Experts fear hacking of new smart meters

CALIFORNIA As California's utilities roll out millions of "smart meters" in the coming years, they're creating, for the first time, the possibility that the electricity infrastructure could be hacked through a home, security consultants say.

With San Diego Gas & Electric Co. and Southern California Edison installing 7.3 million smart meters upgrading their entire customer base they're essentially attaching small computers to each house, each equipped with wireless communications back to the utilities.

Utilities say they have been hardening the smart meters since they began development, but security consultants say they are worried: If criminals cracked the system, they could remotely install a virus that could shut down power for millions of customers.

The new smart meters will have a host of capabilities: They will credit homeowners who produce their own electricity via solar cells or wind turbines, be able to wirelessly communicate data to the utility and let utilities turn off the power remotely, among other functions that could be added.

"Were it telemetry only, then the only compromise is privacy," said Mike Davis, senior security consultant for the security service IOActive. "When you add remote disconnect, then you increase the attractiveness of the meter as a target."

Davis and his team hacked into smart meters last spring as part of a proof-of-concept they showed off at a Las Vegas security conference last summer.

They reverse engineered meters they bought on eBay and found in trash bins near installation sites. Then they installed a computer virus that would replicate itself across the wireless network and block the utility from each meter as it went.

Representatives from Edison and SDG&E said that the demonstration didn't change their work at all; that they've been working on security since they started development three years ago.

But Davis noted that utilities now require secure recycling of old meters, and eBay won't allow that sort of gear to be sold on the site any longer. Davis said they have done such a good job keeping the meters out of his hands that he hasn't hacked the most recent meters because he can't find one through legal means.

The demonstration may have also driven the federal government to create standards for smart meters in the previously unregulated smart meter arena. The National Institute of Standards and Technology, a branch of the Department of Commerce, released a draft of standards in September.

"Our security complies with the emerging smart grid standards in NIST," said Paula Campbell, director of the Edison Smart Connect Program.

"There's unique encryption, all designed with the goal in mind of minimizing the vulnerabilities."

The encryption would apply primarily to over-the-air communications from the devices. In theory, a criminal could sit in a car up to a mile away from a site and attempt to hack the WiFi signal of the devices.

Baker said that would be pretty hard.

"It's called security in depth," Baker said. "The old technology is there's one key that could open every door in the neighborhood. In the systems employed today, you need a different key for every room in your house."

Alternatively, a hacker could just try to wire directly into a meter.

All the devices will include a detector that sends an alert to the utility if the meter is shaken, removed or even if the front cover is taken off.

"How you respond to that, isolate that, control that in an organized fashion, it's part of our overall security program," said Chris Baker, chief information officer for SDG&E.

Davis, though, said he thinks the utilities are just buying a product, and it's the manufacturers who are rushing to market.

Itron Inc., the Washington-based supplier of smart meters to both Edison and SDG&E, pooh-poohed Davis' demonstration this summer.

"We believe our implementation is very secure and cannot be subjected to the kind of attacks shown by IOActive in their demonstration of unsecured equipment," company spokeswoman Kim Papich said in an e-mailed statement.

In a separate statement, Itron said it hired outside companies to test their systems. Both SDG&E and Edison said they also had contracted with third parties to conduct "penetration tests," in which security professionals search for holes in the security.

Davis said he is pleased that there is third-party testing, but he is still worried about creating a monoculture of devices. Because all the smart meters installed by SDG&E and Edison will be made by the same company and use the same software, they're only as strong or as weak as any one unit.

