UNDERSTANDING HOW THE KENYA POWER TOKEN SYSTEM WORKS
Most of us have seen and interacted with this machine, but have you ever wondered how the Kenya Power Prepaid system works to meter your electric consumption and cut the power when you forget to reload the Tokens? In this reading, we shall learn more about the system, understand how it works, explore some of its vulnerabilities, compare it to other metering systems, and discover its advantages and disadvantages.
Let’s first look at some keywords we shall use throughout this reading:
- Token — the 20 digit numeric code provided by Kenya Power. Each Token is unique and contains the amount of electricity units to be credited by the meter for use.
- CIU (Customer Interface Unit) — this is the official name of the device shown above on which one inputs the Token for loading.
- Daraja — a sort of bridge that connects M-Pesa to external businesses, e.g Kenya Power.
Let’s begin by looking at some of the Frequently Asked Questions you may have about the system:
- Why must I always plug the CIU into a wall socket?
I’m sure some of us may have wondered why the CIU must be connected to the wall socket even if it’s running on batteries. The answer is that it communicates by using the electric wires in the house with the meter, a technology known as PLC (Power Line Communication) This communication allows for the loading of Tockens and other functionalities.
2. Why can’t my Token work at my friend’s house?
The Tokens are generated specifically for your meter. Remember the account number you provided when purchasing Tokens? It is used to generate the Token hence making it meter specific.
3. Why can’t Kenya Power load my Tokens remotely?
We may have found ourselves in a situation where our CIU is not working and called customer care, hoping that they could help out. You will often be advised by the Kenya Power personnel to change the batteries in the CIU, plug it in, and try again. This brings up the wonder of why they can’t just load the Tokens onto your meter remotely.
The reason why there is no remote loading of Tokens is because the CIU and meter are completely isolated from Kenya Power.
4. How does the system tell if the Tokens are valid?
You may be wondering how the meter tells if the Token you input is valid if it is indeed completely isolated from Kenya Power. To answer this, let’s have a closer look at what the Token really is. The Token is your meter number and corresponding electricity units encrypted in a 20-digit numeric code. This code is then decrypted by the meter, making it possible to have Token validation even if it is completely isolated.
5. How does the meter know that I have exhausted my units?
The meter keeps track of the number of units consumed by a household. For example, when 10 units of power are purchased, the meter counts until 10 units are exhausted. When they are indeed exhausted, it cuts the power to the house until another Token is loaded.
By looking at these questions and their answers, we have gained some understanding of the Kenya Power Pre-paid System. We can even say that this technology is quite ingenious! Now that we have understood the Kenya Power implementation of a meter, let’s take a look at another meter system and do comparisons.
CASE STUDY OF ANOTHER METERING SYSTEM
There are other meter systems, often for water metering. These systems are a bit different from Kenya Power’s implementation in that they communicate directly with the company they belong to.
These meters are set up in such a way that they record the readings of the utility consumed, e.g. water, and transmit them to the company. The transmission of these readings is done at equal intervals. When the company discovers that the customer has exhausted their units from the readings transmitted, it sends a signal to the meter instructing it to close the valve/switch.
Another communication done between the meter and the company is when the customer is purchasing units. Upon successful purchase, the company sends a signal to the meter to instruct it to open the valve/switch. The valve/switch is kept open until the units purchased are exhausted.
However, this and other forms of communication are kept to a minimum. This is so as to increase the life span of the meters, as they are battery-powered. For this reason, you may find them sending readings once every two days.
ADVANTAGES OF THE KENYA POWER METERING SYSTEM
- Saves on communication costs: as there is no communication between the meter and the company.
- Secure: the Tokens are very difficult to decrypt and reproduce.
- Requires little maintenance.
- Ensures simplicity: as the meters are isolated from the company, there is no need to build a complex infrastructure to allow communication between the meter and the company.
DISADVANTAGES OF THE SYSTEM
- Tokens cannot be loaded remotely: this may cause inconveniences when the CIU has some technical issues
- Tokens are not transferable: one is forced to sacrifice Tokens that they had already loaded at their previous home before moving to a new place.
