from Hacker News

38C3: Blinkencity, radio controlling street lamps and power plants [video]

by aunderscored on 12/28/24, 11:02 PM with 47 comments

  • by pantalaimon on 12/29/24, 1:19 AM

    I can imagine how this went:

    - We have this protocol to switch the streetlights remotely by modulating a signal on the main - but that's needing expensive hardware and it's cumbersome. Can't we just sent that over radio instead?

    - There is all this decentralized renewable energy generation, we need a way to switch that off remotely if there is an overload in the grid - hey, we already have that hardware for swtiching streetlamps, let's just use that!

    Of course encrption was never a concern and now anyone could remotely turn off / on power generation. But for that to cause real trouble, you'd need coordinated action that would require something like a state level actor.

  • by Eduard on 12/29/24, 1:38 AM

    TL;DR: by law, German power stations are required to "turn off" (taken off the energy grid) when they receive specific radio messages. This is intended for energy grid load balancing.

    Unfortunately, the message protocol is completely flawed security-wise, which allows malicious actors to control the power station.

    It would require only a handful of strategically placed senders to control an estimated 20 gigawatt of load Germany-wide, causing havoc on the European energy grid (brown-out, cascading effects, etc.).

    The security researchers followed a responsible disclosure towards the vendor, EFR, who reacted with sending letters from their lawyers.

    Today's SPIEGEL online news magazine pre-talk report ( https://archive.is/p66as ) on this topic cites EFR that the proposed attack vector is not possible.

    The security researchers therefore made the last minute decision to go full disclosure with today's talk to press on the urgency of the topic.

  • by aunderscored on 12/28/24, 11:04 PM

    Saw this in person, awesome look at street lamp control and then walking that all the way up to "oops we figured out a way to attack the European power grid"

  • by BonoboIO on 12/29/24, 5:03 PM

    What a great way for a state to cause havoc in all of Europe.

    Russia definitely has the capabilities to send such signals in a coordinated attack and deny an wrong doing.

    And this is just one example we know of, there must be hundreds.

  • by oger on 12/29/24, 9:43 PM

    The researchers did a great job in pointing out the failures in what basically is an old DIN standard that should not be used in this century. I congratulated them after the talk as I did similar research and didn’t get it finished for 38C8. Their presentation is spot on. The attack vector is definitely feasible and publicly known for a while. I honestly don’t understand why nobody in the industry wanted to switch to a safer alternative. The reaction by EFR will create an unnecessary Streisand effect and after all they will be able to upsell their customers to a (soon to be legacy) 450 MHz LTE system.

  • by matchamatcha on 12/29/24, 3:01 AM

    Talk starts around ~16:20 minutes in..

  • by __jonas on 12/29/24, 11:04 AM

    That was an interesting talk!

    I'm not very familiar with security stuff, but I didn't really get the responsible disclosure thing – is it really unreasonable for this company to ask them not to go public just three months after their initial disclosure?

    I understand the 'it was known since 2013' thing, but they did also say the company was actively making improvements after the initial disclosure so they were not exactly just shoving it under the rug were they?

  • by Towaway69 on 12/29/24, 8:14 PM

    Are there any pointers to the software they built for the flipper?

    It seems that they did create an app but it’s nowhere to be found on the flipper “app store”.

  • by _ink_ on 12/29/24, 8:26 AM

    Why do we still build new remotely controlled things and then skip security? Like when was this ever a good idea?