It has been three years since the invention of the Open Smart Grid Protocol, and in that time it has found its way into over four million smart meters and devices worldwide.
It’s very similar to its brethren as it is full of security issues. Two researchers, Philipp Jovanovic of the University of Passau in Germany and Samuel Neves of the University of Coimbra in Portugal, published a paper exposing encryption weaknesses in the protocol.
The paper explains how the encryption scheme used in the OSGP is open to several attacks, the paper only demonstrates a few that can be exploited with minimal effort.
“This function has been found to be extremely weak, and cannot be assumed to provide any authenticity guarantee whatsoever,” the researchers wrote.
Adam Crain, a security researcher said the home made function is a “big red flag”.“Protocol designers should stick to known good algorithms or even the ‘NIST-approved’ short list”
The weaknesses discovered by Jovanovic and Neves enabled them to recover private keys with relative ease: 13 queries to an OMA digest oracle and negligible time complexity in one attack, and another in just four queries and 2^25 time complexity” “A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of 144 message verification queries, or one ciphertext-tag pair and 168 ciphertext verification queries”
Sounds like this is quite a nasty vulnerability!
Thank you to ThreatPost for providing us with this information
Image courtesy of WPA
Apple has reportedly slashed the production of its high-end Vision Pro headset in response to…
Meta has announced a significant expansion of its Horizon operating system, allowing third-party hardware makers…
Sony has announced an immediate update to remove an unintentional racial slur found in the…
Great news for all of you developers out there, as Unreal Engine 5.4 is here…
Horizon Forbidden West has gotten off to a great start on PC, with promising sales,…
Razer already has many of the absolute best gaming mice on the market, and it…