Fabian Bräunlein and Luca Melette
A significant portion of Europe's renewable energy production can be remotely controlled via longwave radio. While this system is intended to stabilize the grid, it can potentially also be abused to destabilize it by remotely toggling energy loads and power plants.
In this talk, we will dive into radio ripple control technology, analyze the protocols in use, and discuss whether its weaknesses could potentially be leveraged to cause a blackout, or – more positively – to create a city-wide Blinkenlights-inspired art installation.
With three broadcasting towers and over 1.3 million receivers, the radio ripple control system by *EFR (Europäische Funk-Rundsteuerung) GmbH* is responsible for controlling various types of loads (street lamps, heating systems, wall boxes, …) as well as multiple gigawatts of renewable power generation (solar, wind, biogas, …) in Germany, Austria, Czechia, Hungary and Slovakia.
The used radio protocols Versacom and Semagyr, which carry time and control signals, are partially proprietary but completely unencrypted and unauthenticated, leaving the door open for abuse.
This talk will cover:
- An introduction to radio ripple control
- Detailed analysis of transmitted radio messages, protocols, addressing schemes, and their inherent weaknesses
- Hardware hacking and reversing
- Implementation of sending devices and attack PoCs
- (Live) demonstrations of attacks
- Evaluation of the abuse potential
- The way forward
Licensed to the public under http://creativecommons.org/licenses/by/4.0
This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.
Please look for "audio tracks" in your desktop video player.