We have come a long way in exploring and understanding Kenya Power’s system. Now, let’s have a look at the payment infrastructure for Tokens. There are several ways of purchasing Tokens, some of them being through M-Pesa, Airtel Money, purchasing through banks, and directly purchasing Tokens from Kenya Power.
For the rest of this reading, we shall look at M-Pesa infrastructure, as M-Pesa is the most common way of buying Tokens. We will also explore a certain vulnerability in this payment infrastructure.
THE WORKING OF THE M-PESA PAYMENT SYSTEM
This is by far the easiest way to buy Tokens. Kenya Power integrates with M-Pesa through Daraja. When a customer buys Tokens through M-Pesa, Daraja notifies Kenya Power of the same. Kenya Power, in return, sends the purchased Token through SMS to the customer. A C2B workflow is used in this particular configuration.
STAGES OF THE PAYMENT PROCESS
- Payment initiation
The customer goes ahead to initiate the payment by purchasing the amount of Tokens they would like through Kenya Power’s Pre-paid Till Number. They enter the account number as their meter number.
2. Authentication and authorization
M-pesa confirms that the PIN entered by the customer is correct to ensure that it was really them who initiated the transaction. Upon successful confirmation, it authorizes the customer to move on to the next steps.
3. Payment validation request
For M-pesa to carry out the transaction, it needs to validate that the account number entered is valid. Since M-pesa does not have a record of Kenya Power Meter numbers, it requests Daraja to validate the same with Kenya Power.
4. Validation request
Daraja communicates with Kenya Power to validate the customer’s account number.
5. Validation response
Kenya Power then responds to determine whether the account number is valid or not. If the account number is correct, the transaction is completed; if the meter number is incorrect, the payment process is aborted.
6. Payment validation response
Daraja then carries forward the response to M-pesa which in turn proceeds with the process or terminates it, depending on the response.
7. Payment confirmation
Upon successful validation of the meter number, M-pesa debits the customer’s M-pesa balance and credits it to Kenya Power’s Till. It then sends a confirmation to Daraja that the payment has been made.
8. Payment acknowledgement
Daraja then acknowledges that the payment has been made prior to notifying Kenya Power of the same.
9. M-pesa notification
M-pesa goes ahead and sends an SMS confirmation to the customer with its corresponding transaction ID and M-pesa balance after the transaction.
10. Payment acknowledgement
Daraja then sends a notification to Kenya Power acknowledging that the payment of a certain amount has been made by the customer.
11. SMS with Token
Kenya Power,, in turn, generates a Token by encrypting the meter number and the number of units equivalent to the amount paid in a 20-digit numeric code. It then sends the Token to the customer for him/her to input it using the CIU.
By the end of this reading, you will have understood how the whole payment process happens through M-pesa. It is quite fascinating that all of this happens in seconds. Technology is quite interesting!
Now, for those of you with a keen eye for vulnerabilities, you may have figured out a way of getting a Token message from Kenya Power without necessarily paying for it. If you haven’t, scroll up to the flow chat real quick and try to figure out how this is possible.
HINT: It’s among the last stages
You got it? Well done!! Now let’s have a closer look at this vulnerability.
The vulnerability is at step 10, Payment acknowledgment. For all the nerds out there, you may be thinking of spoofing Daraja’s notification to Kenya Power of Payment Confirmation. This is indeed possible. With enough research, one can send a fake Payment acknowledgment notification to Kenya Power and, in return, get a free ksh 5000+ Token!!
Before you think of leaving this page and researching how this is possible, stop!!! Safaricom already thought of this vulnerability and implemented a security patch, hoping that Kenya Power implemented it at the time of writing.
Safaricom encourages companies expecting payment notifications to whitelist only their IP addresses. This would stop any bad actors, such as ourselves, from sending a fake payment notification. A list of these IP addresses is available in Daraja’s documentation.
Congratulations for making it to the end of this reading. It is my hope that you have learnt how the Kenya Power Meter System and M-Pesa payment infrastructure works. If you have found it helpful, like this post and share it with your friends so that they can also benefit from it.