Smart devices are growing at an exponential pace with the increase in connecting devices embedded in cars, retail systems, refrigerators, televisions and countless other things people use in their everyday life, but security and privacy are the key issues for such applications, which still face some enormous number of challenges.
Millions of Network-connected electricity meters or Smart meters used in Spain are susceptible to cyberattack by hackers due to lack of basic and essential security controls that could put Millions of homes at risk, according to studies carried out by a pair of security researcher.
HACKERS TO CAUSE BLACKOUT AND BILL FRAUD
The security vulnerabilities found in the electricity meters could allow an intruder to carry out billing fraud or even shut down electric power to homes and cause blackouts.
Poorly protected credentials inside the devices could let attackers take control over the gadgets, warn the researchers. The utility that deployed the meters is now improving the devices' security to help protect its network.
During an interview on Monday, the security researchers, Javier Vazquez Vidal and Alberto Garcia Illera, said the vulnerability affects smart meters installed by a Spanish utility company, the one on which the Spanish government relied in order to improve national energy efficiency.
The research carried out by the duo researchers will soon be presented at Black Hat Europe hacking conference in Amsterdam next week. The duo will explain on how they reverse engineered smart meters and found blatant security weaknesses that allowed them to commandeer the devices to shut down power or perform electricity usage fraud over the power line communications network.
SMART METER'S REPROGRAMMABLE MEMORY RUNS FLAWED CODE
The Vulnerability resides in the memory chips of the smart meters, which are reprogrammable and contain flawed code that could be exploited to remotely shut down power supplies to individual households, tamper meter readings, transfer meter readings to other customers and insert "network worms" that could leave millions of homes without power causing widespread blackouts.
Though the researchers will not provide any detail explanation on what they actually did, until the problems are fixed by the Smart meter vendor. "We are not releasing the exact details; we are not going to say how we did this," Garcia Illera, a security expert involved in the smart meter research, told Reuters. "This issue has to be fixed."
WEAK ENCRYPTION USED
According to the two researchers, the Smart meters use relatively easy to crack symmetric AES-128 encryption, which was designed to secure communications and prevent tampering with billing systems by fraudsters.
There are three major utility companies in Spain — Endesa, Iberdrola and E.ON and collectively 8 million Smart meters have been installed on over 30 percent of households. However, the two haven't yet disclosed the specific smart meter manufacturer at this time.
The duo said they could take full control of the meter box, switch its unique ID to impersonate other customer boxes or turn the meter itself into a weapon for launching attacks against the power network.
"Oh wait? We can do this? We were really scared," said Vazquez Vidal, another security expert involved in the smart meter research. "We started thinking about the impact this could have. What happens if someone wants to attack an entire country?" he said.
Internet of Things (IoTs) promise to make life easier in countless ways, but as with any technology seeing an upswing, it's to be expected that there will be associated security issues and challenges and this was what happened with the Smart meters in Spain.