Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after...
Transcript of Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after...
![Page 1: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/1.jpg)
1
Looking Into The Eye
Of The Meter
Don C. Weber
InGuardians, Inc.
Copyright 2012 InGuardians, Inc.
![Page 2: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/2.jpg)
2 Copyright 2012 InGuardians, Inc.
Cutaway and InGuardians
http://www.linkedin.com/in/cutaway http://inguardians.com/info
![Page 3: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/3.jpg)
3 Copyright 2012 InGuardians, Inc.
Smart Meter Research Findings
REDACTED
![Page 4: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/4.jpg)
4 Copyright 2012 InGuardians, Inc.
Research Disclaimer
• Yes, I conduct assessments on AMI components
• No, I will not tell you for which clients
• No, I will not tell you which vendor products I have analyzed
• Yes, many of these images are generic
![Page 5: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/5.jpg)
5 Copyright 2012 InGuardians, Inc.
Danger Electrocution
Random Image Taken From: http://www.flickr.com/photos/lwr/132854217/
I am not responsible for your actions. InGuardians, Inc. is not responsible for your actions.
![Page 6: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/6.jpg)
6 Copyright 2012 InGuardians, Inc.
Permission-based Research / Penetration Testing
Unauthorized Testing Is Illegal EVEN IF THE METER IS ON YOUR HOUSE.
Getting Permission For Research IS NOT IMPOSSIBLE. Contact Vendors.
I am not responsible for your actions. InGuardians, Inc. is not responsible for your actions.
![Page 7: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/7.jpg)
7 Copyright 2012 InGuardians, Inc.
Agenda
• Purpose
• Smart Meters
• Criminals and Smart Meters
• Attack/Assessment
• Optical Tool
• Mitigations
Not So Random Image Taken From: http://www.willhackforsushi.com/?p=349
![Page 8: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/8.jpg)
8 Copyright 2012 InGuardians, Inc.
Purpose: Presentation and Toolkit
• Smart Meter data acquisition techniques have been known since January 5, 2009
– Advanced Metering Infrastructure Attack Methodology [1]
– Some vendors/utilities/people/teams are still not aware
• Tools to:
– Test functionality
– Validate configuration
– Generate anomalous data [1] http://inguardians.com/pubs/AMI_Attack_Methodology.pdf
![Page 9: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/9.jpg)
9 Copyright 2012 InGuardians, Inc.
What Criminals Can Attack
• Access and change data on meter
• Gain access to wireless communications
• Subvert field hardware to impact internal resources
![Page 10: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/10.jpg)
10 Copyright 2012 InGuardians, Inc.
Criminal Interest
• Free or Reduced Energy
• Corporate Espionage
• Access To Back-End Resources
• Non-Kinetic Attack
• Hacktivism
HAS ALREADY
OCCURRED VIA
OPTICAL PORT
![Page 11: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/11.jpg)
11 Copyright 2012 InGuardians, Inc.
Aggregator On Poletop
Random Image Taken From:
http://www.blogcdn.com/www.engadget.com/
media/2009/12/091204-smartgrid-01.jpg
![Page 12: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/12.jpg)
12 Copyright 2012 InGuardians, Inc.
Only One Winks At You
![Page 13: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/13.jpg)
13 Copyright 2012 InGuardians, Inc.
Where To Start? Steal This?
State of Texas: Class B Misdemeanor Theft - $50 to $500
Jail <180 Days and/or Fine <$2000
Meter near my barber shop. The exposed contacts scared me.
![Page 14: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/14.jpg)
14 Copyright 2012 InGuardians, Inc.
Components and Interaction
• Data At Rest
– Microcontrollers
– Memory
– Radios
• Data In Motion
– MCU to Radio
– MCU to MCU
– MCU to Memory
– Board to Board
– IR to MCU
Image Take From: http://www.ifixit.com/Teardown/XXXXXXX-Smart-Meter-Teardown/5710/1
DANGER!!!
