Feeds

FBI frets about dumb security in smart meters

Lax security costs utilities plenty

The essential guide to IT transformation

The FBI is seeing increasing hacks on electricity smart meters, with most attacks designed to let consumers get power without paying for it.

Krebs on Security claims to have an FBI intelligence bulletin that outlines the agency’s growing concern at smart meter hacks – and which along the way highlights the cavalier attitude smart meter designers have to security.

The FBI bulletin, Brian Krebs says, enumerates a variety of approaches to getting free power out of smart meters: at the sophisticated end, the attacker has build a DIY optical interface to connect to the device and modify its software. At the “who could be so stupid” end of the hacks, the Feds say some smart meters can be fooled into recording the wrong power usage by placing a magnet on top.

“This method is being used by some customers to disable the meter at night when air-conditioning units are operational. The magnets are removed during working hours when the customer is not home, and the meter might be inspected by a technician from the power company,” the bulletin states.

Krebs says the alert he has obtained was issued by the FBI after it investigated incidents of power theft in Puerto Rico assessed as worth as much as $US400 million annually. While it was the first time the Feds got involved in the issue, the bulletin notes that “The FBI assesses with medium confidence that as Smart Grid use continues to spread … this type of fraud will also spread because of the ease of intrusion and the economic benefit to both the hacker and the electric customer”.

Smart meter security has been the topic both of legitimate concerns, at the same time feeding into a growing anti-smart-meter movement in many countries. Earlier this year, German researchers demonstrated serious privacy flaws in a smart meter scheme that allowed attackers to intercept meter data and determine householders’ TV viewing habits and whether or not they were home.

As far back as 2010, researchers in the UK were warning that smart meter security was so poor it offered attackers a remote “kill switch” they could use against electricity consumers. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?