A presentation at the 38th Chaos Communication Congress (38C3) revealed concerning security flaws in Europe's radio-based power control system. The system, which manages renewable energy production and various electrical loads across multiple European countries, lacks basic security measures against potential attacks.
The radio ripple control system, operated by EFR GmbH (Europäische Funk-Rundsteuerung), uses longwave radio signals to remotely control street lighting, heating systems, charging stations, and renewable power generation facilities including solar, wind, and biogas plants. The network spans Germany, Austria, Czechia, Hungary, and Slovakia, with three broadcasting towers serving over 1.3 million receivers.
Security researchers discovered that the system's protocols - Versacom and Semagyr - transmit control signals without encryption or authentication. This vulnerability could allow malicious actors to send unauthorized commands to millions of devices across the network.
The researchers demonstrated how the weakness could be exploited to create unauthorized control over street lights and power generation facilities. While one creative application could turn cities into large-scale light art displays (dubbed "Blinkencity"), more concerning scenarios include the potential to destabilize the power grid by manipulating energy loads and generation.
The presentation included live demonstrations of potential attacks and detailed technical analysis of the system's protocols, addressing schemes, and hardware components. The researchers also discussed possible solutions to improve the system's security.
This discovery raises questions about the security of critical infrastructure systems and highlights the need for implementing proper authentication and encryption in industrial control systems, particularly those managing essential services like power distribution.