Smart meter hack could leave homes in the dark

Security controls lacking in electricity meters, claim researchers


Millions of homes could be at risk from a vulnerability found in smart electricity meters that could shut down power to them.

According to studies carried out by two security researchers, smart meters lack basic security and this leaves them open to being taken over by hackers. Criminals could use the flaws in meters to shut down power to homes or carry out billing fraud.

The research, carried out by Javier Vazquez Vidal and Alberto Garcia Illera, said the flaw affects smart meters installed by a Spanish utility company.

The meters are equipped with reprogrammable memory and run flawed code that could be used to remotely shut down power to individual households. The researchers said meter readings could be transferred to other customers and network worms could be downloaded onto meters that could leave millions of homes without power.

"You can just take over the hardware and inject your own stuff," Vidal told Reuters.

The researchers said the symmetric AES-128 encryption used in the smart meters  to secure communications was easy to bypass. Once past this, taking over the box was straightforward and unique IDs could be switched to impersonate other smart meters. The devices themselves could be then used to mount attacks against the power grid.

The pair tested devices in their own lab where they reproduced an attack on a smaller scale using several devices.

"Oh wait? We can do this? We were really scared," said Vidal. "We started thinking about the impact this could have. What happens if someone wants to attack an entire country?" 

The researchers declined to name the utility or the manufacturer of the flawed smart meter, but the three main electricity companies in the country are Endesa, Iberdrola and E.ON. Spain currently has eight million smart meters installed across the country.

 Smart meters are currently being rolled out, not only in Spain, but also in the UK as well. The EU wants to reduce energy use in Europe by having smart meters installed in more than two-thirds of homes by 2020.

The pair will discuss the attacks in greater detail at the Black Hat Europe hacking conference in Amsterdam next week.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Most Popular

How to find RAM speed, size and type

How to find RAM speed, size and type

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021