In this year’s economic stimulus package, the United States government allocated $4.5 billion to developing technologies for the “smart grid,” a revamped delivery system for electricity. Advocates envision a digital system that can make energy-saving adjustments to power flow. Several million networked meters have already been distributed in the United States.
But critics say that rushing to roll out this system could give rise to security problems. At a recent conference, Mike Davis, a senior security consultant at the Seattle-based research company IOActive, gave a presentation on a proof-of-concept cyber attack that could potentially allow an attacker to shut off large numbers of meters remotely. Researchers say now is the time to test the smart grid and get security right.
The current generation of smart meters, Davis says, “is probably not mature enough” for some of the new network features. He has not publicly released brand names of meters he has tested. This page shows a sample smart-meter interior.
A. Attacking Memory
To hack into a smart meter through hardware, an attacker first needs to determine the programming that runs it, says Travis Goodspeed, an independent security researcher who specializes in wireless sensor networks. If the meter hasn’t been built with protective features, a hacker can use syringes to insert a needle into each side of the device’s memory chip. The needle serves as a probe to intercept the electrical signals in the memory chip. By analyzing these signals, the hacker can deduce the device’s programming. Even if the meter includes security features, he says, it may be possible to extract the information using customized tools.
B. Digital Radio
The smart meter’s two-way radio chip allows the device to be read remotely and to receive commands over the network. The software in the chip contains security codes that an attacker who’s cracked the meter’s programming can use to get on the network and begin issuing commands. Goodspeed has shown that the codes can be extracted using syringes in a process similar to the attack on the memory.
Accessing the Meter
One way to hack into a smart meter is through its wireless networking device, says David Baker, IOActive’s director of services. An attacker can use a software radio, which can be programmed to emulate a variety of communications devices, to listen in on wireless communications with the network and deduce over time how to communicate with the meters. Another method, Baker says, is to attack the hardware. An attacker could steal a meter from the side of a house and reverse-engineer it. This method, he says, while inexpensive, does require a good knowledge of integrated circuits.
Spreading Malware to the Network
With access to one smart meter’s programming and codes, Baker says, someone can communicate with all the meters of the same brand that are connected to the network. To demonstrate his attack, Davis crafted a piece of malware that could self-replicate to other meters, allowing an attacker to shut them down remotely. In simulations, Davis showed that if his worm were released in an area where all the houses were equipped with the same brand of meter, the worm could spread to 15,000 homes in the space of 24 hours.
Measuring Electrical Usage
At the heart of a smart meter are the sensors that measure energy usage. Unscrupulous individuals have long tried to save money on their electric bills by interfering with a meter’s ability to accurately report how much energy has been consumed. That type of fraud may still be possible on a smart meter, though many of the devices are designed to protect against the mechanical methods traditionally used.
Photo Courtesy of Mike Davis