![Page 15: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/15.jpg)
15 Copyright 2012 InGuardians, Inc.
Data At Rest
SPI/I2C Serial/
Parallel EEPROM –
PDIP/SOIJ/SOIC
NAND/NOR/NVRAM/SRAM/
CellularRAM/PSRAM/SuperFlash/
DataFlash – BGA/FBGA/VFBGA
![Page 16: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/16.jpg)
16 Copyright 2012 InGuardians, Inc.
Dumping Memory
Total Phase Aardvark
Flash Utility
Xeltek SuperPro 5000
plus Adapter
Custom Extractors
![Page 17: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/17.jpg)
17 Copyright 2012 InGuardians, Inc.
Memory Layout Logic
• Data Storage Standards
– C12.19 Tables in Transit
• Standard Tables – formatted and documented
• Manufacturer Tables – formatted but not externally documented
– Custom
• Obfuscated Information and Tables
• Extended memory for firmware
• SWAP Space
![Page 18: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/18.jpg)
18 Copyright 2012 InGuardians, Inc.
Data In Motion
Random image take from some random Internet site
Component To Component
Board to Board
![Page 19: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/19.jpg)
19 Copyright 2012 InGuardians, Inc.
Data Eavesdropping – Step One
Simple Tapping with Logic Analyzer
![Page 20: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/20.jpg)
20 Copyright 2012 InGuardians, Inc.
Data Eavesdropping – Step Two Persistent tapping by
soldering leads to
components
Provides consistent
monitoring for research
and development
![Page 21: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/21.jpg)
21 Copyright 2012 InGuardians, Inc.
ANSI C12 Communication Protocols
C12.18: Is Okay –
because you know
what you are
getting.
C12.21: Is Worse –
because people
think it is “secure”
C12.22: ANSI
committee has
stated vendors
should be
implementing this
![Page 22: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/22.jpg)
22 Copyright 2012 InGuardians, Inc.
Logic Analyzer - Async Serial
OK
Standard
0x00 == C12.18
0x02 == C12.21
Version
End-of-list
C12.21
Identification
Service
Response
Packet Revision
• Analyzers can decode digital signal
• Export data to CSV formatted files
![Page 23: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/23.jpg)
23 Copyright 2012 InGuardians, Inc.
C12.18 Packet Basics
• Start packet character
• Identity
• Control Field
• Sequence Number
• Length
• Data – Identification Service
• CCITT CRC
C12.21 Identification Service Request Packet
![Page 24: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/24.jpg)
24 Copyright 2012 InGuardians, Inc.
C12.18 Protocol Basics
• C12.18 Request/Response Pattern
– Identification
– Negotiation
– Logon
– Security
– Action (Read, Write, Procedure)
– Logoff
– Terminate
![Page 25: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/25.jpg)
25 Copyright 2012 InGuardians, Inc.
CSV Parser Functionality
![Page 26: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/26.jpg)
26 Copyright 2012 InGuardians, Inc.
Replay Tables To Talk To Tables
![Page 27: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/27.jpg)
27 Copyright 2012 InGuardians, Inc.
Advanced Persistent Tether
• Serial Transmitter
– Receive possible
• Replay C12.18 Packets
• C12.19 Table Interaction
– Read Tables
– Write Tables
– Run Procedures
• Receive Responses via Logical Analyzer
• Parse Responses by Hand
![Page 28: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/28.jpg)
28 Copyright 2012 InGuardians, Inc.
Hardware Client Functionality
![Page 29: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/29.jpg)
29 Copyright 2012 InGuardians, Inc.
Wink! Wink! Wink! Wink!
![Page 30: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/30.jpg)
30 Copyright 2012 InGuardians, Inc.
Lean In For A Closer Look
![Page 31: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/31.jpg)
31 Copyright 2012 InGuardians, Inc.
ANSI Type 2 Optical Port: Not Your Typical Infra-red Port
Remote Control
Devices
Provides
/dev/ttyUSB0
via FTDI chip
![Page 32: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/32.jpg)
32 Copyright 2012 InGuardians, Inc.
Open Source Optical Probe?
http://iguanaworks.net/
![Page 33: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/33.jpg)
33 Copyright 2012 InGuardians, Inc.
What Do We Need To Do This?
• Serial Transceiver Driver
• C12.18 Packet Driver
• C12.18 Client
–Reads and parses C12.19 Tables
–Writes to C12.19 Tables
–Runs C12.19 Procedures
–Easy Function Updates
–Easy Access To All Functions
![Page 34: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/34.jpg)
34 Copyright 2012 InGuardians, Inc.
OptiGuard A Smart Meter Assessment Toolkit
Image borrowed from: http://www.geekologie.com/2011/01/windows_to_the_soul_eyeball_cl.php
![Page 35: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/35.jpg)
35 Copyright 2012 InGuardians, Inc.
Permission-based Research / Penetration Testing
Unauthorized Testing Is Illegal EVEN IF THE METER IS ON YOUR HOUSE.
