'

Report: Smart meters have security holes that could allow hackers access to grid

Smart meters used to deliver electricity more efficiently have flaws that could let hackers tamper with the power grid, according to a new report.

Smart meters used to deliver electricity more efficiently have flaws that could let hackers tamper with the power grid, according to a new report.

According to security firm InGuardians, a thief could tamper with the system by simply stealing a smart meter -- which can be found outside a home -- and reprogramming it.

Similarly, an attacker could sit near a home or business and simply wirelessly hack the meter from a laptop.

At the least, it could mean a hacker could impersonate your meter and boost your power bill.

At the most, it could mean a compromised power grid -- including the ability for a hacker to remotely turn off power to a location.

The firm was hired by three utilities to study their smart meters' resistance to attack. What those companies discovered were several flaws that the utilities would not have even been able to detect had they been exploited.

More than 8 million smart meters have been deployed by electric utilities in the United States, with some 60 million slated to come online by 2020, according to The Edison Foundation.

That's not the only way to hack a smart meter, either: IOActive researcher Mike Davis demonstrated last year how a computer worm could spread among smart meters in a power grid, allowing hackers control of the devices.

Suddenly, it seems the U.S. Department of Energy needs to get real cozy with the Department of Defense.

A few more details about the discovered flaws:

  • One was a weakness in a communications standard used by the new meters to talk to utilities' computers.
  • The digital "keys" used to decrypt data were stored on more easily accessible access points, rather than on computers deeper inside the utilities' networks.
  • Vulnerabilities were found in products from all five of the meter makers studied.

The company is expected to present its findings Tuesday at a conference on infrastructure security.

Want to learn more? Read the company's attack methodology (.pdf) and its presentation (.pdf) on the topic, Advanced Metering Infrastructure (AMI).

[via Associated Press]

This post was originally published on Smartplanet.com