Irish water devices impose massive risks to data and to the indiviaduals

dbit · 23-04-2015 3:38pm #1

http://www.fairsociety.ie/information-irish-water-are-hiding-from-you-smart-meters-putting-families-at-risk/

So Mods will probably say , "Hang on where is the infosec risk here ?"

never mind the ease of poisoning a home undetected in the dead of night takes 2 mins to infiltrate .

The devices can be scanned as they communicate on radio. Evil doers can collect your usage info and by passing along and scanning each week can easily spot the houses that are not drawing water ( Lights on no body home tricks are useless with this.) ( IE they are off on holidays)

On another note these devices have been flagged for radio interruptions , loss of mobile signal , impairing wifi and so on ......

I dont know about others but i see this as a very real threat and vulnerability for direct physical targeted attacks on the person directly .

liamo · 23-04-2015 4:44pm

dbit wrote: »

http://www.fairsociety.ie/information-irish-water-are-hiding-from-you-smart-meters-putting-families-at-risk/

So Mods will probably say , "Hang on where is the infosec risk here ?"

never mind the ease of poisoning a home undetected in the dead of night takes 2 mins to infiltrate .

The devices can be scanned as they communicate on radio. Evil doers can collect your usage info and by passing along and scanning each week can easily spot the houses that are not drawing water ( Lights on no body home tricks are useless with this.) ( IE they are off on holidays)

On another note these devices have been flagged for radio interruptions , loss of mobile signal , impairing wifi and so on ......

I dont know about others but i see this as a very real threat and vulnerability for direct physical targeted attacks on the person directly .

I did try to read that article but it was simply too long and too ranty so I gave up.

However, I do spot an opportunity .....

Home/Garden shops sell timers that attach to taps for delivering timed waterings to plants. They could be re-boxed and sold as "Water Usage Security Devices" to home-owners going on holidays to simulate activity in the house. We just need to FUD this up a little more. I smell profit. :cool:

syklops · 23-04-2015 8:34pm

I would quite like to play with one of the meters and see what information can be gotten from it.

That page is painful to read and watch though. Instead of level headed arguments put forward in a calm collected manner they seem to have vomited everything wrong with smart meters into one page.

And for any kids out there, check out the second video and learn: This how not to do a screen-cast

Home/Garden shops sell timers that attach to taps for delivering timed waterings to plants. They could be re-boxed and sold as "Water Usage Security Devices" to home-owners going on holidays to simulate activity in the house.

This is often done by security conscious people who set up a light on a timer and have it come on at certain times of the day to simulate activity in the home while away. I've used it myself in the past. I quite like your idea and I would buy one. I wouldn't be taking the idea to dragons den any time soon though.

Manach · 23-04-2015 8:57pm

For the OP's point, the writer Marc Goodman would also be supportive of the dangers of smart devices: given their poor security and ease of hackiblity. A chapter of his book, Future Crimes, mentions such meters in a general discussion of the internet of things and the impact such would have on societal mores such as privacy.

dbit · 23-04-2015 9:17pm

From a deliberate contamination perspective my hair stands on end at what Irish water have done to every home in Ireland. Love the monetary gain outlook as well, Surely they can lock that up somehow ? The data probes and drive by identification of holiday bound folk, and protecting them would be an easy item to sell solution wise .

dbit · 23-04-2015 9:26pm

I also cringed at the presentation and uber editing skills , and format , I left that out so as not to insult them really but in the back of my mind all i could see was :- https://www.youtube.com/watch?v=G2pRv_E1RBA

syklops · 23-04-2015 9:41pm

dbit wrote: »

I also cringed at the presentation and uber editing skills , and format , I left that out so as not to insult them really but in the back of my mind all i could see was :- https://www.youtube.com/watch?v=G2pRv_E1RBA

I honestly thought the guy in the second video was the guy who does Joe Duffy on the savage eye.

dalta5billion · 23-04-2015 10:18pm

Has anyone got a spec for the wireless reading aspect of the meters? FOIA it maybe? Here's hoping they did a full, independent analysis of the security mechanisms, right?...........right?

They did a very fancy pamphlet up on the radiation exposure of a meter, in anticipation of the backlash - what about the AMR security?

Guy:Incognito · 23-04-2015 10:21pm

Arent there already smart electricity and gas meters out there?

This just smacks of "we wont pay".

Have they given up the "waters meters give you cancer" angle and moved on to this?

syklops · 24-04-2015 5:19am

dalta5billion wrote: »

Has anyone got a spec for the wireless reading aspect of the meters? FOIA it maybe? Here's hoping they did a full, independent analysis of the security mechanisms, right?...........right?

They did a very fancy pamphlet up on the radiation exposure of a meter, in anticipation of the backlash - what about the AMR security?

Some useful information here:

http://www.allcontrols.com.au/wp-content/uploads/2012/07/F9547-EverBlu_tech_pb_EN_07_091.pdf

The meters(MIUs) speak 433Mhz. The collectors over 868Mhz. The collectors then send the information to the backend over GPRS. This isnt something Joan Burton built in her garage, they are used all over the world for both water and gas metering.

With more googling, Im sure all the relevant information could be found.

liamo · 24-04-2015 8:54am

liamo wrote: »

I did try to read that article but it was simply too long and too ranty so I gave up.

So I went back to that document and read it from start to finish. My eyes started bleeding about a third of the way through but I persevered and even watched the videos. I then had to go and lie down for a while. There is little of value in the document or the two videos and the presentation in all three is just painful. I would go so far as to say that the document and videos pose a greater danger to my health than the meters that are the subject of their ire.

As far as I'm concerned, the only item raised that has any value is the security of the information that the meter contains.

I've only spent a small amount of time looking into this but I haven't come across any mention of the data being secured. In the absence of evidence to the contrary I'm assuming that the data is not secured. I do think that, in this day and age, our data should be secured from the start and they definitely have a valid point with this.

This appears to be the radio element of the meter being installed:
https://www.itron.com/aunz/productsAndServices/Pages/EverBlu%20Cyble%20Enhanced.aspx

And these are some of the readers that can acquire the data:
https://www.itron.com/aunz/productsAndServices/Pages/Data-Collection_Mobile-Meter-Reading.aspx

I did come across an article that reported some concerns about the security of these meters and their data:
http://www.greentechmedia.com/articles/read/security-concerns-behind-slowdown-in-itron-rollout-5683

Irish water devices impose massive risks to data and to the indiviaduals

Comments