According to security firm InGuardians, a thief could tamper with the system by simply stealing a smart meter -- which can be found outside a home -- and reprogramming it.
Similarly, an attacker could sit near a home or business and simply wirelessly hack the meter from a laptop.
At the least, it could mean a hacker could impersonate your meter and boost your power bill.
At the most, it could mean a compromised power grid -- including the ability for a hacker to remotely turn off power to a location.
The firm was hired by three utilities to study their smart meters' resistance to attack. What those companies discovered were several flaws that the utilities would not have even been able to detect had they been exploited.
That's not the only way to hack a smart meter, either: IOActive researcher Mike Davis demonstrated last year how a computer worm could spread among smart meters in a power grid, allowing hackers control of the devices.
Suddenly, it seems the U.S. Department of Energy needs to get real cozy with the Department of Defense.
A few more details about the discovered flaws:
- One was a weakness in a communications standard used by the new meters to talk to utilities' computers.
- The digital "keys" used to decrypt data were stored on more easily accessible access points, rather than on computers deeper inside the utilities' networks.
- Vulnerabilities were found in products from all five of the meter makers studied.
The company is expected to present its findings Tuesday at a conference on infrastructure security.
This post was originally published on Smartplanet.com