Smart meter hack could leave homes in the dark

Millions of homes could be at risk from a vulnerability found in smart electricity meters that could shut down power to them.

According to studies carried out by two security researchers, smart meters lack basic security and this leaves them open to being taken over by hackers. Criminals could use the flaws in meters to shut down power to homes or carry out billing fraud.

The research, carried out by Javier Vazquez Vidal and Alberto Garcia Illera, said the flaw affects smart meters installed by a Spanish utility company.

The meters are equipped with reprogrammable memory and run flawed code that could be used to remotely shut down power to individual households. The researchers said meter readings could be transferred to other customers and network worms could be downloaded onto meters that could leave millions of homes without power.

"You can just take over the hardware and inject your own stuff," Vidal told Reuters.

The researchers said the symmetric AES-128 encryption used in the smart meters to secure communications was easy to bypass. Once past this, taking over the box was straightforward and unique IDs could be switched to impersonate other smart meters. The devices themselves could be then used to mount attacks against the power grid.

The pair tested devices in their own lab where they reproduced an attack on a smaller scale using several devices.

"Oh wait? We can do this? We were really scared," said Vidal. "We started thinking about the impact this could have. What happens if someone wants to attack an entire country?"

The researchers declined to name the utility or the manufacturer of the flawed smart meter, but the three main electricity companies in the country are Endesa, Iberdrola and E.ON. Spain currently has eight million smart meters installed across the country.

Smart meters are currently being rolled out, not only in Spain, but also in the UK as well. The EU wants to reduce energy use in Europe by having smart meters installed in more than two-thirds of homes by 2020.

The pair will discuss the attacks in greater detail at the Black Hat Europe hacking conference in Amsterdam next week.

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.