38C3: Blinkencity, radio controlling street lamps and power plants [video]

I can imagine how this went:<p>- We have this protocol to switch the streetlights remotely by modulating a signal on the main - but that&#x27;s needing expensive hardware and it&#x27;s cumbersome. Can&#x27;t we just sent that over radio instead?<p>- There is all this decentralized renewable energy generation, we need a way to switch that off remotely if there is an overload in the grid - hey, we already have that hardware for swtiching streetlamps, let&#x27;s just use that!<p>Of course encrption was never a concern and now anyone could remotely turn off &#x2F; on power generation. But for that to cause real trouble, you&#x27;d need coordinated action that would require something like a state level actor.

TL;DR: by law, German power stations are required to &quot;turn off&quot; (taken off the energy grid) when they receive specific radio messages. This is intended for energy grid load balancing.<p>Unfortunately, the message protocol is completely flawed security-wise, which allows malicious actors to control the power station.<p>It would require only a handful of strategically placed senders to control an estimated 20 gigawatt of load Germany-wide, causing havoc on the European energy grid (brown-out, cascading effects, etc.).<p>The security researchers followed a responsible disclosure towards the vendor, EFR, who reacted with sending letters from their lawyers.<p>Today&#x27;s SPIEGEL online news magazine pre-talk report ( <a href="https:&#x2F;&#x2F;archive.is&#x2F;p66as" rel="nofollow">https:&#x2F;&#x2F;archive.is&#x2F;p66as</a> ) on this topic cites EFR that the proposed attack vector is not possible.<p>The security researchers therefore made the last minute decision to go full disclosure with today&#x27;s talk to press on the urgency of the topic.

Saw this in person, awesome look at street lamp control and then walking that all the way up to &quot;oops we figured out a way to attack the European power grid&quot;

What a great way for a state to cause havoc in all of Europe.<p>Russia definitely has the capabilities to send such signals in a coordinated attack and deny an wrong doing.<p>And this is just one example we know of, there must be hundreds.

The researchers did a great job in pointing out the failures in what basically is an old DIN standard that should not be used in this century. I congratulated them after the talk as I did similar research and didn’t get it finished for 38C8. Their presentation is spot on. The attack vector is definitely feasible and publicly known for a while. I honestly don’t understand why nobody in the industry wanted to switch to a safer alternative. The reaction by EFR will create an unnecessary Streisand effect and after all they will be able to upsell their customers to a (soon to be legacy) 450 MHz LTE system.

Talk starts around ~16:20 minutes in..

That was an interesting talk!<p>I&#x27;m not very familiar with security stuff, but I didn&#x27;t really get the responsible disclosure thing – is it really unreasonable for this company to ask them not to go public just three months after their initial disclosure?<p>I understand the &#x27;it was known since 2013&#x27; thing, but they did also say the company was actively making improvements after the initial disclosure so they were not exactly just shoving it under the rug were they?

Are there any pointers to the software they built for the flipper?<p>It seems that they did create an app but it’s nowhere to be found on the flipper “app store”.

Why do we still build new remotely controlled things and then skip security? Like when was this ever a good idea?