We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Sustainable Energy

Hacking the Smart Grid

One researcher shows how your house’s power could be shut down remotely, but the threat is only theoretical–for now.

Components of the next-generation smart-energy grid could be hacked in order to change household power settings or to spoof communications with a utility’s network, according to a study of three pilot implementations.

The problems were highlighted in a presentation given last week by security researcher Joshua Wright of InGuardians, a consulting firm with many infrastructure companies among its clients. Vulnerabilities discovered by Wright could let attackers remotely connect to a device or to intercept communications with the managing power company.

The report caused a kerfuffle, and InGuardians has refused to disclose further details. However, one expert familiar with the content of Wright’s presentation says that it highlights security problems with many devices. “These are fairly common mistakes,” says Marcus Sachs, director of the Internet Storm Center, part of the SANS Institute, where Wright presented his research. “Most of the wireless meters are subject to the same vulnerabilities that we saw [in Wi-Fi devices] 10 years ago.”

The power industry is in the midst of a massive rollout of smart-grid technologies fueled by $3.4 billion in stimulus funds. By delivering detailed usage information, smart meters promise to allow consumers to control their power usage and to enable power companies to better manage their distribution networks. Nearly 60 million smart meters–covering half of the U.S. households and businesses–are expected to be deployed this year, according to estimates by the Edison Foundation’s Institute for Electrical Efficiency.

To help test the infrastructure, InGuardian’s Wright created an open-source hacking tool, dubbed KillerBee. This tool lets security researchers test the security of the most popular wireless communications protocol for smart meters, a low-power wireless communications technology called ZigBee. This protocol has a longer range than Bluetooth and is the most popular way of creating a home-area network (HAN).

“It’s how your meter–the gateway–will talk to your dryer, your thermostat, and your water heater,” says John Shaw, senior vice president of products and technology at Industrial Defender, an infrastructure security company.

Researchers have previously warned that allowing network access to the home opens up a host of security issues. Last year, security firm IOActive found flaws in a smart-meter device that allowed its researchers to insert code into one device and have it spread to others–essentially, injecting a computer worm into a local power network.

“If you could get that meter to talk to its neighbors and those to talk to their neighbors, you could conceptually tell them to turn off and cause a fairly broad power outage,” Shaw says.

The ZigBee Alliance, which oversees the protocol, has submitted its specification for smart-grid-specific communications to three separate security reviews, according to Bob Heile, the group’s chairman. “What comes back is that [the specification] is okay, but there are always suggestions to make it better,” Heile says. “We always implement those suggestions.”

Using KillerBee, Wright found that some ZigBee devices exchange encryption keys in the open, allowing an eavesdropper to grab the information needed to clone a device, the researcher stated in a presentation given late last year at ToorCon, a hacking conference.

“He developed a suite of tools that allows (hackers) to do what they can do in the wired world,” says the SANS Institute’s Sachs. “If you have a radio that can receive ZigBee, then you can use these same tools.”

Despite the latest research report, the threat remains theoretical for now. Smart meters are not yet attached to most households, device manufacturers are taking security more seriously, and utilities are testing their networks for vulnerabilities, says Industrial Defender’s Shaw. Overall, the manufacturers and utilities have become better at talking to security researchers, he says.

“Yes, there are vulnerabilities there, but this is more of a public relations issue and a nuisance issue than a threat to the power infrastructure,” Shaw says. He points to an industrywide agreement on a single process for upgrading software on the devices as a sign of progress.

David Baker, director of services for IOActive, another company that counts power companies and device manufacturers among its clients, also says that the industry as a whole is making progress. “The utilities are acutely aware of the issues and are trying their damnedest to fix the problems.” Baker says. “It is getting really, really difficult to find these holes now.”

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.
More from Sustainable Energy

Can we sustainably provide food, water, and energy to a growing population during a climate crisis?

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.