Millions of Network-connected electricity meters or Smart meters used in Spain are susceptible to cyberattack by hackers due to lack of basic and essential security controls that could put Millions of homes at risk, according to studies carried out by a pair of security researcher.The security vulnerabilities found in the electricity meters could allow an intruder to carry out billing fraud or even shut down electric power to homes and cause blackouts.
Poorly protected credentials inside the devices could let attackers take control over the gadgets, warn the researchers. The utility that deployed the meters is now improving the devices’ security to help protect its network.
The discovery comes as one security expert warns some terror groups may attack critical infrastructure systems.Many utility companies are installing smart meters to help customers monitor and manage their power use and help them be more energy efficient.
Buried inside the onboard software, or firmware, the pair found encryption keys used to scramble all the information that the smart meter shares with “nodes” sitting higher in the power distribution system.Using the keys and the unique identifier associated with each meter it became possible for the researchers to spoof messages being sent from the power-watching device to a utility company.
“We can fool the nodes and send them false data,” said Mr Vidal,independent researcher.
Attackers could use what Mr Vidal and Mr Illera found to under-report energy use or to get someone else to pay their bill by using their ID in messages sent back to the nodes that log usage. With more work it might be possible to find a way to seek out meters and cut off the power they are supplying, they said.
The Smart meters use relatively easy to crack symmetric AES-128 encryption, which was designed to secure communications and prevent tampering with billing systems by fraudsters.
There are three major utility companies in Spain — Endesa, Iberdrola and E.ON and collectively 8 million Smart meters have been installed on over 30 percent of households.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018