Home / Business / Smart Takes
Follow this blog:
RSS

Report: Smart meters have security holes that could allow hackers access to grid

By | March 30, 2010, 4:30 AM PDT

Smart meters used to deliver electricity more efficiently have flaws that could let hackers tamper with the power grid, according to a new report.

According to security firm InGuardians, a thief could tamper with the system by simply stealing a smart meter — which can be found outside a home — and reprogramming it.

Similarly, an attacker could sit near a home or business and simply wirelessly hack the meter from a laptop.

At the least, it could mean a hacker could impersonate your meter and boost your power bill.

At the most, it could mean a compromised power grid — including the ability for a hacker to remotely turn off power to a location.

The firm was hired by three utilities to study their smart meters’ resistance to attack. What those companies discovered were several flaws that the utilities would not have even been able to detect had they been exploited.

More than 8 million smart meters have been deployed by electric utilities in the United States, with some 60 million slated to come online by 2020, according to The Edison Foundation.

That’s not the only way to hack a smart meter, either: IOActive researcher Mike Davis demonstrated last year how a computer worm could spread among smart meters in a power grid, allowing hackers control of the devices.

Suddenly, it seems the U.S. Department of Energy needs to get real cozy with the Department of Defense.

A few more details about the discovered flaws:

  • One was a weakness in a communications standard used by the new meters to talk to utilities’ computers.
  • The digital “keys” used to decrypt data were stored on more easily accessible access points, rather than on computers deeper inside the utilities’ networks.
  • Vulnerabilities were found in products from all five of the meter makers studied.

The company is expected to present its findings Tuesday at a conference on infrastructure security.

Want to learn more? Read the company’s attack methodology (.pdf) and its presentation (.pdf) on the topic, Advanced Metering Infrastructure (AMI).

[via Associated Press]

Start your week smarter with our weekly e-mail newsletter. It's your cheat sheet for good ideas. Get it.

Andrew Nusca

About Andrew Nusca

Andrew Nusca is editor of SmartPlanet.

Andrew Nusca

Andrew Nusca

Editor

Andrew Nusca is editor of SmartPlanet and an associate editor for ZDNet. Previously, he worked at Money, Men's Vogue and Popular Mechanics magazines. He holds degrees from the Columbia University Graduate School of Journalism and New York University. He based in New York but resides in Philadelphia.

Follow him on Twitter.

Andrew Nusca

Andrew Nusca
Andrew Nusca does not hold any investments in the companies he covers.
People who read this also liked...
7
Comments
Add Your Opinion

Join the conversation!

Follow via:
RSS
0 Votes
+ -
RE: Report: Smart meters have security holes that could allow hackers access to grid
It sounds more like our utility companies fundamentally have poor
network infrastructure, and no understanding of physical or digital
security. What's to keep someone from physically reworking their meter
now? So, perhaps the story shouldn't be that smart meters have security
vulnerabilities, but instead that public utilities have systemic
vulnerabilities that have persisted for decades and a culture of
neglect and inadequacy that keeps those vulnerabilities from being
addressed.
Posted by tkejlboom
31st Mar 2010
0 Votes
+ -
Old news
The date on this report is January 2009 - it's in the PDF.

Now, it's March 2010. What has happened in the last 14 or 15 months?

This is more "olds" than "news"
Posted by oldbaritone
31st Mar 2010
0 Votes
+ -
RE: Report: Smart meters have security holes that could allow hackers access to grid
Eye recognition can minimize improper entry into systems, why do we not start using eye recognition rather that signature. this could be employed in any situation where recognition is needed, for whatever reason it is necessary.
Posted by Norman Harrop
2nd Apr 2010
0 Votes
+ -
RE: Report: Smart meters have security holes that could allow hackers access to grid
I had heard that they have been hacked in the wild to cripple them so that they don't report the correct amount of power so that it helps to hide houses growing marijuana plants.
Posted by Unc Al
13th Apr 2010
0 Votes
+ -
seeding the wild
I was only curious. I have a smart meter, and the installer said it was to determine what power was where. If it's all smart then would the transformer say hey the numbers dont add up? I am losing power between x, y, and z. Am I late on this post? I do live in country, country although I dont like. I just run the cable tv to the radio and get Mtv.
Posted by 1turbofreak
10th May
0 Votes
+ -
RE: Report: Smart meters have security holes that could allow hackers access to grid
When are we going to realize that distributed energy- home solar, wind,
geothermal and even nuclear- are the solution to grid security not to
mention ending the monopolization of power by our corrupt, incompetent
and inefficient centralized system? BTW: I live in a major US city and
both my home and business are totally solar-powered, secure and I'm not
broke.
Posted by ken@...
13th Apr 2010
0 Votes
+ -
Utilities DO have poor insfrastructure
In general utilities in the US have very poor control over their systems, and the systems are seldom equipped with enough fail-safes to avoid the occasional "multiple point failure."

This is because there is little incentive for them to spend resources on reliability, so long as the systems are 'reliable enough' for the users.

This explains things like ISP's who routinely have outages and slowdowns for lengthy periods during the day, since so long as the problems are below a threshold of discomfort by the users, their profits remain intact--and users can usually be mollified by a token 'credit,' which actually costs little in many cases, but has a much higher perceived value to the users.

The problem is that as time goes on, utilities become essentials, and disruptions that are tolerable are much shorter and less frequent.

Loss of power over large areas costs lives and money--but it seldom comes to rest on the power companies balance sheet.

Just as environmental damages awarded by a court are big news--but the fact that the actual amounts paid are reduced by 95% goes unrecognised.

This is a way for some people to make money at the expense of everyone else.

Things only become important to organisations in a capitalist-based economy if the consequences of it being important either makes money or prevents lose. And until our balance sheets and P&L's account for the non-monetary pluses and minuses, that will not change.
Posted by wizoddg
13th Apr 2010
Join the conversation
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the SmartPlanet Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with SmartPlanet

SmartPlanet Weekly Newsletter
SmartPlanet Weekly Newsletter

Facebook Activity

View Results

Quick Poll

How is your organization connecting and engaging to become social?

View Results

Blog Archive