One researcher shows how your house's power could be shut down remotely, but the threat is only theoretical--for now.
Components of the next-generation smart-energy grid could be hacked in order to change household power settings or to spoof communications with a utility's network, according to a study of three pilot implementations.
The problems were highlighted in a presentation given last week by security researcher Joshua Wright of InGuardians, a consulting firm with many infrastructure companies among its clients. Vulnerabilities discovered by Wright could let attackers remotely connect to a device or to intercept communications with the managing power company.
The report caused a kerfuffle, and InGuardians has refused to disclose further details. However, one expert familiar with the content of Wright's presentation says that it highlights security problems with many devices. "These are fairly common mistakes," says Marcus Sachs, director of the Internet Storm Center, part of the SANS Institute, where Wright presented his research. "Most of the wireless meters are subject to the same vulnerabilities that we saw [in Wi-Fi devices] 10 years ago."
The power industry is in the midst of a massive rollout of smart-grid technologies fueled by $3.4 billion in stimulus funds. By delivering detailed usage information, smart meters promise to allow consumers to control their power usage and to enable power companies to better manage their distribution networks. Nearly 60 million smart meters--covering half of the U.S. households and businesses--are expected to be deployed this year, according to estimates by the Edison Foundation's Institute for Electrical Efficiency.
To help test the infrastructure, InGuardian's Wright created an open-source hacking tool, dubbed KillerBee. This tool lets security researchers test the security of the most popular wireless communications protocol for smart meters, a low-power wireless communications technology called ZigBee. This protocol has a longer range than Bluetooth and is the most popular way of creating a home-area network (HAN).
"It's how your meter--the gateway--will talk to your dryer, your thermostat, and your water heater," says John Shaw, senior vice president of products and technology at Industrial Defender, an infrastructure security company.
Researchers have previously warned that allowing network access to the home opens up a host of security issues. Last year, security firm IOActive found flaws in a smart-meter device that allowed its researchers to insert code into one device and have it spread to others--essentially, injecting a computer worm into a local power network.
The technology could open up all kinds of opportunities for attackers, researchers say.
Regulations, privacy and security concerns, and other issues could hold back developments.
I have posted some comments regarding ZigBee here: http://bit.ly/bJmC80
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Netizen
131 Comments
Home backup power is now essential
This article underscores the security need for home backup power. Thieves could cut power to a neighborhood in order to loot residences. By having a UPS backup system for essential utilities (perimeter lighting, medical life support devices, communications, food storage units, and other devices deemed essential by the homeowner) homeowners are protected from deliberate or natural power interruptions caused by smart devices connected to smart grids.
This is a good excuse for homeowners to consider installing full "off the grid" energy solutions (from solar or other green energy sources), using their public utility as a backup (rather than the other way around).
Reply