To homepage To homepage
Solved

Liberty Secure 100 smart meter iec1107 port technical question - how to talk to my smart meter using the optical port? Or has it been disabled?

K
Rank
Userlevel 2
  • kihon
  • Carbon Cutter****
  • 9 replies

Hi all,

Has anyone had any luck talking to the iec1107 port on the liberty secure 100 smart meter? In theory, it should respond to 2f 3f 21 0d 0a  sent at 300 baud with 7E1, however my smartmeter does not respond to the handshake. Has anyone been able to talk to their smart meter using the optical port? Or has it been disabled? I understand that some smartmeter manufactures disable the port once the meter has been configured.

 

(My preference would be to use the CAD built into my IHD but unfortunately so far we have had no luck finding out how to query it.)

 

Thanks

 

Kihon

icon

Best answer by Blastoise186 13 March 2021, 20:28

Evening @kihon ,

As far as I’m aware, the Optical ports are always disabled in the field for security reasons. I think they might sometimes be enabled temporarily prior to and during the install, but are always disabled during that process. This is the same regardless of manufacturer.

As for getting the CAD and IHD working, you’ll need to get OVO to Pair your IHD up to the HAN in order to authorise it to connect. When the process is done correctly, the handshake will succeed and the meter will respond appropriately. Only then can the CAD be used at all.

View original

11 replies

Blastoise186
Rank
Userlevel 7
Badge +3

Evening @kihon ,

As far as I’m aware, the Optical ports are always disabled in the field for security reasons. I think they might sometimes be enabled temporarily prior to and during the install, but are always disabled during that process. This is the same regardless of manufacturer.

As for getting the CAD and IHD working, you’ll need to get OVO to Pair your IHD up to the HAN in order to authorise it to connect. When the process is done correctly, the handshake will succeed and the meter will respond appropriately. Only then can the CAD be used at all.

Securing energy by zapping security bugs... For that is The Blastoise Way!
K
Rank
Userlevel 2

Hi @Blastoise186

Thanks for the response. I am glad I didn’t fork out for a optical probe (made one using a photo diode and IR LED). My IHD3-CAD is already paired with the meter, and is displaying live values. The issue is getting the values from the IHD3-CAD to my pc so I can do things with it (like detecting the oven has been left on!). As it is also connected to the internet, I suspect the data is being uploaded to the chameleon cloud, I just need a way to get the data from the cloud!

 

Thanks

 

Kihon

 

Blastoise186
Rank
Userlevel 7
Badge +3

Ahhh ok! Now I get you.

Unfortunately, that’s where things get a bit complicated. I did eventually manage to dump the network traffic from Kecleon via tcpdump, which luckily didn’t need Wireshark. It’s especially handy when you’re able to run tcpdump directly from one of your access points and have that print to stdout! :wink:

I can’t share the exact details, but Kecleon appeared to be communicating with a server running on an AWS EC2 instance. While the dump did include the IP of the remote host, it’s only possible to trace it back to Amazon Web Services at best. You can’t dig any deeper than that. As such, I can’t say for sure whether that particular EC2 instance is actually related to OVO or Chameleon, or whether it’s something else. That’s all I know.

As for getting data out of the cloud… That’s also something I’ve yet to figure out. Unfortunately, these CAD setups tend to be a bit more locked down than one might expect. But it’s something that I’d also like to see improvements with over time.

Securing energy by zapping security bugs... For that is The Blastoise Way!
K
Rank
Userlevel 2

@Blastoise186 I got a sort of response from Chameleon via twitter, where they say I cannot access the data. (twitter link) I am sure that what they are saying cannot be right. If they have my data, then surely they have to provide access to it? Is it worth talking to Ofgem or the ICOabout it?

Blastoise186
Rank
Userlevel 7
Badge +3

Sorry for the delay @kihon !

I had to sort out a few other things today. There’s a few unrelated sekrit developments going on that I can’t talk about publicly right now, but I hope to be able to soon.

As far as I’m aware, Chameleon’s API would only be usable if there was actual data going to it. I did some further analysis of the network traffic I captured from Kecleon the other day using tcpdump, but I’ve only managed to gather very limited info. In addition, I don’t think they’d have direct access to the data itself - it’d probably just pass straight through the API into whatever it’s hooked up to, while Chameleon themselves would have no access to it. Ofgem and ICO can’t intervene here. It’s also not personal data either, so GDPR doesn’t apply.

Based on the data I gathered, most of the traffic was related to communications between Kecleon and Exploud (my UniFi Dream Machine), so I had .to filter out a huge amount of noise from it - they really do love to chat to each other a lot because I had to filter 25,000 lines of packets out of the capture using Wireshark just from that alone!

What was interesting however, is that there were DNS requests that involved both that remote server and Kecleon’s hostname of chameleon-cad-(redacted).bugblasterblastoise.local (you can’t reach this domain by the way as it’s unrouteable!). And these didn’t seem to be Ubiquiti related either. So this could have been Chameleon related, but it’s hard to say...

