Security Firm Reveals Smart Meters’ Vulnerability

Wednesday, 31 March 2010 09:29

0 Comments

According to an AP report, smart meters are vulnerable to hackers or other cyber attacks. Security firm InGuardians Inc., made that determination after being hired by three utilities to test smart meters’ security. Among the possible scenarios is remotely turning off a household’s power, either by reprogramming the actual meters or wirelessly by using a laptop.

Senior analyst Joshua Wright said the unnamed utilities who commissioned the test have already done initial deployments of smart meters and while there is no evidence the security flaws have been exploited, it’s possible the utility could be unaware of any breach. InGuardians reported it is working with the utilities to fix the problems.

Wright termed some of the security flaws discovered “egregious. Even though these protocols were designed recently, they exhibit security failures we’ve known about for the past 10 years.” He added that InGuardians found vulnerabilities in a communications standard used by the new meters to “talk” to utilities’ computers, enabling hackers to break into meters remotely. In addition to shutting down a customer’s power remotely, it would also be possible to reduce their own bill or overcharge others’. In a worse case scenario, a hacker could launch an attack on the grid itself.

The very communication network advances that make smart meters so valuable in establishing a smart grid are what make the meters vulnerable to attack. Not many public investigations into smart meter security have been conducted, mostly because the technology is still emerging.

Ed Legge, spokesman for Edison Electric Institute, told AP, “We know that automation will bring new vulnerabilities, and our task - which we tackle on a daily basis - is making sure the system is secure.”

Wright said the vulnerabilities found in the meters were once common in wireless Internet networking equipment, until security measures improved in that platform. One example cited was the way digital keys required to unlock encryption were stored on data-routing equipment instead of on computers within the utilities’ networks. “That lesson seems to be lost on these meter vendors,” he told AP, which speaks noted speaks to the “relative immaturity” of the meter technology.