About Gonzalo Carracedo

This author has not yet filled in any details.
So far Gonzalo Carracedo has created 16 blog entries.

Security in PRIME networks – Current status

By |1 Sep. 2020|

Since January 2019, all electricity meters for low power customers (up to 15 kW) in Spain are (or have been replaced by) smart electricity meters, allowing distributors to carry out consumption measurements and various supply point management operations remotely. Half of the smart electricity meters in the Spanish market use a PLC communications stack based on PRIME 1.3.6 in the lower layers and DLMS in the application layer. In March 2020, Tarlogic presented the results of its research about the security of these networks at the RootedCON of the same year, demonstrating that traffic at the PRIME level was not encrypted and that, at the DLMS level, although some traffic was exchanged encrypted (using dedicated keys), most of it remained ...

> Read More
Comments Off on Security in PRIME networks – Current status

LoRaWAN 1.0, vulnerabilities and backward compatibility in version 1.1

By |6 Jul. 2020|

To understand the security improvements introduced in 1.1, it is necessary to have a thorough understanding of the security mechanisms described in LoRaWAN 1.0. LoRaWAN Security As described in the previous article, whatever the activation procedure used, the communication is protected by two AES128 session keys: AppSKey and NwkSKey. These keys are not used to encrypt in block mode but in flow mode, from a variation of the CTR mode (Counter mode) named CCM*. CTR is a well-known method for converting a block cipher (such as AES128) into a stream cipher. For this purpose, the plain text is divided into blocks of the size accepted by the block cipher and each block of plain text is combined (e.g. bit by ...

> Read More
Comments Off on LoRaWAN 1.0, vulnerabilities and backward compatibility in version 1.1

Cybersecurity in LoRa and LoRaWAN: Context and Background

By |19 Jun. 2020|

Since the beginning of the 21st century, the concept of Internet of Things (IoT) has gradually evolved from the initial vague ideas related to the interconnection of everyday objects to a better-defined system of integrated technologies, practices and infrastructures. These objects can have ubiquitous connectivity thanks to Low Power Wide Area Networks (LPWAN), an umbrella term that encompasses various wireless and narrowband communication technologies, such as LoRaWAN, SigFox or ZigBee, which allow devices to interconnect with relatively low power consumption. However, from the point of view of cybersecurity, as these networks become more widespread, the attack surface of systems is significantly increasing. As such, a comprehensive study of these networks turns out to be essential. A LoRa node welded ...

> Read More
Comments Off on Cybersecurity in LoRa and LoRaWAN: Context and Background

Smart Meters – Assessing Concentrator Risk

By |21 Apr. 2020|

A key element in any remote management infrastructure is the concentrator.  This device, located between the PLC network to which the smart meters are connected and the IP network of the distributor, performs the following functions: Meter detection in each of its phases (concentrators usually have a three-phase supply) Reception of consumption data Sending orders and report requests to meters Connection to the FTP server for measurement storage Acceptance of remote management orders (STG-DC) This device is not usually exposed to the Internet. In particular, it is often found in the distribution substation in neighbourhoods where there are intelligent meters, connected to a private network for which the distribution company is responsible. This means that, in order to compromise the ...

> Read More
Comments Off on Smart Meters – Assessing Concentrator Risk

Smart Meters – A proof of concept: hacking a smart meter

By |6 Mar. 2020|

In previous articles, sufficient evidence has been provided (both from theory and passive observation PLC traffic) to prove that the PRIME protocol is vulnerable to cyberattacks due to the combination of a deprecated protocol (featuring different security flaws) and an inadequate configuration of communications security. These deficiencies cannot be easily fixed by a simple firmware upgrade (either from concentrator or meter manufacturers) as it would break existing compatibility with PRIME 1.3, therefore any mitigation measure should be carried out by distribution companies. The only unanswered question is, how feasible is to exploit these vulnerabilities? In this article, we will test some of the previously-listed techniques with the ultimate goal of hacking a smart meter and operating it remotely. To carry ...

> Read More
Comments Off on Smart Meters – A proof of concept: hacking a smart meter

Smart Meters – The Spanish Scenario and the Telemanagement System

By |17 Oct. 2019|

Smart meters have become a reality in recent years not only in new housing, but also in older buildings where—by legal requirement—they have had to renew their measuring devices. In particular, and in accordance with Order IRC /3860/2007 of the 28th of December, all electricity meters supplied with a contracted power of up to 15 kW should have been replaced by equipment which allows time-based pricing  and remote management by the 31st of December 2018. Integrated into the concept of smart grids, the computerization of the electricity distribution infrastructure is not only an opportunity to improve the efficiency of the management and use of it, but also an implementation challenge from the point of view of cybersecurity, with new networks, ...

> Read More
Comments Off on Smart Meters – The Spanish Scenario and the Telemanagement System

Linux process infection

By |21 Dec. 2018|

Among the different tasks that a Red Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence. Unfortunately, most of this persistence mechanisms are based on keeping copies of an executable file in different locations, with one or more activation techniques (e.g. shell scripts, aliases, links, system boot scripts, etc.), and therefore a Blue Team’s security expert or a Threat Hunting team would only need to locate a working copy of the file and analyze it in his/her computer. Although the security expert will find out what is going on sooner or later, it’s also true that some techniques can be implemented in order ...

> Read More
 2

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

Cookies policy