Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Components of the next-generation smart-energy grid could be hacked in order to change household power settings or to spoof communications with a utility’s network, according to a study of three pilot implementations.

The problems were highlighted in a presentation given last week by security researcher Joshua Wright of InGuardians, a consulting firm with many infrastructure companies among its clients. Vulnerabilities discovered by Wright could let attackers remotely connect to a device or to intercept communications with the managing power company.

The report caused a kerfuffle, and InGuardians has refused to disclose further details. However, one expert familiar with the content of Wright’s presentation says that it highlights security problems with many devices. “These are fairly common mistakes,” says Marcus Sachs, director of the Internet Storm Center, part of the SANS Institute, where Wright presented his research. “Most of the wireless meters are subject to the same vulnerabilities that we saw [in Wi-Fi devices] 10 years ago.”

The power industry is in the midst of a massive rollout of smart-grid technologies fueled by $3.4 billion in stimulus funds. By delivering detailed usage information, smart meters promise to allow consumers to control their power usage and to enable power companies to better manage their distribution networks. Nearly 60 million smart meters–covering half of the U.S. households and businesses–are expected to be deployed this year, according to estimates by the Edison Foundation’s Institute for Electrical Efficiency.

To help test the infrastructure, InGuardian’s Wright created an open-source hacking tool, dubbed KillerBee. This tool lets security researchers test the security of the most popular wireless communications protocol for smart meters, a low-power wireless communications technology called ZigBee. This protocol has a longer range than Bluetooth and is the most popular way of creating a home-area network (HAN).

“It’s how your meter–the gateway–will talk to your dryer, your thermostat, and your water heater,” says John Shaw, senior vice president of products and technology at Industrial Defender, an infrastructure security company.

Researchers have previously warned that allowing network access to the home opens up a host of security issues. Last year, security firm IOActive found flaws in a smart-meter device that allowed its researchers to insert code into one device and have it spread to others–essentially, injecting a computer worm into a local power network.

Gain the insight you need on energy at EmTech MIT.

Register today

2 comments. Share your thoughts »

Tagged: Communications, Energy, energy, security, renewable energy, smart grid, hacking

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »