Feeds

FBI frets about dumb security in smart meters

Lax security costs utilities plenty

Secure remote control for conventional and virtual desktops

The FBI is seeing increasing hacks on electricity smart meters, with most attacks designed to let consumers get power without paying for it.

Krebs on Security claims to have an FBI intelligence bulletin that outlines the agency’s growing concern at smart meter hacks – and which along the way highlights the cavalier attitude smart meter designers have to security.

The FBI bulletin, Brian Krebs says, enumerates a variety of approaches to getting free power out of smart meters: at the sophisticated end, the attacker has build a DIY optical interface to connect to the device and modify its software. At the “who could be so stupid” end of the hacks, the Feds say some smart meters can be fooled into recording the wrong power usage by placing a magnet on top.

“This method is being used by some customers to disable the meter at night when air-conditioning units are operational. The magnets are removed during working hours when the customer is not home, and the meter might be inspected by a technician from the power company,” the bulletin states.

Krebs says the alert he has obtained was issued by the FBI after it investigated incidents of power theft in Puerto Rico assessed as worth as much as $US400 million annually. While it was the first time the Feds got involved in the issue, the bulletin notes that “The FBI assesses with medium confidence that as Smart Grid use continues to spread … this type of fraud will also spread because of the ease of intrusion and the economic benefit to both the hacker and the electric customer”.

Smart meter security has been the topic both of legitimate concerns, at the same time feeding into a growing anti-smart-meter movement in many countries. Earlier this year, German researchers demonstrated serious privacy flaws in a smart meter scheme that allowed attackers to intercept meter data and determine householders’ TV viewing habits and whether or not they were home.

As far back as 2010, researchers in the UK were warning that smart meter security was so poor it offered attackers a remote “kill switch” they could use against electricity consumers. ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.