Securing energy by zapping security bugs... For that is The Blastoise Way!
Transparent
Rank
Userlevel 7
Badge +4

Hi @kihon I’m unsure why you think that the data being displayed by your IHD is also being collected by Chameleon in the cloud. The only active link between your Smart Meter and the outside world is through its WAN connection.

And in any case your Liberty 100 will have been upgraded to SMETS2 firmware around July/Aug 2020 in preparation for it to be migrated onto the National Smart Meter Network. This is part of a phased operation called Middle Operating Capability (MOC).

It is prerequisite of the SMETS2 specification that there cannot be any on site port available which allows access to the code or data. The only active route is via the Data Communications Company (DCC) who use encryption for all data passing to/fro Smart Meters.

If this were not so, then it would leave open a route to compromise the UK domestic energy supplies by a hostile 3rd party.

Save energy... recycle electrons!
K
Rank
Userlevel 2

@Transparent I believe the IHD3-CAD transmits the meter data via Wifi (It connects to the Wifi network) @Blastoise186  has seen that the IHD6 version communicates with a server on the Amazon cloud every few seconds which indicates that it is attempting to send some data (There is no other reason to communicate so frequently). Their online brochures also imply that they are sending data to the cloud.

Given that this is one way data (ie uploading the meter readings and live consumption) it would not produce a significant route to compromise the grid. I believe several consumer CAD system work on the basis of uploading the data to cloud service, and even if they didn’t, there is nothing to prevent individuals from taking data from a CAD and uploading it.

 

Transparent
Rank
Userlevel 7
Badge +4

OK… I see where you’re coming from on this. But the main reason for connecting a CAD-IHD to the internet is to enable that data to be used for If This Then That logic rather than just having another method to obtain usage stats.

Even so, I think we must conclude that the optical port on your Smart Meter won’t allow you access.

Save energy... recycle electrons!
K
Rank
Userlevel 2

@Transparent Agreed - the optical port is disabled (And I can understand the reasoning for this). Im glad I found that out before I bought an optical reader cable!

My main query now is whether Chameleon have an obligation to provide access to my data on the cloud. They seem incredibly unresponsive to any attempts to access it.

K
Rank
Userlevel 2

@Blastoise186 Just a quick question regarding the CAD data. You mentioned that the CAD was sending data every few seconds.  Was that to the Amazon EC server or does that include the messages to Exploud?

 

The information below implies that the CAD sends the real time data to their cloud platform, which can then be queried by other devices. The question is does it do this automatically or do they need to send a command to the IHD to initiate it. If the latter, then there should be no real time data going to the servers. However if it is automatic, as soon as the device is connected to wifi, it would be sending data to their servers.

 

Given that they state you can view your real time energy on a mobile device and obtain insights into energy usage, that suggests to me that they have real time data as well as some historical data available for querying from their servers.

 

The IHD3-CAD-PPMID sends the user’s real time smart meter data securely to Chameleon’s cloud platform via the Chameleon CAD API. The real time data can then be linked to other IoT and connected home applications to unlock additional benefits for the consumer. With a CAD, customers can see their real time energy data on mobile devices and obtain additional insights into their energy use.

 

Thanks

Kihon

Blastoise186
Rank
Userlevel 7
Badge +3

Heya @kihon !

As far as I’m aware, I don’t think Chameleon Technologies would be able to provide you with any data access, since they probably wouldn’t have anything (what they might have would likely just get forwarded to whichever entity pulls the data in and then purged from Chameleon’s systems).

Kecleon is also not yet configured, so it’s still in a vanilla “demo mode” state right now, albeit with Wi-Fi already set up by me and a few minor settings changed in the settings menu based on my preferences. Other than that, it’s just a factory fresh IHD right now that’s waiting for setup.

What I do know however, is that most of the traffic it generates seems to remain within my LAN and it mostly talks to Exploud a LOT! I can definitely say they love to chat with each other non-stop :sunglasses:

I’d say that maybe 90% of the traffic Kecleon has generated so far remains within my IoT VLAN that makes sure Kecleon can’t access anything other than the internet.

There does seem to be occasional bursts of activity that goes to an IP address that seems to belong to another Amazon Web Services EC2, which might be Chameleon related. Hard to say really. I guess Kecleon might become more active once it’s configured, but that also depends on exactly how OVO uses the CAD functionality. :wink:

However, some of the communications that go to the first AWS EC2 instance appear to be more Ubiquiti related than Chameleon related. I finally managed to figure this out after a lot of data crunching. That particular server relates to the Cloud Access feature in UniFi and it relays data to the UniFi Network app on Totodile (it’s more secure to do it this way than via a direct connection). Exploud is my network controller and has a built-in Cloud Key, so nothing is actually saved on that server, it’s all kept on my local network and relayed from there.

Securing energy by zapping security bugs... For that is The Blastoise Way!

Reply


@OVOEnergy latest: