The Associated Press reports on security problems with “smart” meters, which are used in “smart grids,” where utilities would be able to collect granular data about consumers’ energy consumption — down to the daily electricity use by the fridge in your kitchen or the TV in your bedroom. “In the U.S. alone, more than 8 million smart meters have been deployed by electric utilities and nearly 60 million should be in place by 2020, according to a list of publicly announced projects kept by The Edison Foundation, an organization focused on the electric industry,” the Associated Press reports.
Plans to create smart grids have raised privacy questions, but now they’re raising security questions, as well.
Computer-security researchers say new “smart” meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.
At the very least, the vulnerabilities open the door for attackers to jack up strangers’ power bills. These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else’s power on and off. […]
By being networked to computers in electric utilities, the new meters can signal people or their appliances to take certain actions, such as reducing power usage when electricity prices spike.
But the very interactivity that makes smart meters so attractive also makes them vulnerable to hackers, because each meter essentially is a computer connected to a vast network.
The security problems were highlighted by security analysts at InGuardians Inc., which said “the attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them. Or an attacker could sit near a home or business and wirelessly hack the meter from a laptop.” Three utilities, which were not named, hired InGuardians to test their smart meters.
There is no evidence the security flaws have been exploited, although [Joshua Wright, a senior security analyst with InGuardians Inc.] said a utility could have been hacked without knowing it. InGuardians said it is working with the utilities to fix the problems. […]
Industry representatives say utilities are doing rigorous security testing that will make new power grids more secure than the patchwork system we have now, which is already under hacking attacks from adversaries believed to be working overseas. […]
But many security researchers say the technology is being deployed without enough security probing.
Wright said his firm found “egregious” errors, such as flaws in the meters and the technologies that utilities use to manage data from meters. “Even though these protocols were designed recently, they exhibit security failures we’ve known about for the past 10 years,” Wright said.