Smart Meter Hack Shuts Off The Lights

  /     /     /  
Publicated : 22/11/2024   Category : security


Smart Meter Hack Shuts Off The Lights


European researchers will reveal major security weaknesses in smart meters that could allow an attacker to order a power blackout.



A widely deployed smart meter device can be programmed to cause a power blackout or commit power usage fraud.
Researchers Javier Vazquez Vidal and Alberto Garcia Illera will reveal this month at
Black Hat Europe in Amsterdam
how they reverse engineered smart meters and found blatant security weaknesses that allowed them to commandeer the devices to shut down power or perform electricity usage fraud over the power line communications network. The researchers arent disclosing the specific smart meter manufacturer at this time -- they havent yet disclosed anything to the vendor in question, either. They have hinted heavily that its a brand installed broadly in Spain.
The smart meter device Vazquez Vidal and Garcia Illera tested stores the same pair of symmetric AES-128 encryption keys inside every such device. An attacker who lifted these keys would be able to send commands -- including an order to shut down power -- directly to the smart meter. The microchip inside the device contains the readable keys, the researchers say.
The device is not properly secured, Vazquez Vidal says. Once youve got the [encryption] keys and know the hardware, you can have full control of the network in a really big area… to turn off and on the lights remotely, and you could know power consumption in a house [to determine] if someone is in the house at that time.
With the encryption keys in hand, an attacker could easily sniff the data or inject his own commands into the device or devices, he says. You didnt need any tools to trigger the vulnerabilities we found.
Garcia Illera says he and Vazquez Vidal basically cracked open a couple of the smart meter devices and reverse engineered the hardware. There were very scary things we found. You can practically turn the lights off in a city or neighborhood with these flaws.
They also discovered it was simple to spoof the identifier code on each device. So a malicious customer could spoof the identifier code of a neighbors smart meter so that his power consumption would appear to be coming from his neighbors meter. The neighbor then would be billed for that power usage.
You just need to scan [or ping] the network for meters that are close to yours, and once you find a valid response, you just use that ID, says Vazquez Vidal.
There are two ways an attacker could control power delivery within a one-kilometer radius. One would be to access one meter and use it as an entry point for the network, Vazquez Vidal says. The second one would be to build a custom device that could be plugged anywhere, as long as the wires would not be too far from a meter, and use it to inject the commands in the network.
The researchers emphasize that they used their own internal network of smart meters, not the smart grid, for their testing. They used four meters to recreate a power grid network without touching the real one. We are 99% sure [these attacks] would work in the real world, Garcia Illera says.
The really bad news is that theres nothing smart meter customers can do to defend against an attack.
They cannot even choose not to have them at their homes. The only ones able to solve this situation are the electrical companies who are placing them, Vazquez Vidal says. Since we do not own the meters that we have at home -- they are rented -- we cannot do anything about it… Besides, it could be considered [by the power company] as manipulation of the devices.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Smart Meter Hack Shuts Off The Lights