. You can hear the burn and see the overpressure pushing the smoke out during that entire burn time, then it resides. I’ll bet it’s just a 2nd smart outlet controlling a resistor based ignitor.
Yes, there is clearly a separate relay controlling the power. Any smart meter I have seen with a built in remote disconnect still keeps the display powered and indicates the disconnect.
At least back where I grew up in Maine it seems that the smart meters were pushed out way too soon too. They’re always trying to eliminate the lowest paid workers, then charge people who usually have a $65 power bill $15,000 because “the computer got screwed up” and then turn off some old lady’s power for non-payment. It’s funny that all sort of happened when they were bought by some giant sh/##✓ multinational utility company.
“Stuff like this paints a poor picture of what hardware hacking is all about”
You can’t divorce hacking from its associations with tomfoolery and crime. Sure there are legitimate reasons for wanting to break into hardware, such as breathing new life into EOL devices or unlocking hidden functionality. But you have to remember that the walls and safeguards around the hardware are partly there to protect from warranty fraud, and partly to keep out nefarious actors.
Blogs such as this are a double edged sword. Much as you like to believe you’re doing a good thing by showing people how to get more out of their hardware, you are also providing instructions to people with ill intentions. That’s just the way the cookie crumbles.
Petty criminals will always deserve the moniker of “hacker” more than silicon valley fiddlers.
This is definitely a fake hoax.
A fake hoax ? You´re wrong.
It’s not a fake hoax, it’s genuinely a hoax :)
Fake video, staged by a douche who thinks he’s the hottest thing since sliced bread. Dude posts other shady videos too like how to make an IED. Stuff that should NOT be posted.
Thank you for highlighting this, doing the research and delivering a level and well-toned article. Could have gone either towards damnation or adoration.
Lolz. Engineers should stop creating products by blindly copypasting designs from Stack Overflow. As the engineers are incompetent the products are just like this. Complete crap full of flaws.
Hash is only the second hacker I see wearing a tie, after Colin Furze
Not sure how I haven’t seen Colin Furze before, but thanks for the comment!
I have worked for a few of the smart meter manufacturers in the UK. One of them found they had an issue with a faulty batch of contactors that weren’t properly welded to the copper terminals, so under higher currents could overheat and potentially catch fire. Did they recall the 100,000+ meters that they knew had got this problem? No, of course they didn’t – that would have cost way too much money. Instead, they added a software fix to use the temperature sensor within the microprocessor (the processor being about 8cm away from the problem area), and if it got too warm, would attempt to open the contactor.
Safety and responsibility? No mate, profits are all we care about!
Sounds scarily accurate.
You can also confirm that all UK smart meters have remote disconnect. As can I.
RF is easily “encrypted” — spread spectrum. GPS signals are encrypted just that way, with an extremely long pseudorandom sequence. CDMA cellular works the same way. If you don’t want to have a time element, a password hashed with some bits from the meter serial number should do the trick. And then you wouldn’t need to encrypt the RF carrier, only the data packets.
Different levels of authentication for different functions (all explained in the manual for this meter). Reading the meter might not require any encryption, while changing the settings would be harder.
Trust me, those meters are harder than you might think to access. A coworker looked into trying to turn on the IR port so he could get data to display power usage in real time on the web. Not possible without authentication.
Why would spread spectrum be a problem if you have an SDR that captures the relevant bandwidth?
There have been a few hacks on here that get information about power usage from the little status LED. These usually give a brief visible flash every 0.1kWh or similar. It’s not “real time” but may be close enough for your friend’s needs.
Script Kiddie is a perjorative. It’s a term for upstart squeakers who don’t know how to do anything on their own and just run scripts they find or buy while acting like they’re the cleverest thing since the wifi pineapple.
As far as the opening paragraph’s question goes, I’m kind of torn between “flipper dipper” and “flipper skipper”, largely on the basis of the rhyme. (With “dipper” I’m going for a connotation combing “pickpocket” and “chewing tobacco user”, and “skipper” would mean both “skips learning things and just uses the tool” and “isn’t even Barbie, is just Barbie’s kid sister”.)
This is a bit ridiculous as the flipper is just a tool ,albeit a fancy one, it doesn’t do anything new or revolutionary it’s just a convenient package.
Any idiot can beat something to death using a hammer, but a skilled person can use a hammer to craft something worthwhile.
I could tell it was fake with out doing any “research”. The meter box and breaker box looked brand new. When the service is cut the meter is still powered on, it doesn’t cut the power from the meter. Also the flawed install of the flex conduit isn’t to electrical code. If the power company saw a flex conduit going into a brick wall in the same path as the A/C copper lines they would of said “Fix it and call us back”. Also the A/C is a big indication of something not right. When the power is killed the fan turns off and when it’s restored the fan kicks back on. When a A/C system’s power is cut off it doesn’t just turn back on. The thermostat checks the temperature and if it’s so many degrees off then tells the A/C to turn on. In other words there would be a delay around 10 seconds to a minute.
You know these smart meters have a 70 watt wifi chip in it the fcc limits it to less than 1 watt for health and saftey regulations their illegal and should be banned it also takes the job of the guy who’s supposed to cut you off if u don’t pay
This exposes a blatant hardware failure in the smart meter. Implying this is malicious is just silly. This could have happened due to other things going on in the wiring, not just a flipper cycling it.
Instead of script kiddies we should call them flip-whores
I call em “Flip Kiddies” or maybe “Flipper Birdies”….
Yes.
That’s WHY “they” faked the video.
Just call the dilletantti tuna.
Ive been saying this for a while now, all these idiots on youtube and tiktok are going to ruin it for people, hell it already has ruined it for some folks that cant even get them shipped to them because of bans
I was a early adopter of the flipper during the kick starter days. I think I was backer 1200 or something. I literally was like wow I can have a complete Amiibo collection on a device and use it as a remote for any IR device… thats as far as my knowledge of what I could do with it went. it arrives a fee YouTube videos and 20 minutes on github I was off causing trouble. I think the “powers that be” are more afraid of the accessibility of the devices than the functions.
Hopefully you have spent the same amount of time teaching responsibility and custodianship.
(Not an attack. You might be doing just that.)
We all seem to conveniently forget that humans are, by nature, greedy evil creatures.
“I could abuse this power, but I choose not to” is behavior that we need to celebrate.
It is actual work to be good, and we need to continually reinforce the good in society.
This video is fake. Look it up on Google it has been debunked. These meters do not even have the function built-in.
Must be an intelligent ripple control receiver (like an Elster LCR 120) is installed behind the meter, inside the box and the Flipper Zero flips that. The meter just cannot handle the rush current every time when the AC kicks in and gives up with smoke. There isn’t any smart meterish in this story, just old school ripple control.