Smart meter hack could leave homes in the dark
Security controls lacking in electricity meters, claim researchers
Millions of homes could be at risk from a vulnerability found in smart electricity meters that could shut down power to them.
According to studies carried out by two security researchers, smart meters lack basic security and this leaves them open to being taken over by hackers. Criminals could use the flaws in meters to shut down power to homes or carry out billing fraud.
The research, carried out by Javier Vazquez Vidal and Alberto Garcia Illera, said the flaw affects smart meters installed by a Spanish utility company.
The meters are equipped with reprogrammable memory and run flawed code that could be used to remotely shut down power to individual households. The researchers said meter readings could be transferred to other customers and network worms could be downloaded onto meters that could leave millions of homes without power.
"You can just take over the hardware and inject your own stuff," Vidal told Reuters.
The researchers said the symmetric AES-128 encryption used in the smart meters to secure communications was easy to bypass. Once past this, taking over the box was straightforward and unique IDs could be switched to impersonate other smart meters. The devices themselves could be then used to mount attacks against the power grid.
The pair tested devices in their own lab where they reproduced an attack on a smaller scale using several devices.
"Oh wait? We can do this? We were really scared," said Vidal. "We started thinking about the impact this could have. What happens if someone wants to attack an entire country?"
The researchers declined to name the utility or the manufacturer of the flawed smart meter, but the three main electricity companies in the country are Endesa, Iberdrola and E.ON. Spain currently has eight million smart meters installed across the country.
Smart meters are currently being rolled out, not only in Spain, but also in the UK as well. The EU wants to reduce energy use in Europe by having smart meters installed in more than two-thirds of homes by 2020.
The pair will discuss the attacks in greater detail at the Black Hat Europe hacking conference in Amsterdam next week.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now