Smart grid vulnerability could give hackers free electricity
A cyber security researcher will demonstrate a toolset later this week which allows users to break into so-called “smart meters” that control a structure’s access to the power grid and water utilities, potentially enabling the user to modify the reported volume of services used or even avoid being charged altogether.
Of course, that’s not what the tool is meant for, but power companies are still worried — and for good reason.
Security researcher Spencer McIntyre, with the consulting firm SecureState, wrote that “Termineter” was designed to “test smart meters for vulnerabilities such as energy consumption fraud, network hijacking, and more.” He explained that the very existence of this toolset should spur smart meter makers into improving their security, rather than simply ignoring it and letting hackers steal electricity.
“Many of these vulnerabilities have been highlighted by the media and advisories have been sent out by law enforcement agencies,” he wrote. “This is a major concern for energy companies, as SecureState is seeing an emergence of these types of vulnerabilities that can drastically affect the security landscape.”
McIntyre’s new hack will be demonstrated on Wednesday at the BSides Las Vegas hacker convention. And while stealing power sounds like common hacker fare, his toolset is actually the world’s first to be capable of breaking into a smart meter and modifying its raw data.
But more than just demonstrating the potential for hackers to steal electricity, the emergence of Termineter goes right to the heart of the mountains of work that must be done if President Barack Obama’s vision for a true next-generation “smart grid” is to ever be realized.
That work was called out just last week by President Obama himself, in a Wall Street Journal editorial published last Thursday, in which he warned that hackers could wreak havoc on American infrastructure if the country does not begin taking cyber security more seriously. That means more hackers are needed to develop more tools that help demonstrate and repair — rather than exploit — the vulnerabilities in public infrastructure.
“It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries,” President Obama wrote, officially throwing his support behind a bill called The Cybersecurity Act of 2012,
That bill would create a National Cybersecurity Council and provide ongoing, voluntary incentives to firms like power and water companies, which would have to prove they’re living up to the industry’s best possible security practices in order to receive the inventives. While it would also open up information sharing avenues between corporations and the government, the bill would prohibit military organizations like the National Security Agency from accessing that information.
Though it has been praised by some civil liberties groups for improving on prior cybersecurity legislative efforts, the Obama-supported bill would still create a massive new exception in privacy protections and a fight is still ongoing as to whether there will be safeguards in place to ensure that data is never misused.
Meanwhile, while Washington toils away at the potential politics of future wars, hackers like McIntyre continue to innovate without malice, showing the way forward to a more secure technological future without taking that advantage for themselves.
Photo: Shutterstock.com, all rights reserved.