Getting Permission For Research IS NOT IMPOSSIBLE. Contact Vendors.
I am not responsible for your actions. InGuardians, Inc. is not responsible for your actions.
![Page 36: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/36.jpg)
36 Copyright 2012 InGuardians, Inc.
OptiGuard Menu • Notes
– Requires a VALID C12.18 Security Code to modify tables or run procedures
– Currently only works with some meters
– Vendor specific functions may be required
– C12.18 functions are coded for easy implementation and modification
– Optical transfer is finicky and fuzzing / brute forcing is hit or miss and must be monitored
– Brute force procedure runs have been known to disconnect/connect meters
– Brute force procedure runs have been known to brick meters
![Page 37: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/37.jpg)
37 Copyright 2012 InGuardians, Inc.
Using The Eye Chart
• Can check one code ~ every 2 seconds
• 12277 x 2 seconds = 409 minutes = 6.8 hours
• Hmmm, are failed logons logged?
• Does the meter return an error after N attempts
![Page 38: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/38.jpg)
38 Copyright 2012 InGuardians, Inc.
Open Wide for a Deep Look Inside
Random Image Taken From:
http://www.gonemovies.com/www/Hoofd/A/PhotoLarge.php?Keuze=KubrickClockwork
![Page 39: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/39.jpg)
39 Copyright 2012 InGuardians, Inc.
Mitigations - General
• Residential meters on businesses
–Evaluate for increased risk to client
• Limit Shared Security Codes
–Difficult to implement a single security per meter
–Can vary in numerous ways: • Vendor
• Commercial and Residential meter
• Zip Code
![Page 40: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/40.jpg)
40 Copyright 2012 InGuardians, Inc.
Mitigations – General (2)
• Incident Response Planning
–Prioritize Critical Field Assets
– Incident Response Plan and Training
• Employee Training
– Identify
–Report
–Respond
![Page 41: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/41.jpg)
41 Copyright 2012 InGuardians, Inc.
Mitigations - Physical
• Tamper Alerts
–May seem overwhelming, initially
–Experience will identify correlating data to escalate appropriately
• Toggle Optical Port – Use a switch that activates optical
interface
– Should generate a tamper alert
![Page 42: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/42.jpg)
42 Copyright 2012 InGuardians, Inc.
Mitigations – Data At Rest
• Secure Data Storage – Encryption <- must be implemented properly
– Hashes <- must be implemented properly
• Configuration Integrity Checks
–Vendor Specific
–Some solutions systems already do this
–Meters should function with old configuration until approved / denied
![Page 43: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/43.jpg)
43 Copyright 2012 InGuardians, Inc.
Mitigations – Data In Motion
• IR Interaction Authorization Tokens
–Breaking or Augmenting Standard?
• Microcontroller to <INSERT HERE>
–C12.22
–Obfuscated Protocols
![Page 44: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/44.jpg)
44 Copyright 2012 InGuardians, Inc.
OptiGuard Offspring?
• Wireless Optical Port Readers
– Small cheap magnetic devices activated wirelessly
• Optical Port Spraying
– IR interaction without touching meter
• Wireless Hardware Sniffers/MITM
– Detect updates and modify data in transit
• Neighborhood Area Network FHSS Eavesdropping
– Channels, Spacing, Modulation, Sync Bytes, Etc
![Page 45: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/45.jpg)
45 Copyright 2012 InGuardians, Inc.
Vendor Participation
• The following people helped out in various important ways during this journey.
–Ed Beroset, Elster
–Robert Former, Itron
–Others who have asked not to be named
![Page 46: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/46.jpg)
46 Copyright 2012 InGuardians, Inc.
Those Who Must Be Thanked
Gretchen, Garrison, and Collier Weber
Andrew Righter
Atlas
Daniel Thanos
John Sawyer
Joshua Wright
Matt Carpenter
Tom Liston
Travis Goodspeed
InGuardians
![Page 47: Looking Into The Eye Of The Meter - Black Hat Briefings · • Does the meter return an error after N attempts . ... •Limit Shared Security Codes ... Elster –Robert Former, ...](https://reader031.fdocuments.in/reader031/viewer/2022022602/5b5a39727f8b9a885b8b8866/html5/thumbnails/47.jpg)
47 Copyright 2012 InGuardians, Inc.
[email protected] Tell Them Cutaway Sent You
Don C. Weber / Cutaway: [email protected]