A new security hole has been found in utility smart meters:
New electricity meters being rolled out to millions of homes and businesses are riddled with security bugs that could bring down the power grid, according to a security researcher who plans to demonstrate several attacks at a security conference next month.
The so-called smart meters for the first time provide two-way communications between electricity users and the power plants that serve them…There’s just one problem: The newfangled meters needed to make the smart grid work are built on buggy software that’s easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse.
What perhaps adds a more dangerous element to this story is Google’s recent plans to hook into the power grid, via free software that customers run:
In a move to connect the emerging smart energy grid with the Internet, Google on Wednesday announced partnerships with eight national and international energy companies to allow consumers to access data about their energy usage through Google’s PowerMeter gadget.
Google PowerMeter is a software application that can be embedded on the company’s iGoogle personal home pages. It displays data about home energy usage, data provided by the new generation of network-ready smart power meters that are being installed by various utilities around the world.
While the vulnerabilities aren’t related to Google’s software, the fact that they are in this game, using the same free software model that made their other gazillion products popular, means there is a good chance this type of smart metering will take off. Under the guise of “informing the consumer,” the cool factor of monitoring your electricity bills over the net might cause the underlying software risks to be ignored, or pushed to the side.