Just a reminder that all pre-paid meters (any brand, anywhere in the country) that have not been upgraded will stop accepting credit tokens on Sunday this week. Thereafter they will use whatever credit is on them, and then cut you off.
If you haven’t done the TID update, get it done quickly. I can’t speak for all suppliers, but certainly City Power (in greater Johannesburg) and Eskom are assisting people who have not done the upgrade, and will continue to do so for a while after the expiry date.
Not sure? Buy a small amount. Then scrutinise the voucher you get. You are looking for the letters “KRN” (Key Revision Number). If KRN is 2 then your meter is OK (until 2045 when this whole business starts again). If it is 1 then you need to act. Quickly.
In Johannesburg if you know your meter has not been upgraded, or are not sure, AND your meter is from City Power (not one of the third party pre-paid operators). Take the meter number (the number that you use when buying tokens) and your latest municipal account to your nearest City Power office.
The meter can still be upgraded after the 24th (Sunday), but between the 24th and the day of upgrading you will not be able to load any credit onto it.
Pre-paid water meters need the same upgrade.
Do not ask your neighbour what they did. The code to update the meter is unique for each meter. That’s why you should take the meter number with you.
I have been writing software for prepaid vending systems since 2005. I have integrated with a LOT of utilities.
And each and every integration since way back in 2005 has included a ‘must pass’ test case, where the vending server returns 4 tokens in sequence, and the vending software must present all 4 tokens in sequence to the end user to enter into the terminal.
This is a ‘worst case’ vend, and includes 2 key change tokens, 1 revenue token and 1 free token.
So, since the dawn of STS meters, every vending platform has been required to demonstrate that they can correctly deliver key change tokens to the end user, before they are allowed to vend for a utility.
All the utility needs to do is set the key change flag for a meter, and the next time they buy electricity, they will receive 3-4 tokens. All the end user has to do is enter all of these tokens in sequence on the meter.
For ~70% of users this is a non-issue. But there are always some that battle - especially given the rather cryptic error messages some meters give if you enter the tokens out of sequence. Most of these can be dealt with by a call centre operator talking the customer through the process. If that fails, they send out a technician.
This does result in a higher call centre/technician load during the process. As a result, utilities tend to batch these, doing a few % of meters per month.
Generally, the worst affected clients are those in the last batches, who also do not vend frequently.
Thanks for this explanation. What puzzles me is how the meters communicate with the server. Clearly they can’t be pre programmed when they are manufactured…
The techs who installed my new PAYG meter told me they communicate over the grid. That figures but must require repeaters at substations??
Each token that you type in is actually an encrypted command. It is decrypted by the meter, and then executed. Typically only unit load commands, but can reprogram a lot of aspects of the meter.
In my second year at university we were given a project to design an encryption scheme for prepaid meters. I didn’t do very well, but that is where I learned that it is indeed a kind of encryption. I don’t know how hard it would be to break the encryption. I suspect you’d need plenty of crypted text examples to launch some kind of known-cleartext attack, and that would just be prohibitively expensive.
The crypto is pretty solid - was developed by a number of top cryptographers and engineers.
Very resistant to plain text attacks and such.
The key weakness is the token generation. This is always done in an HSM (Hardware Security Module), and keys are shared by Supply Group Code.
So - the big weakness is to knock over an automated vending machine and steal the HSM… Can not invalidate it without a full key change across all the utilities meters (as they are doing now for TID rollover).
So far, that is the only known way to steal tokens.
I was thinking about that. COJ are calling for people to get the upgrade done, are staying open late, and have temporarily waived all penalties.
Why? It’s not hard to imagine that they’re playing a longer game in which all the people buying dodgy tokens will now have to buy from the City via legitimate channels
Sure, but I’m thinking if you put the amount of effort in that was used to DES or RSA128, you could probably break it. I just don’t think the juice is worth the squeeze*.
I am also assuming a few things, I don’t actually know what algorithm is used in STS. One paper I found hints that parts of DES might be used, but I have no idea. The other option, typically used for hardware encoding/decoding, is linear shift registers, and those also tend to be somewhat easy to break (but often not fast enough for the clear text to be of any use). This was 20 years ago, so I only remember bits and pieces. Given that the token is just 16 numbers, there is awfully little space to transfer data across, but then, you probably also don’t need very much.
That’s actually an interesting side note, for people who have only a movie-level understanding of encryption. Sometimes a weak cipher doesn’t matter. It just has to be strong enough so that by the time you break it, the data is worthless
*) Another digression: that was a movie reference. Something I learned recently. Apparently constant movie references is a neuro-atypical thing… ever since learning that I notice how often I do that. Probably to the consternation of a great many people.
Has there been any disclosure of the amount of this fraud?
I presume that there’s no way to determine that a fraudulent token has been used given that these transactions are local on the PAYG meter and are not available on a network??
No way; not yet anyway. RSA128 might be under threat if you use quantum computing - then it essentially becomes 64bit. You can look at the bitcoin puzzles - they are a pretty good indicator of where we are at. The 66-bit puzzle was just recently broken (and the 6.6btc reward stolen before the person that solved it could verify his transaction…)
Or you have an arrangement with somebody at City Power.
You come to you to me a token. I note down my meter number, take your cash, tell you to come back this afternoon, and I …err… place my order with my associate at CP.
I know that these systems can all be compromised. Gautrain have a card system, one card per passenger, the car holds the credit or season ticket, and you tap in and out of stations. There are folks who will recharge your card for you without Gautrain getting a cent from the transaction.
They don’t use whatever pre-paid meters use. There’s been no call to get your card replaced or uploaded.
This is a constant problem for City Power (and, I presume, all utilities). They know that fraud has gone on, they know that they have lost, they can’t put a number to it.
This is where the story about Eskom replacing meters originates. Eskom can insist on replacement of a compromised meter at a cost of 12K - it’s the one penalty they can apply. They are not saying the meter has to be replaced instead of being upgraded.
City Power certainly are waiving all penalties for now (“now” being this month AIUI). Many of the individual householders can’t pay the penalty and sure you could take thousands of individuals to court, but how much is that going to cost and how much blood can you squeeze from those stones?
So the best outcome (probably not ideal) is that people will start buying electricity through legitimate channels.
Where CP are playing hard ball is the with the entities that own millions. They have cut off several residential complexes this week because the body corporate, responsible for the bill, has not been paying. Those complexes each owe multiple millions, though in some cases the meters were bridged and so nobody really knows exactly how much it is.
