Utilities should help hackers hack smart meters

Michael Giberson

I tend to believe that smart meter developers and their customers will devise sufficient protection for smart meters to carry on business with. The smarter of smart meters will not just measure power flowing through the device, in both directions, it will also communicate and perhaps execute instructions sent to it from authorized parties.  Unauthorized access to a meter could be used for various nefarious purposes including the remote shut off of power.

Security won’t be perfect – so expect some bad news along the way – but good enough.  But is will be a dynamic game for a while – a sort of arms race in which existing devices are hacked inspiring security to get better, which will inspire hackers to work harder, and so on.  Eventually, security will be good enough that hackers will find other, more tempting areas for their efforts.

This is all just my conjecture.  How about some news (from the North County Times): “Experts hack new power meters

As California’s utilities roll out millions of “smart meters” in the coming years, they’re creating, for the first time, the possibility that the electricity infrastructure could be hacked through a home, security consultants say.

… Utilities say they have been hardening the smart meters since they began development, but security consultants say they are worried: If criminals cracked the system, they could remotely install a virus that could shut down power for millions of customers.

So could criminals crack the system?

[IOActive security consultant Mike] Davis and his team hacked into smart meters last spring as part of a proof-of-concept they showed off at a Las Vegas security conference last summer.

They reverse engineered meters they bought on eBay and found in trash bins near installation sites. Then they installed a computer virus that would replicate itself across the wireless network and block the utility from each meter as it went.

… But Davis noted that utilities now require secure recycling of old meters, and eBay won’t allow that sort of gear to be sold on the site any longer. Davis said they have done such a good job keeping the meters out of his hands that he hasn’t hacked the most recent meters because he can’t find one through legal means.

If I were head of cybersecurity for a utility (or meter developer), while I’d support the secure recycling of old meter and prefer eBay not resell used meters, I’d also willingly give a meter to any (competent pro-security oriented) hacker wanting to try to hack the meter.  Heck, they should be donating prototypes to local universities and sponsoring hacking competitions.

When hacking smart meters is outlawed, only outlaws will hack smart meters.  Smart meter developers should help the “good guys” do a little hacking, too.

One thought on “Utilities should help hackers hack smart meters

Comments are closed.