Feeds

Crap computers in a crap box: Smart-meter blackouts risk to UK

Sniff a device's wireless, pwn a power plant, warns Brit biz

Reducing security risks from open source software

Vulnerabilities that could switch off the electricity supply

Jones gave further details on how these attacks might be executed and the ramifications for utility providers during a presentation, entitled SCADA, smart meters and enterprise control systems: The next threat, at Infosecurity Europe 2013.

Ross Anderson, professor in security engineering at the University of Cambridge's Computer Laboratory, warned as far back as 2011 that smart metering would introduce a "strategic vulnerability" that might be exploited by hackers to remotely switch off elements of the gas or electricity supply grid. Software errors introduced during an update also pose a risk.

Security researchers at IOActive previously highlighted (PDF, slide deck) flaws in poor authentication, lack of encryption and inadequate authorisation in smart meters, during a research project that looked at early rollouts in the US and Europe.

Smart meters introduce two-way communication between a meter and the central system of a utility, which is absent from older analogue meters. The devices feature sensors so they can monitor and report on the quality of gas and electricity supply, as well as recording unit consumption for billing purposes.

Utilities want to deploy smart meters because the technology will automate meter reading, as well as creating tools to make it easier to control supply at times of high demand. The kit also makes it easier to switch subscribers to higher tariffs in cases where they fail to pay their bills on time.

Encouraged by the government, utilities are planning to roll smart energy meters out to every home in UK by 2019. Mass rollout is due to kick up a gear starting from next year.

In a survey of 1,000 UK consumers, sponsored by infosec firm TripWire, 61.2 per cent said that smart meters would encourage them to use less electricity, and 28.4 per cent voiced the opinion that it would make their electricity bill cheaper. However, 26.8 per cent said the technology would only be used by electricity suppliers as a marketing tool. One in 10 respondents (10.60 per cent) said the devices will capture too much of their personal information.

Similarly, 8.9 per cent of respondents expressed fears that smart meters would be vulnerable to hacking. Tim Erlin, director, product management, security and IT risk strategist at Tripwire, said concerns that the roll-out of smart meter technology, exposing personally identifiable information and requiring additional security and privacy protection, was arguably under-represented in the survey.

A separate poll of 3,000 British consumers, carried out by YouGov for mobile operator O2, discovered that 63 per cent of respondents did not know what a smart meter was. When the concept was explained, respondents felt that greater visibility and control of energy usage in the home (77 per cent) and the introduction of fair pricing via accurate billing (73 per cent) were the top two reasons to favour a smart meter. ®

Technote

* SDR works by capturing radio frequency signals using a high-speed analogue-to-digital converter enabling the direct digitisation of the radio frequency signal. This can then be analysed by a digital signal processor before being converted into output data stream. The user can analyse slices of spectrum, looking for carriers and modulated signals and go on to isolate the preamble and the payload of transmitted information, for instance. Alternatively they can separate out the message headers if they're searching for data streams.

Many SDRs are available but the Universal Software Radio Peripheral is the tool of choice as it allows both reception and transmission. When coupled with open-source software such as GNU Radio, the USRP allows the creation of advanced radio systems. This uses a USB 2.0 interface, a field-programmable gate array, high-speed ADCs and digital-to-analogue converters to generate a sampling and synthesis bandwidth one thousand times greater than that of a PC sound card. This extends the reach of the equipment and enables wideband operation.

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.