Feeds

Crap computers in a crap box: Smart-meter blackouts risk to UK

Sniff a device's wireless, pwn a power plant, warns Brit biz

The Essential Guide to IT Transformation

Vulnerabilities that could switch off the electricity supply

Jones gave further details on how these attacks might be executed and the ramifications for utility providers during a presentation, entitled SCADA, smart meters and enterprise control systems: The next threat, at Infosecurity Europe 2013.

Ross Anderson, professor in security engineering at the University of Cambridge's Computer Laboratory, warned as far back as 2011 that smart metering would introduce a "strategic vulnerability" that might be exploited by hackers to remotely switch off elements of the gas or electricity supply grid. Software errors introduced during an update also pose a risk.

Security researchers at IOActive previously highlighted (PDF, slide deck) flaws in poor authentication, lack of encryption and inadequate authorisation in smart meters, during a research project that looked at early rollouts in the US and Europe.

Smart meters introduce two-way communication between a meter and the central system of a utility, which is absent from older analogue meters. The devices feature sensors so they can monitor and report on the quality of gas and electricity supply, as well as recording unit consumption for billing purposes.

Utilities want to deploy smart meters because the technology will automate meter reading, as well as creating tools to make it easier to control supply at times of high demand. The kit also makes it easier to switch subscribers to higher tariffs in cases where they fail to pay their bills on time.

Encouraged by the government, utilities are planning to roll smart energy meters out to every home in UK by 2019. Mass rollout is due to kick up a gear starting from next year.

In a survey of 1,000 UK consumers, sponsored by infosec firm TripWire, 61.2 per cent said that smart meters would encourage them to use less electricity, and 28.4 per cent voiced the opinion that it would make their electricity bill cheaper. However, 26.8 per cent said the technology would only be used by electricity suppliers as a marketing tool. One in 10 respondents (10.60 per cent) said the devices will capture too much of their personal information.

Similarly, 8.9 per cent of respondents expressed fears that smart meters would be vulnerable to hacking. Tim Erlin, director, product management, security and IT risk strategist at Tripwire, said concerns that the roll-out of smart meter technology, exposing personally identifiable information and requiring additional security and privacy protection, was arguably under-represented in the survey.

A separate poll of 3,000 British consumers, carried out by YouGov for mobile operator O2, discovered that 63 per cent of respondents did not know what a smart meter was. When the concept was explained, respondents felt that greater visibility and control of energy usage in the home (77 per cent) and the introduction of fair pricing via accurate billing (73 per cent) were the top two reasons to favour a smart meter. ®

Technote

* SDR works by capturing radio frequency signals using a high-speed analogue-to-digital converter enabling the direct digitisation of the radio frequency signal. This can then be analysed by a digital signal processor before being converted into output data stream. The user can analyse slices of spectrum, looking for carriers and modulated signals and go on to isolate the preamble and the payload of transmitted information, for instance. Alternatively they can separate out the message headers if they're searching for data streams.

Many SDRs are available but the Universal Software Radio Peripheral is the tool of choice as it allows both reception and transmission. When coupled with open-source software such as GNU Radio, the USRP allows the creation of advanced radio systems. This uses a USB 2.0 interface, a field-programmable gate array, high-speed ADCs and digital-to-analogue converters to generate a sampling and synthesis bandwidth one thousand times greater than that of a PC sound card. This extends the reach of the equipment and enables wideband operation.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Fiendishly complex password app extension ships for iOS 8
Just slip it in, won't hurt a bit, 1Password makers urge devs
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.