Texas hacker says smart meters secrets are being spilled

SAN ANTONIO (KTSA News) — Power companies across the state have kept mum on what areas of Texas were exempt from load shedding and retained power through the historic February freeze that left millions of Texans without power and killed more than 100.

Hash is the online alias of a Dallas-based hacker and security researcher known for reverse engineering hardware and software. Hash has been reverse-engineering smart meters since 2016 and is now using that skill in an attempt to learn who the Electric Reliability Council of Texas chose to protect during the storm through data that is unintentionally publicly available.

In a YouTube video posted June 5, Hash discusses how residential and commercial smart meters that monitor electricity consumption also broadcast information like physical location and when a building last suffered a power outage.

In the June 5 video, he provides viewers with a Google Map view of the city of Dallas overlayed with a map indicating how long certain businesses and residences have had power. In one instance according to Hash’s map, a business has had power for the last 1,783 days — just under 5 continuous years.

Hash told the Daily Dot in an exclusive interview that his experience living through the storm is what motivated him to announce his findings publicly.

“I seriously wondered whether it was going to be Armageddon around here as we froze inside my house,” Hash said to the Daily Dot. “It definitely scared me and made me realize that no one cares more about my well-being than me.”

The smart meters Hash is tinkering with are Landis+Gyr mesh smart metering systems, which are used across the state in Austin, Dallas and, as it turns out, here in San Antonio. CPS Energy made the announcement of smart grid modernization using Landis+Gyr in 2013.

The time is passing where smart meters are providing relevant information about the February freeze, but Hash said his discovery of the smart meter security risks have larger implications.

With a rise in ransomware attacks across the country — from disrupting production at JBS, at one of the world’s largest meat supplier, to locally at Judson ISD this week — Hash told the Daily Dot he fears a day that critical infrastructure could be targeted.

Hash notes that although power companies continue keeping quiet, he is being contacted by former and current power company employees regarding his research and analysis.

He is encouraging other hardware hackers to take an interest in smart meters and is publishing his discoveries regarding advanced metering infrastructure on a wiki.

The Daily Dot reported that Hash’s focus now is on analyzing smart meter mechanisms that remotely disconnect power from a home.

“I think people expect companies to do the right thing but forget the right thing to them is shareholder value,” Hash said. “If we want a secure system that’s resilient against attack then it must be openly attacked, otherwise nothing will be done.”