Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Holes Found In "Smart" Meters

Posted by timothy on from the intentional-bottleneck dept.

Hugh Pickens writes "In the US alone, more than 8 million smart meters, designed to help deliver electricity more efficiently and to measure power consumption in real time, have been deployed by electric utilities and nearly 60 million should be in place by 2020. Now the Associated Press reports that smart meters have security flaws that could let hackers tamper with the power grid, opening the door for attackers to jack up strangers' power bills, remotely turn someone else's power on and off, or even allow attackers to get into the utilities' computer networks to steal data or stage bigger attacks on the grid. Attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them, or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc, a vendor-independent consultant that performs penetration tests and security risk assessments." "Wright says that his firm found 'egregious' errors, such as flaws in the meters and the technologies that utilities use to manage data (PDF) from meters. For example, smart meters encrypt their data but the digital 'keys' needed to unlock the encryption are stored on data-routing equipment known as access points that many meters relay data to so stealing the keys lets an attacker eavesdrop on all communication between meters and that access point (PDF). 'Even though these protocols were designed recently, they exhibit security failures we've known about for the past 10 years,' says Wright."

4 of 224 comments (clear)

  1. Re:Same same but different by peragrin · · Score: 5, Informative

    um no. with the old meters you can't jack up someone's power bill without shattering the glass globe which surrounds it. and you can't use a laptop to shut off their power. you have to physically cut the cables which leaves marks.

    So it isn't the same situation. breaking a physical lock leaves traces. using a laptop to hack the meter and kill power to each house. doesn't leave a lot of marks that can be traced.

    --
    i thought once I was found, but it was only a dream.
  2. Re:i'm asthonished by ascari · · Score: 5, Interesting

    There no absolute "need" but it greatly simplifies reading meters "on the fly", since the utility company personnel doesn't have to park, walk up to the house, get bitten by dogs etc. So in the end it's to save cost and presumably keep energy bills down.

    Of course, if there was a way gauge energy consumption truly remotely from a central location that would be better, and also negate the "need" for wireles...

    Hacking: expect lawsuits here in the US!

  3. Very meticulous methodology report... by Securityemo · · Score: 5, Informative

    I've read through both PDFs, and they really go into a lot of detail on the experimental methodology. The main thing they seem to be concerned about (and the only vulnerability they detail) are extracting the encryption keys from the meter firmware ("some" meters) and reverse-engineering the command protocol. While this could be a threat, being able to turn off/manipulate individual home meters isn't going to have any far-ranging effects beyond that. It also, obviously, requires a lot of reverse-engineering skill. I'd be more concerned with someone packaging this into a bluebox-style solution for manipulating your own meter, giving you free power? Earlier in the methodology report they talk about IR ports and similar being unsecured due to the perceived unlikelihood of attacking them, but they don't detail anything about that in the presentation PDF. That would be easier to exploit, though, so they might be keeping a lid on the more critical vulns?

    --
    Emotions! In your brain!
  4. I Smell A Rat by anorlunda · · Score: 5, Interesting

    I was an engineering consultant for 40 years. I'm well familiar with the politics and ethics of engineering studies. Something is fishy here.

    The AP says that Wright's firm was hired by three utilities. The web material suggests that it was actually ucaiug.org (an association of both vendors and utilities) Presumably, they financed the security study to expose vulnerabilities so that they could fix them. They did it openly and allowed the report to be published. That's laudable and responsible behavior. It is the opposite of denial and secrecy.

    Normally, Wright and his team write the report and the vendors and utilities fix the problems. However, Wright is going pubic in a big way. He, with cooperation from the media, is mongering fear and suggesting that the vendors and utilities don't care about security. He's acting in a way that brings maximum bad publicity to his financial sponsors. That is extraordinary behavior for a consultant. If it was I that hired him, I would feel betrayed.

    I really can't tell if he's doing it for shameless and unethical purposes of self promotion, or whether there was a breakdown in relations between the consultant and the clients. Somewhere there is an enormous untold back story.