Feeds

UK.gov: Firms can't fondle your smart meter privates...

...Unless you want them to

The Essential Guide to IT Transformation

Hack attack threat

In a joint paper, Anderson, and fellow academic Shailendra Fuloria, previously outlined (6-page/119KB PDF) what they believe is a "strategic vulnerability" in how smart metering operates. They said that if hackers were able to break into a "head-end" hub where smart metering data might be collated they could cut the supply of energy across "tens of millions of households".

The reliance on software and applets to deliver smart metering successfully also exposes the technology to risks that those aspects of the systems could be hacked and tampered with, Anderson said. The way the 'keys' to this technology work, and who has access to that information, must be openly scrutinised by as many "eyeballs" as possible prior to being introduced to minimise the risk of attack, he said.

"The introduction of hundreds of millions of these meters in North America and Europe over the next ten years, each containing a remotely commanded off switch, remote software upgrade and complex functionality, creates a shocking vulnerability," Anderson said.

"An attacker who takes over the control facility or who takes over the meters directly could create widespread blackouts; a software bug could do the same," he said. "Regulators such as NIST and Ofgem have started to recognise this problem. There are no agreed solutions as yet ... possible strategies include shared control, as used in nuclear command and control; backup keys as used in Microsoft Windows; rate-limiting mechanisms to bound the scale of an attack; and local-override features to mitigate its effects."

Earlier this year two German researchers claimed that they had intercepted information sent between their smart meter devices and the servers of their energy supplier – German company Discovergy. Because the data was unencrypted the researchers said they were able to analyse the information, which they said was sent at two second intervals, and determine intimate details about their energy consumption.

The researchers said the information could be used to establish details such as when houses are occupied, what appliances were being used and even what TV programme was being shown as a result of the traits revealed in the smart meter data associated with the energy used.

The FBI has also expressed concern about smart metering fraud methods, according to computer security expert Brian Krebs. Krebs has claimed to be in possession of an FBI "cyber intelligence bulletin" that states that hackers have been able to change the settings on smart meters to record lower energy consumption than actually occurred. The FBI has also reported that magnets can be used to prevent meters recording "usage" thereby presenting the opportunity for fraudulent activity, according to Krebs' blog.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
Man FOUND ON MOON denies lunar alien interface
'The UFO people were very very angry with me' Buzz Aldrin tells Reddit
Would it be BAD if the Amazon rainforest was all FARMS? Well it WAS, once
Used to be all fields round here: Jungle tribesman saying
Boeing to start work on most powerful rocket ... EVER!
NASA okays start of Space Launch System after design review
'BIGGEST BIRD EVER': 21-foot ripsaw-beaked flying HORROR
Fossil avian cruised above sea like toothy ekranoplan
Help us out readers: How would you sniff and store network traffic?
Phase two of our deep desert project needs your wisdom
Boffins urge European Commission to reboot electric brain project
Billion-Euro simulated mind project criticised for narrow thinking
Beer in SPAAAACE! London Pride soars to 28,000m
Sadly, no in-flight footage of audacious stratobooze mission
World Meteorological Organization says climate data is uncool
Weather wonks call for more frequent collation of climate baselines
Going up: Fancy a virtual flight to 30km above the PLANET?
Space boffin rattles tin for immersive Oculus Rift experience
In space no one can hear you scream, but Voyager 1 can hear A ROAR
Boffins now very, very, sure craft is in interstellar space, and it's picking up 'sounds'
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
The Power of One Brief: Top reasons to choose HP BladeSystem
Download this brochure to find five ways HP BladeSystem can optimize your business with the power of one.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.