Could lax smart meter security blackout the UK?

Will poor smart meter security result in hackers being able to blackout neighborhoods on a whim?

Will poor smart meter security result in hackers being able to blackout neighborhoods on a whim?

According to U.K. security firm Digital Assurance, the idea of hackers being able to cut our power supply is a reality. The director of the company, Greg Jones, believes that weak authentication checks and poor firewalls which allow malicious code injections are just some of the ways hackers could affect our way of life -- going a step further than stealing copper piping from electric cables.

After analyzing samples of two different types of smart meter -- those that control and monitor electricity and gas -- Digital Assurance found that wireless communications are often at fault and provide a means for hackers to infiltrate power systems. Jones says that malicious code could make its way from a compromised meter into a power company's security system, or the wireless link between meter and supplier could be cracked.

However, it won't necessarily be security experts that are doing the hacking. Instead, the firm says that nothing more than a software-defined radio (SDR) and PC are needed to break into meters designed to help make our cities more efficient and smarter about energy use.

In addition, Jones claims that typical smart meters are also vulnerable to hardware tampering. The security chief says that Xbox games are more secure, and that "smart meters are essentially crap computers in a crap box."

Over 50 million smart meters are expected to be installed across the U.K. by 2019. However, as we rely more on connected devices to run our homes and businesses, it is up to vendors to provide in-built defenses not only to protect consumers, but their own infrastructure.

"The only way of protecting a wireless device from an SDR attack at present is to ensure that it has been designed, configured and deployed to resist over-the-air attacks," Jones noted. "Very few vendors of such equipment will give this type of assurance, so independent testing is currently the only option until the industry applies itself to developing a solution."

Read More: The Register

Image credit:

This post was originally published on