Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

“If you could get that meter to talk to its neighbors and those to talk to their neighbors, you could conceptually tell them to turn off and cause a fairly broad power outage,” Shaw says.

The ZigBee Alliance, which oversees the protocol, has submitted its specification for smart-grid-specific communications to three separate security reviews, according to Bob Heile, the group’s chairman. “What comes back is that [the specification] is okay, but there are always suggestions to make it better,” Heile says. “We always implement those suggestions.”

Using KillerBee, Wright found that some ZigBee devices exchange encryption keys in the open, allowing an eavesdropper to grab the information needed to clone a device, the researcher stated in a presentation given late last year at ToorCon, a hacking conference.

“He developed a suite of tools that allows (hackers) to do what they can do in the wired world,” says the SANS Institute’s Sachs. “If you have a radio that can receive ZigBee, then you can use these same tools.”

Despite the latest research report, the threat remains theoretical for now. Smart meters are not yet attached to most households, device manufacturers are taking security more seriously, and utilities are testing their networks for vulnerabilities, says Industrial Defender’s Shaw. Overall, the manufacturers and utilities have become better at talking to security researchers, he says.

“Yes, there are vulnerabilities there, but this is more of a public relations issue and a nuisance issue than a threat to the power infrastructure,” Shaw says. He points to an industrywide agreement on a single process for upgrading software on the devices as a sign of progress.

David Baker, director of services for IOActive, another company that counts power companies and device manufacturers among its clients, also says that the industry as a whole is making progress. “The utilities are acutely aware of the issues and are trying their damnedest to fix the problems.” Baker says. “It is getting really, really difficult to find these holes now.”

2 comments. Share your thoughts »

Tagged: Energy, Communications, energy, security, renewable energy, smart grid, hacking

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me