“If you could get that meter to talk to its neighbors and those to talk to their neighbors, you could conceptually tell them to turn off and cause a fairly broad power outage,” Shaw says.
The ZigBee Alliance, which oversees the protocol, has submitted its specification for smart-grid-specific communications to three separate security reviews, according to Bob Heile, the group’s chairman. “What comes back is that [the specification] is okay, but there are always suggestions to make it better,” Heile says. “We always implement those suggestions.”
Using KillerBee, Wright found that some ZigBee devices exchange encryption keys in the open, allowing an eavesdropper to grab the information needed to clone a device, the researcher stated in a presentation given late last year at ToorCon, a hacking conference.
“He developed a suite of tools that allows (hackers) to do what they can do in the wired world,” says the SANS Institute’s Sachs. “If you have a radio that can receive ZigBee, then you can use these same tools.”
Despite the latest research report, the threat remains theoretical for now. Smart meters are not yet attached to most households, device manufacturers are taking security more seriously, and utilities are testing their networks for vulnerabilities, says Industrial Defender’s Shaw. Overall, the manufacturers and utilities have become better at talking to security researchers, he says.
“Yes, there are vulnerabilities there, but this is more of a public relations issue and a nuisance issue than a threat to the power infrastructure,” Shaw says. He points to an industrywide agreement on a single process for upgrading software on the devices as a sign of progress.
David Baker, director of services for IOActive, another company that counts power companies and device manufacturers among its clients, also says that the industry as a whole is making progress. “The utilities are acutely aware of the issues and are trying their damnedest to fix the problems.” Baker says. “It is getting really, really difficult to find these holes now.”