In a rush to take advantage of U.S. stimulus money, utilities are quickly deploying thousands of smart meters to homes each day--smart meters that experts say could easily be hacked
"Since there is no federal mandate as to how much security to have in the meters, there aren't the right motivation factors for security to be a major factor," Pollet said. "It's an afterthought."
Nohl has carefully inspected one of the smart meters that has been deployed and was disappointed with what he saw. "We didn't find any of the security measures you would expect in an embedded device with critical-infrastructure relevance," he said. "Prominently missing are signed and encrypted firmware, secure (smart card) chips for key storage, unique cryptographic keys, and physical tamper protection."
Smart meters are being rolled out in a way that provides direct communication channels between each meter and other meters, as well as with customer resource management databases at the utility and even distribution networks, according to Nohl. "If software bugs exist in any of these components--which seems likely for their proprietary nature--a hacker can switch off the power for others, steal private customer data, or cause wide-scale outages by damaging the distribution systems; and all that from the (house) basement."
"We found in certain cases you can actually replace data on the fly, so if the meter says 25 kilowatts was used you can move it to 2.5 kilowatts," said Pollet. "It's possible to sniff and read the data (remotely), replace the data with erroneous data, and we've been able to cause the meters themselves to fail by sending it different types of traffic that cause it to reboot or crash."
Some utilities are creating Web interfaces to the smart-meter system that could allow someone to change billing or take control of a meter over the Internet and then interfere with the grid, said Stuart McClure, general manager of McAfee's risk and compliance unit and head of the McAfee 911 division that is doing research on embedded systems like smart meters. "The bad guys will figure out a way to leverage this."
S. 946: Critical Electric Infrastructure Protection Act of 2009
Stuck in committe!!!!!!!!!!!!!!!!
My question is, looking at the block diagram can a hacker
take over a single meter and send commands back to the
grid thru the powerline modem in these meters?
Is it just a matter of time?
Can a code be sent back up the grid that would
execute a remote disconnect on every meter connected
to that segement of the grid?
What am i missing?
Best Regards
Tom.