Feeds

Crap computers in a crap box: Smart-meter blackouts risk to UK

Sniff a device's wireless, pwn a power plant, warns Brit biz

5 things you didn’t know about cloud backup

Vulnerabilities that could switch off the electricity supply

Jones gave further details on how these attacks might be executed and the ramifications for utility providers during a presentation, entitled SCADA, smart meters and enterprise control systems: The next threat, at Infosecurity Europe 2013.

Ross Anderson, professor in security engineering at the University of Cambridge's Computer Laboratory, warned as far back as 2011 that smart metering would introduce a "strategic vulnerability" that might be exploited by hackers to remotely switch off elements of the gas or electricity supply grid. Software errors introduced during an update also pose a risk.

Security researchers at IOActive previously highlighted (PDF, slide deck) flaws in poor authentication, lack of encryption and inadequate authorisation in smart meters, during a research project that looked at early rollouts in the US and Europe.

Smart meters introduce two-way communication between a meter and the central system of a utility, which is absent from older analogue meters. The devices feature sensors so they can monitor and report on the quality of gas and electricity supply, as well as recording unit consumption for billing purposes.

Utilities want to deploy smart meters because the technology will automate meter reading, as well as creating tools to make it easier to control supply at times of high demand. The kit also makes it easier to switch subscribers to higher tariffs in cases where they fail to pay their bills on time.

Encouraged by the government, utilities are planning to roll smart energy meters out to every home in UK by 2019. Mass rollout is due to kick up a gear starting from next year.

In a survey of 1,000 UK consumers, sponsored by infosec firm TripWire, 61.2 per cent said that smart meters would encourage them to use less electricity, and 28.4 per cent voiced the opinion that it would make their electricity bill cheaper. However, 26.8 per cent said the technology would only be used by electricity suppliers as a marketing tool. One in 10 respondents (10.60 per cent) said the devices will capture too much of their personal information.

Similarly, 8.9 per cent of respondents expressed fears that smart meters would be vulnerable to hacking. Tim Erlin, director, product management, security and IT risk strategist at Tripwire, said concerns that the roll-out of smart meter technology, exposing personally identifiable information and requiring additional security and privacy protection, was arguably under-represented in the survey.

A separate poll of 3,000 British consumers, carried out by YouGov for mobile operator O2, discovered that 63 per cent of respondents did not know what a smart meter was. When the concept was explained, respondents felt that greater visibility and control of energy usage in the home (77 per cent) and the introduction of fair pricing via accurate billing (73 per cent) were the top two reasons to favour a smart meter. ®

Technote

* SDR works by capturing radio frequency signals using a high-speed analogue-to-digital converter enabling the direct digitisation of the radio frequency signal. This can then be analysed by a digital signal processor before being converted into output data stream. The user can analyse slices of spectrum, looking for carriers and modulated signals and go on to isolate the preamble and the payload of transmitted information, for instance. Alternatively they can separate out the message headers if they're searching for data streams.

Many SDRs are available but the Universal Software Radio Peripheral is the tool of choice as it allows both reception and transmission. When coupled with open-source software such as GNU Radio, the USRP allows the creation of advanced radio systems. This uses a USB 2.0 interface, a field-programmable gate array, high-speed ADCs and digital-to-analogue converters to generate a sampling and synthesis bandwidth one thousand times greater than that of a PC sound card. This extends the reach of the equipment and enables wideband operation.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.