Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Holes Found In "Smart" Meters

Posted by timothy on from the intentional-bottleneck dept.

Hugh Pickens writes "In the US alone, more than 8 million smart meters, designed to help deliver electricity more efficiently and to measure power consumption in real time, have been deployed by electric utilities and nearly 60 million should be in place by 2020. Now the Associated Press reports that smart meters have security flaws that could let hackers tamper with the power grid, opening the door for attackers to jack up strangers' power bills, remotely turn someone else's power on and off, or even allow attackers to get into the utilities' computer networks to steal data or stage bigger attacks on the grid. Attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them, or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc, a vendor-independent consultant that performs penetration tests and security risk assessments." "Wright says that his firm found 'egregious' errors, such as flaws in the meters and the technologies that utilities use to manage data (PDF) from meters. For example, smart meters encrypt their data but the digital 'keys' needed to unlock the encryption are stored on data-routing equipment known as access points that many meters relay data to so stealing the keys lets an attacker eavesdrop on all communication between meters and that access point (PDF). 'Even though these protocols were designed recently, they exhibit security failures we've known about for the past 10 years,' says Wright."

2 of 224 comments (clear)

  1. Normally, I wouldnt recomend this... by Tepshen · · Score: 4, Insightful

    ...but there really should be a minimum security standard for infrastructure items like any city's power grid (or voting machines, or traffic systems, or water supplies, or any number of things you dont want folks monkeying with). Its really insane to hear about this considering how power stations and utilities are tightly regulated. It doesnt matter that the system is only open on the far end of the line because eventually someone will mess with it and show just why its a bad idea. Either make the system secure or dont make them so accessable.

  2. Re:Security holes found... by Sique · · Score: 4, Insightful

    Where do you see the government involved here? As far as I understood the article those meters are to be distributed by the utilities, and those (at least in California) are privately owned.
    So I call that a cheap shot from someone who wants his prejudices confirmed.

    --
    .sig: Sique *sigh*