"If the attacker finds the vulnerability in one, the entire network is vulnerable," he said. "That's a catastrophic failure."

iStock Analyst

Electricity News
Product Info Centres
Electrical Transformers
Electrical Test Equipment
Electrical Safety/Arc Flash
Electrical Safety Forum
Arc Flash Clothing
Renewable Energy
Alternative Energy
Other Options


Training Courses

Advanced Electrical Safety Training Workshop

  • May 27, 2016 - Mississauga, ON
  • June 21, 2016 - St. John's, NL
  • June 24, 2016 - Halifax, NS
  • September 13, 2016 - Richmond, BC
  • September 15, 2016 - Edmonton, AB
  • September 21, 2016 - Winnipeg, MB
  • September 23, 2016 - Mississauga, ON

Canadian Fire Alarm and Life Safety Systems - Design, Installation And Testing

  • May 30-31, 2016 - Richmond, BC
  • June 1-2, 2016 - Edmonton, AB
  • June 16-17, 2016 - Winnipeg, MB
  • June 20-21, 2016 - Mississauga, ON

2015 Electrical Code Update Training

  • May 30-31, 2016 - Winnipeg, MB
  • June 1-2, 2016 - Mississauga, ON
  • June 13-14, 2016 - Edmonton, AB
  • June 15-16, 2016 - Richmond, BC
  • June 27-28, 2016 - Halifax, NS
  • June 29-30, 2016 - St. John's, NL
  • October 4-5, 2016 - Victoria, BC
  • October 6-7, 2016 - Richmond, BC
  • October 11-12, 2016 - Edmonton, AB
  • October 13-14, 2016 - Winnipeg, MB
  • October 31-November 1, 2016 - Saskatoon, SK
  • November 22-23, 2016 - Ottawa, ON
  • November 24-25, 2016 - Mississauga, ON

Electrical Safety For Qualified Electrical Workers

  • June 20, 2016 - St. John's, NL
  • June 23, 2016 - Halifax, NS
  • September 12, 2016 - Richmond, BC
  • September 14, 2016 - Edmonton, AB
  • September 19, 2016 - Saskatoon, SK
  • September 20, 2016 - Winnipeg, MB
  • September 22, 2016 - Mississauga, ON

2-Day Basic and Advanced Electrical Safety Training Workshop

  • June 20-21, 2016 - St. John's, NL
  • June 23-24, 2016 - Halifax, NS
  • September 12-13, 2016 - Richmond, BC
  • September 14-15, 2016 - Edmonton, AB
  • September 20-21, 2016 - Winnipeg, MB
  • September 22-23, 2016 - Mississauga, ON

Emergency Generators/UPS/ Battery Technologies

  • September 8-9, 2016 - Mississauga, ON
  • September 12-13, 2016 - Winnipeg, MB
  • September 14-15, 2016 - Saskatoon, SK
  • September 19-20, 2016 - Edmonton, AB
  • September 21-22, 2016 - Richmond, BC

MV-HV Industrial Electrical Maintenance/Safety Practices

  • October 17-18, 2016 - Mississauga, ON
  • October 19-20, 2016 - Winnipeg, MB
  • October 24-25, 2016 - Saskatoon, SK
  • October 26-27, 2016 - Edmonton, AB
  • November 3-4, 2016 - Richmond, BC

Electrical Grounding For Industrial Power Systems

  • November 1-2, 2016 - Richmond, BC
  • November 3-4, 2016 - Edmonton, AB
  • November 7-8, 2016 - Saskatoon, SK
  • November 9-10, 2016 - Winnipeg, MB
  • November 14-15, 2016 - Mississauga, ON

VFD and Electric Motors Control Training

  • November 14-15, 2016 - Winnipeg, MB
  • November 16-17, 2016 - Saskatoon, SK
  • November 21-22, 2016 - Richmond, BC
  • November 23-24, 2016 - Edmonton, AB
  • December 5-6, 2016 - Mississauga, ON

Power Transformer Testing and Maintenance

  • November 21-22, 2016 - Mississauga, ON
  • November 23-24, 2016 - Winnipeg, MB
  • November 28-29, 2016 - Edmonton, AB
  • December 12-13, 2016 - Richmond, BC
Featured Product

Solid Brass Padlocks

Hercules Industries, Inc.
The complete line of solid brass padlocks at a very competitive price with two-week delivery...
... more
Latest Buyer's Guide Companies
Sign Up Today and Receive Our FREE E- Newsletter

E-newsletter service - Exciting industry trends, technical developments, product information, forums and electrical training courses.