« On the "Ugaritic" Alphabet and Cuneiform Alphabets
Main
On Wells and Walls »
January 12, 2008
Hacking Vandalism Happens
There is a proposal to mandate that all new buildings and those undergoing substantial improvement in California be equipped with a radio-controlled device that allows utility companies to override settings on thermostats. I'm not sure want I think of this. Making it mandatory bothers me more than a little. But that isn't what I want to discuss here. What I want to discuss now has to do with hacking. One of the worries about the system is that the signal, sent by FM broadcasters can be hacked. Here's want the International Herald Tribune was told,
That is not possible, said Nicole Tam, a spokeswoman for PG&E who works with the pilot program in Stockton. Radio pages "are encrypted and encoded"
Well, with encrypted and encoded or not such a system will be hacked. From the first day of large-scale deployment and every day thereafter, there will be a war between the vandals and the defenders of the system. It will never end. Someone, sooner or later, will hack the system or spoof it. Thinking that it will not happen, only means it will happen sooner. Such a system is just too tempting.
How big is the risk? Well, it depends on what one means by risk and how the utilities response to a hack or spoof.
I would much rather have the spokesperson tell me the response plan than tell me that the signal is "encrypted and encoded." Of course it is. Encryption and encoding are the very things that make the whole enterprise seem like a sport to the vandals we politely refer to as hackers. For example, will the system send a signal shutting down the local devices that would require a local manual reset to bring them back online? And a few larger system issues are interesting. Will it be possible, in the face of hacking, to disable/override the system locally? Will the local devices allow remote soft updates? If so, how will this function be protected? If not, how will new encryption and coding algorithms be installed in the local devices? Because, and trust me on this, over the life of the system it will be necessary to update the encryption and coding algorithms more than once.
Oh yeah, one other thing: Soon, if they don't exist already, there will be websites instructing you on how to clandestinely bypass any local device. Of course, it will be illegal. But that won't keep large numbers of people from doing it and those numbers will swell when, and I do mean when, the system is hacked or spoofed and thousands, perhaps millions, of homes end up a lot colder or hotter than their occupant's desire.
Posted by Duane Smith at January 12, 2008 12:58 PM | Read more on Odds and Ends |
Trackback Pings
TrackBack URL for this entry:
http://www.telecomtally.com/mt/mt-tb.cgi/2382
Comments
I already work in a building (in MD) where the individual offices have no thermostats. The air temperature for the entire building is regulated from some secret location by some unknown person. The problem is that the offices facing south end up getting warmer than those facing north & the people in the southern offices use fans & those in the northern offices use electric heaters. So unless the use of such appliances are prevented, central control of temperatures does not end up saving much energy if that is the underlying purpose for not putting thermostats in offices.
Posted by: Aydin at January 14, 2008 7:56 AM
Sorry, comments are closed for this post.
Send me an email if it is important.