KRN rollover was not a bug

Jan

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
14,778
Reaction score
13,421
Location
The Rabbit Hole
Truth about the electricity prepaid meter "bug"

The need to update tens of millions of prepaid electricity meters to ensure they can continue accepting tokens is not due to a "bug" or "glitch" but an intentional time-based feature to combat fraud.

The deadline for recoding Standard Transfer Specifications (STS) meters to extend their useability passed on 24 November 2024.
 
It's a communications protocol.

There's a much simpler design that doesn't even have "date" as a parameter.

Just encode kWh and other details and add Carter and Wegman code as a message authentication code.
 
The real issue was not that KRN rollover was necessary, but that Eskom and municipalities waited too long before they started updating their over eleven million prepaid customers’ meters.
Click to expand...
If you bought legal vouchers, you would receive the two Key Revision Number tokens.
Obviously 2.1m thieves were not buying electricity.

The problem is that Eskom does not seems to have any desire to find the 2.1m thieves.
Eskom seems quite happy with the 2.1m leeches.
 
  • Like
Reactions: rh1
It's the same concept as when a Certificate Authority (CA) expires, all certs issued by that CA become invalid and must be updated.
 
adam_g said:
It's the same concept as when a Certificate Authority (CA) expires, all certs issued by that CA become invalid and must be updated.
Click to expand...
Indeed it is, but the journos cannot comprehend that.. it's above their pay grade.
The key was due for change MANY MANY YEARS AGO, but ag tog, you know Eskom...
Proper procedure would have been to update the key when the compromise became known aka ghost vending.
 
system32 said:
If you bought legal vouchers, you would receive the two Key Revision Number tokens.
Obviously 2.1m thieves were not buying electricity.

The problem is that Eskom does not seems to have any desire to find the 2.1m thieves.
Eskom seems quite happy with the 2.1m leeches.
Click to expand...
100%.

I got my code so long ago I couldn't remember if I was actually updated and had to double check.

They've been upgrading these meters for ages. It's just the mad scramble that happened in the last couple of weeks.

Only complaint I have is there support call lines weren't functional in those last few weeks so I had to get my own KRN2 token and load it to prove to myself that it was upgraded. Had I genuinely needed help upgrading I would have been totally screwed.
 
porchrat said:
100%.

I got my code so long ago I couldn't remember if I was actually updated and had to double check.

They've been upgrading these meters for ages. It's just the mad scramble that happened in the last couple of weeks.

Only complaint I have is there support call lines weren't functional in those last few weeks so I had to get my own KRN2 token and load it to prove to myself that it was upgraded. Had I genuinely needed help upgrading I would have been totally screwed.
Click to expand...
Yup pretty much this.

What is funny and a bit annoying is that I helped a few people on our community whatsapp group when they got the 3 tokens months ago. The same people spammed the group last week to try and get help with checking whether their meters were up to date (because the Eskom support options were all swamped)
 
Also, afaik it was the world that needed to update their meters not just SA?

I got my token at the end of October I have a Landis & gyr meter I use https://www.prepaid24.co.za/ I am not sure if its down to the service you are using to buy electricity or the meter manufacturer to issue the codes.
 
I don't know anything about the STS because it's a South African-only thing despite all the talk about it being global and it doesn't even have a Wiki page.

But clearly this is closer to being a "bug" than a "feature". It's definitely not a security feature and has nothing to do with combatting fraud -- the STS itself might but not this aspect of it.

The article itself says:

The STS designers intentionally limited the number of minutes to about 16.7 million (technically, 24 bits) to avoid exceeding the range occupied by the token digits.
In other words, they could have chosen to increase how many minutes the timer counts, but then the voucher codes would also become longer.
Click to expand...

So it's a classic design trade-off.

If it were a security feature a la certificate expiry then it would have been chosen to be much shorter than a 21 year interval. Closer to 1 year I would imagine.

Think we can just be glad the mysterious "designers" of the standard (aka a guy called Wikus at Eskom c. 1989) actually implemented rollover at all.
 
Maybe they should buy a Crowdstrike solution for it.
 
Tomtomtom said:
I don't know anything about the STS because it's a South African-only thing despite all the talk about it being global and it doesn't even have a Wiki page.

But clearly this is closer to being a "bug" than a "feature". It's definitely not a security feature and has nothing to do with combatting fraud -- the STS itself might but not this aspect of it.

The article itself says:



So it's a classic design trade-off.

If it were a security feature a la certificate expiry then it would have been chosen to be much shorter than a 21 year interval. Closer to 1 year I would imagine.

Think we can just be glad the mysterious "designers" of the standard (aka a guy called Wikus at Eskom c. 1989) actually implemented rollover at all.
Click to expand...
Usual trade-offs for stuff running on limited processing power (think embedded MCUs in the meters)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X