Buggy smart meters can infect the Smart Grid

June 17, 2009

In a report published June 12th, Register.com's Dan Goodin reports, "The newfangled meters needed to make the smart grid work are built on buggy software that's easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse."

In a report published June 12th, Register.com's Dan Goodin reports, "The newfangled meters needed to make the smart grid work are built on buggy software that's easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse."

Davis will present at the Black Hat Conference next month, and will demonstrate a worm that he has developed that he claims easily infects the current generation of smart meters. "We can switch off hundreds of thousands of homes potentially at the same time," Davis, who has spent the past few months analyzing a half-dozen smart meters, told The Reg. "That starts providing problems that the power company may not be able to gracefully deal with."

For more details read the rest of the article here.

Is this a surprise to anybody? It certainly isn't a surprise to Unfettered. We've been warning and just waiting for a report like this to surface. I've spoken to many functional security experts who believe that the real benefits of smart grid aren't going to come from household smart meters anyway, but from the generation systems and the transmission and distribution systems and interconnecting them properly.

Most of the functional security experts I know won't have a smart meter in their house for any money-- certainly not now.

Eric Byres warned of this 10 yeas ago when he started developing edge device security appliances, like his Tofino device. If we've known that this was probably going to happen for a decade, there's no excuse for the development of smart meters that are penetrable easily and quickly by the script kiddie who lives in the house, or next door, or around the block.

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...