Publication date: April 28, 2018

A matter of meters: hack the smart grid at PHDays

Come to the MeterH3cker stand at Positive Hack Days to have fun with the vulnerabilities in smart grid equipment. The contest will take place over both days of the forum and all are welcome to take part.

Contest structure

The MeterH3cker stand consists of two mock apartment buildings that have smart grid technology installed. Real meters and solar panels will be present in each building. Conditions switch between "Day" and "Night." Solar panels are anticipated to meet the full power needs of each building; surplus power can be sold to the grid at a special feed-in rate. So there are plenty of opportunities to earn money, which is credited to the account balance of the relevant building.

The following equipment will be available for participants' hacking pleasure:

  1. Solar charge controller. Solar panels generate electricity, and this controller manages the flow of power they provide. During the day, solar panels are used to meet the building's power needs. Any excess power goes to the grid, in which case the meter spins backwards.
  2. Electrical meters. These meters record the amount of power that has been consumed, generated by solar panels, and offloaded to the grid. The rates used for billing by the power company depend on the time of day.
  3. Electrical devices. The buildings are filled with appliances: light bulbs, TVs, and washing machines. Some of the equipment that consumes electricity—such as central AC and heating—is managed via a programmable logic controller (PLC).

In addition, each building is connected to "normal" power from a local substation. At the substation, a data aggregator gathers readings from the meters and enters information about the amount of consumed/generated energy in a local database. The electrical company's billing server then uses this information to change the account balance.

Participation

The contest will last two days. A preliminary round will take place on the first day. All participants will have full access to all equipment, including the ability to analyze it, find vulnerabilities, and stake out potential vectors of attack. Those with the best results will be invited to return for the finale on the second day.

The finale will be a one-on-one competition. Two participants at a time will be called up to the stand. Each participant will be responsible for one building. The task of each participant is to find every way possible to fool the electrical meters and generate more energy than their "neighbor." Whoever has the higher balance when time runs out, wins. One complication: each participant can access the other's equipment, leaving plenty of opportunities for unneighborly sabotage.

Forum visitors will be able to monitor events on overhead screens: graphs will visually represent electrical consumption in real time. A green line will represent the amount of electricity actually consumed. Meanwhile, a blue line will reflect the values stored on the data aggregator, which collects readings from the meters installed in the buildings (the blue-line information is what is reflected in the account balance of each building). So the blue lines will change based on the attackers' actions.

Will the grid hackers succeed in fooling smart meters to reduce their bill or perhaps become rich from solar power? We'll get to find out soon at PHDays.

Register and buy tickets for PHDays while you still can! A two-day ticket costs RUB 14,400; a one-day ticket costs RUB 9,600.

All news