In a ruling that will undoubtedly have repercussions nationally, including in other states where regulatory agencies are being sued for the same oversights, the Maine Supreme Court late last week ruled that the Maine Public Utilities Commission neglected to fully consider evidence raised that would indicate there are serious safety and health problems with smart meters. It is unclear what practical effect the ruling will have, but it certainly makes clear that state regulatory agencies are shirking their lawful duty to keep the public safe from utility abuses.
Congratulations to plaintiff Ed Friedman and everyone in Maine fighting to rid their state of invasive, pulsed microwave meters. More here:
It’s not just safety, it’s also a national security problem:
In 2009, the Federal Bureau of Investigation investigated widespread incidents of power thefts in Puerto Rico believed to be related to smart meter deployment. The FBI believed that former employees of the meter manufacturer and employees of the utility company were tampering with the meters charging between $300 to $1,000 to reprogram residential meters and $3,000 to reprogram commercial meters.
The perpetrators were said to have hacked into the smart meters using an optical converter device connected to a laptop, allowing smart meters to connect with the computer. The hackers were able to change the settings for recording power consumptions using software available on the internet after making a connection. This method does not require the removal, alteration or disassembly of the meter.
Another recent example of smart meter hacking was demonstrated by Mike Davis, a security consultant. He reverse-engineered a meter bought on Ebay and installed a computer program that replicated itself across the wireless network and blocked the utility company as it went. Jack Bode, writing for Canada.com, made the wry observation that we won’t have to worry about getting bombed if ever we go to war again. The enemy only has to “hack us and turn off the power.”
1) Attacking a smart meter’s memory-through hardware – If a smart meter hasn’t been built with protective features, inserting a needle on each side of the device’s memory chip can do the trick. The needle intercepts the electrical signals in the memory chip. From these signals, a device’s programming can be determined. If security features are in place, it is still possible to obtain the data through customized tools.
2) Using a digital radio – The two-way radio chip in a smart meter allows the device to be read remotely and receive commands over the network. A hacker, who has cracked the meter’s programming, can use security codes from the software in the chip to get on the network and issue commands.
3) Accessing the meter – Another method of hacking the smart meter is through a wireless device. Using a software radio programmed to mimic a variety of communication devices, a hacker can listen in on wireless communications in the network and guess over time how to communicate with the meter. Another method is to steal a meter and reverse-engineer it; although inexpensive, the process would require a good knowledge of integrated circuits.
4) Spreading malware to the network – With access to the smart meter’s programming codes, it is possible to connect with all other meters in the network that have the same brand. David Baker, director of services for IOActive, a Seattle-based research company , demonstrated this possibility when he designed a virus that could replicate itself in other meters and enable a hacker to shut down the system remotely. In simulations, Davis was able to show that if his malware were to be released in a location where all the houses were fitted with the same brand of meter, it could spread to 15,000 homes in 24 hours.
We just won a similar case in Portland.
HEALTH, CONSTITUTIONAL PRIVACY, SAFETY Portland
Complaint that the PUC (Public Utilities Commission) did not address safety, Constitutional Privacy and health concerns.
Status: SUCCESS! The courts findings are that they did not properly address these problems and MUST do so. The Court did not agree the Privacy concerns were not addressed.