X

Researchers find security holes in smart meters

Utilities hire a security consultancy, which finds a number of vulnerabilities in smart meters that could let a criminal remotely control a meter.

Martin LaMonica Former Staff writer, CNET News
Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT publication InfoWorld.
See full bio
Martin LaMonica
2 min read

A security company has found holes in two-way meters that could allow a person with a laptop to tap into the communications between people's homes and utility companies.

Security consulting company InGuardians was hired by three utilities to test the vulnerability of smart meters from five manufacturers and the systems used to manage them, according to an Associated Press report.

The results were that smart meters, which create a network link between customers and utilities, have a number of potential vulnerabilities that could lead to scenarios such as a criminal remotely turning someone's power on or off, according to the AP report.

The communications standard used by smart meters, in particular, was an area that was a cause for concern, said Joshua Wright, a senior security analyst with InGuardians. If criminals are able to tap into the network, they could potentially doctor another person's bills or even stage bigger attacks on the grid, according to the report.

InGuardians has published a number of research papers on vulnerabilities in power grid security. They cover topics such as the security of Zigbee, the wireless standard used by some smart meters for in-home communications, as well as an "attack methodology" for two-way meters.

Studying the security vulnerabilities of the power infrastructure has become more common as efforts to modernize the electric grid with digital communications take hold around the world. Security company IOActive, for example, published a report last year showing that smart meters could be manipulatedto give a criminal control over many meters.

There have also been public disclosures of attempted cyberattacks on the U.S. power grid.

Security researchers have said that smart-grid technologies need to have security designed into them from ground up. Right now, the National Institute of Standards and Technology (NIST) is leading an effort in the U.S. to agree on a number of smart-grid standards, with security being one of the high-priority items.

SANS Institute, a security research and training organization, has invited InGuardians' Wright to speak at a conference on security and "critical infrastructure" to underscore the importance of smart-grid security, according to the AP report.