Last week was a watershed for the embedded security community, and by implication everyone else. Bloomberg announced that on the motherboards of servers sold by Super Micro Computer to companies like Amazon and Apple. Whoever had added these during the manufacturing process would have acquired the ability to control and access data from the servers when those companies installed them.
For the first time, it appeared there was evidence that the supply chain could be disrupted. That meant hacking was happening during the manufacturing process, before the products had even left the production line. Up until now, hacking has predominantly been viewed as getting malicious code into a device which is “clean”, by exploiting security flaws in its code. That’s what’s happened with every PC virus; attacks like the ransomware, and state sponsored attacks such as and the recently discovered attempt by in The Hague. Although the concept of hacking a product before it has shipped has been discussed for years, the Bloomberg report signals that we’ve moved from academic debate to reality. There is still debate about whether the report is correct. Apple and Amazon deny much of the detail, but its publication has started people looking more closely at the supply line and concluding that whether or not it is true, the way we design, subcontract and manufacture complex electronic products today means that it is possible.
Anyone with know on how to hack power on digital meter called yaka (conlog) digital meter? Download drama korea master sun sub indonesia.
If it is true, this attack was probably commercial, where a company or a state wanted to discover what leading global companies were doing. What is more worrying is the prospect of a future where malicious state actors target infrastructure with the aim of crippling a country. Which brings me to smart meters.
I’ve always been concerned about the vulnerability of the British smart meters to hacking at the manufacturing stage. The reason for that concern is that these meters contain an OFF switch which allows power to be disconnected by the energy supplier. This is a convenience for them, as they no longer need to send someone round to gain access to a building. However, if it were ever hacked, the hackers could turn off millions of meters at the same time. Vikram kamal songs mp3. That could be used to destroy the electricity grid.
Saleh Soltan, a researcher in Princeton’s Department of Electrical Engineering, has written demonstrating how the majority of the grid could be brought down by hacking that results in just 1% change in electricity demand. Because it’s currently very expensive to store electricity, generation is carefully matched to expected demand. If that demand varies rapidly, the grid will attempt to shut down to prevent damage, but if the change is rapid and unexpected, the resulting surges as individual elements turn on and off may cause damage, which can cascade causing widespread blackouts. Restoring power can be even more damaging as the grid doesn’t know what is connected and turned on, so can’t anticipate what the demand will be. Again, there is the potential for damage to critical portions of the grid if demand can be suddenly increased.
Once you get past a certain level of damage, the task of repairing the grid and restoring reliable, universal supply can take years I’ve always been concerned at this risk; that a programmer working for a meter manufacturer could write code which would cause tens of millions of meters to switch off a certain time. If a quarter of domestic smart meters turned off together, you could be looking at an instantaneous demand change of up to 15%, an order of magnitude greater than the 1% Saleh thinks will kill the grid. That is something that no electricity grid has been designed for. There is a reason that military planners target power stations – removing electricity cripples a nation for years, as we’ve seen in Iraq. That makes the grid a very interesting target for any malicious state actor. So far I’ve failed to get anyone involved in the UK program to understand this risk.
The energy suppliers’ concept of hacking is limited to people bypassing or fooling individual meters to try and minimise their bills. Historically, their approach to hacking has been to move meters outside. That wasn’t just to make meter reading easier, it’s also because it’s a disincentive to bypass the meter; what you might do privately in your under-stairs cupboard is less attractive when you’re in full view of everyone on the street.
When I’ve raised the possibility of a rogue programmer deliberately adding malicious code to a smart meter during its development, the only response has been “Why would someone do that”? Challenging that with “Why would someone drive a lorry into a group of pedestrians?”, or “Why would someone fly a plane into a trade centre?” don’t seem to compute. Those involved with the smart metering program have difficulty expanding their world view from a single student or householder trying to defraud them of a few pounds to an organisation or cause trying to destroy an economy. What is most worrying is that it’s potentially very easy.