Feeds

UK.gov: Firms can't fondle your smart meter privates...

...Unless you want them to

Intelligent flash storage arrays

Hack attack threat

In a joint paper, Anderson, and fellow academic Shailendra Fuloria, previously outlined (6-page/119KB PDF) what they believe is a "strategic vulnerability" in how smart metering operates. They said that if hackers were able to break into a "head-end" hub where smart metering data might be collated they could cut the supply of energy across "tens of millions of households".

The reliance on software and applets to deliver smart metering successfully also exposes the technology to risks that those aspects of the systems could be hacked and tampered with, Anderson said. The way the 'keys' to this technology work, and who has access to that information, must be openly scrutinised by as many "eyeballs" as possible prior to being introduced to minimise the risk of attack, he said.

"The introduction of hundreds of millions of these meters in North America and Europe over the next ten years, each containing a remotely commanded off switch, remote software upgrade and complex functionality, creates a shocking vulnerability," Anderson said.

"An attacker who takes over the control facility or who takes over the meters directly could create widespread blackouts; a software bug could do the same," he said. "Regulators such as NIST and Ofgem have started to recognise this problem. There are no agreed solutions as yet ... possible strategies include shared control, as used in nuclear command and control; backup keys as used in Microsoft Windows; rate-limiting mechanisms to bound the scale of an attack; and local-override features to mitigate its effects."

Earlier this year two German researchers claimed that they had intercepted information sent between their smart meter devices and the servers of their energy supplier – German company Discovergy. Because the data was unencrypted the researchers said they were able to analyse the information, which they said was sent at two second intervals, and determine intimate details about their energy consumption.

The researchers said the information could be used to establish details such as when houses are occupied, what appliances were being used and even what TV programme was being shown as a result of the traits revealed in the smart meter data associated with the energy used.

The FBI has also expressed concern about smart metering fraud methods, according to computer security expert Brian Krebs. Krebs has claimed to be in possession of an FBI "cyber intelligence bulletin" that states that hackers have been able to change the settings on smart meters to record lower energy consumption than actually occurred. The FBI has also reported that magnets can be used to prevent meters recording "usage" thereby presenting the opportunity for fraudulent activity, according to Krebs' blog.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Remote control for virtualized desktops

More from The Register

next story
Renewable energy 'simply WON'T WORK': Top Google engineers
Windmills, solar, tidal - all a 'false hope', say Stanford PhDs
Rosetta probot drilling DENIED: Philae has its 'LEG in the AIR'
NOT best position for scientific fulfillment
FORGET the CLIMATE: FATTIES are a MUCH BIGGER problem - study
Fat guy? Drink or smoke? You're worse than a TERRORIST
SEX BEAST SEALS may be egging each other on to ATTACK PENGUINS
Boffin: 'I think the behaviour is increasing in frequency'
HUMAN DNA 'will be FOUND ON MOON' – rocking boffin Brian Cox
Crowdfund plan to stimulate Blighty's space programme
Post-pub nosh neckfiller: The MIGHTY Scotch egg
Off to the boozer? This delicacy might help mitigate the effects
I'M SO SORRY, sobs Rosetta Brit boffin in 'sexist' sexy shirt storm
'He is just being himself' says proud mum of larger-than-life physicist
NASA launches new climate model at SC14
75 days of supercomputing later ...
LIFE, JIM? Comet probot lander found 'ORGANICS' on far-off iceball
That's it for God, then – if Comet 67P has got complex molecules
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.