Smart meters form mesh networks among themselves and transmit your usage data all around. Some of them even allow the power company to turn off your power remotely, through the mesh. You might want to know if any of this information is sensitive, or if the power shutdown system has got glaring security flaws and random people could just turn your house off. Hash Salehi has set out to get inside these meters, and luckily for the rest of us, he was kind enough to share his findings during Remoticon 2021. It’s a journey filled with wonderful tidbits about GNU Radio, embedded devices, and running your own power company inside a Faraday cage.
The smart meter in question is deployed by a power company known as Oncor in the Dallas, Texas, area. These particular meters form an extensive mesh network using a ZigBee module onboard that allows them to to pass messages amongst themselves that eventually make their way to a collector or aggregator to be uploaded to a more central location. Hash obtained his parts via everyone’s favorite online auction house and was surprised to see how many parts were available. Then, with parts in hand, he began all the usual reverse engineering tricks: SDR, Faraday cages, flash chip readers, and recreating the schematic. Continue reading “Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter”