Feeds

FBI frets about dumb security in smart meters

Lax security costs utilities plenty

Security for virtualized datacentres

The FBI is seeing increasing hacks on electricity smart meters, with most attacks designed to let consumers get power without paying for it.

Krebs on Security claims to have an FBI intelligence bulletin that outlines the agency’s growing concern at smart meter hacks – and which along the way highlights the cavalier attitude smart meter designers have to security.

The FBI bulletin, Brian Krebs says, enumerates a variety of approaches to getting free power out of smart meters: at the sophisticated end, the attacker has build a DIY optical interface to connect to the device and modify its software. At the “who could be so stupid” end of the hacks, the Feds say some smart meters can be fooled into recording the wrong power usage by placing a magnet on top.

“This method is being used by some customers to disable the meter at night when air-conditioning units are operational. The magnets are removed during working hours when the customer is not home, and the meter might be inspected by a technician from the power company,” the bulletin states.

Krebs says the alert he has obtained was issued by the FBI after it investigated incidents of power theft in Puerto Rico assessed as worth as much as $US400 million annually. While it was the first time the Feds got involved in the issue, the bulletin notes that “The FBI assesses with medium confidence that as Smart Grid use continues to spread … this type of fraud will also spread because of the ease of intrusion and the economic benefit to both the hacker and the electric customer”.

Smart meter security has been the topic both of legitimate concerns, at the same time feeding into a growing anti-smart-meter movement in many countries. Earlier this year, German researchers demonstrated serious privacy flaws in a smart meter scheme that allowed attackers to intercept meter data and determine householders’ TV viewing habits and whether or not they were home.

As far back as 2010, researchers in the UK were warning that smart meter security was so poor it offered attackers a remote “kill switch” they could use against electricity consumers. ®

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.