Hacker reveals smart meters are spilling secrets about the Texas snowstorm

Note to people outside of the US who are worried about this:<p>The rest of the world uses 3G&#x2F;4G modems in their smart meters, they are usually also connected to a different APN than generic mobile data. Sometimes multiple meters are connected to a central hub with a physical wire (in apartment buildings for example). The hub is then the only gateway to the internet.<p>The hack in question is only viable because of the weird way US smart meter collection is done.<p>US Smart Meters use RF to shout out their values everywhere like an RF beacon. A power company vehicle drives around the neighbourhood, collecting the values, storing them and moves on.<p>Source: I did smart metering software for L+G.

&quot;quietly emit data that shows how long businesses and residences have gone since their last power outage&quot;<p>who knew that &#x27;uptime&#x27; would be such a security potential?

Link to the repo mentioned in the video: <a href="https:&#x2F;&#x2F;github.com&#x2F;BitBangingBytes&#x2F;gr-smart_meters" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;BitBangingBytes&#x2F;gr-smart_meters</a>

I follow the researcher on TikTok, whilst I enjoy his work this article is a big nothing burger. Each individual ERCOT customer is able to access fine grained meter data *of their own meter*, not the meter data of others. If everyone is so concerned about what the meters actually say Texans can volunteer their data for the purposes of this research.<p>Since the meters broadcast in the clear I would not be surprised if war driving becomes standard practice for the retail electricity providers. Yes that&#x27;s right. When you sign up with a REP they don&#x27;t know your habits: how much power you&#x27;re actually going to use or when. Having historic meter data is a competitive advantage in building your pricing models.<p>I&#x27;m getting really tired of people who have no idea how the system functions in Texas making strong assertions based on errors and sweeping generalizations from journalists that don&#x27;t have a clue how things work either.<p>I have two U.S. ISO&#x27;s, multiple REPs, and a large generator as clients. I know people on the board of ERCOT and get the back story on everything, especially things the public will never hear about. This business has nothing in common with anything you&#x27;ve probably read unless it comes from industry insiders.

&quot;A recent study published by the Lawrence Berkeley National Laboratory, Colorado School of Mines, and University of Massachusetts-Amherst asserted that minority areas were over four times as likely to suffer from an energy blackout than white-majority areas.&quot;<p>That&#x27;s a problem.

I don&#x27;t buy their security excuse. Oh you don&#x27;t want people to know you weren&#x27;t cutting power to hospitals and other critical infrastructure buildings? No shit.<p>There&#x27;s something else they are hiding IMHO. Perhaps it includes answers to how the few million without power is either a BS number, or an explanation as to why my city alone(which owns a power company and had enough power generation for its citizens&#x2F;owners) had 1-2&#x2F;3 of the resident without power for days.. If only about 1&#x2F;10th of the state was without power why did the rolling blackouts stop rolling for so many people? We essentially &quot;took one for the team&quot;.<p>My guess is they are hiding layers of yet-uncovered incompetence.

&gt; “If we want a secure system that’s resilient against attack then it must be openly attacked, otherwise nothing will be done.”<p>this is a brilliant bit of knowledge that I had somehow slightly understood and had never seen verbalized anywhere previously. as a bonus, it is perfectly worded.<p>he is exactly right; to use an analogy: an immune system that is never attacked cannot defend against <i>any</i> attack, because only attacks can teach the immune system how to defend. it&#x27;s the same (mostly) for computer security concerns.

I live five minutes away from my sister and my house gets cut three seconds the entire time. Meanwhile my sister&#x27;s family had to huddle around the fireplace in their den for warmth. Does she live in the ghetto? Her neighborhood is nicer than mine. If I were to guess, it&#x27;s because I live near the local police station and she doesn&#x27;t. It&#x27;s no grand mystery here. Stop tying to make it about inequality or some other BS.

The person mentioned in the article bought the meters off eBay and is reversing the firmware off those. Perhaps they’re identical to what’s on his house but it’s implied he’s ‘phreaking’ over his city’s power grid and that’s not the case at all. There’s nothing illegal here. Remember when we understood and applauded this behavior?

I also don&#x27;t buy their security excuse for not releasing info on whose power never got turned off.<p>If the ERCOT Grid was really concerned about cyber attacks they wouldn&#x27;t be partnering with Bitcoin mining companies that have access to the grid, and have a special partnership with ERCOT.<p><a href="https:&#x2F;&#x2F;www.prnewswire.com&#x2F;news-releases&#x2F;layer1-launches-bitcoin-batteries-to-stabilize-energy-grids-by-releasing-electricity-to-meet-market-demand-301063984.html" rel="nofollow">https:&#x2F;&#x2F;www.prnewswire.com&#x2F;news-releases&#x2F;layer1-launches-bit...</a>

This information should be a freedom of information request and made available to the public.<p>If the same people are always forced to endure the burden of blackouts, and elites are not they will keep happening.

So, how much energy do these smart meters use?<p>I’ll assume since the user pays for it, there’s no consideration for this cost of equipment that saves the utility money.

Is this legal?

using this: <a href="https:&#x2F;&#x2F;github.com&#x2F;bemasher&#x2F;rtlamr" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;bemasher&#x2F;rtlamr</a>, I could read the meters of about 30 of my neighbors... and I was not living in apartments... Yards in that neighborhood were about 150ftx75ft. And I would get meter reading updates about every other minute. I used the stock rtl-sdr antenna and didn&#x27;t even place it outside my home.

Next up. Jiggling in the power usage will allow hackers to reconstruct video signals on monitors.