The lack of security in the smart utilities raises the prospect of a single line of malicious code cutting power to a home or even causing a catastrophic overload leading to exploding meters or house fires, according to Netanel Rubin, co-founder of the security firm Vaultra.
“Reclaim your home,” Rubin told a conference of hackers and security experts, “or someone else will.”
If a hacker took control of a smart meter they would be able to know “exactly when and how much electricity you’re using”, Rubin told the 33rd Chaos Communications Congress in Hamburg. An attacker could also see whether a home had any expensive electronics.
“He can do billing fraud, setting your bill to whatever he likes … The scary thing is if you think about the power they have over your electricity. He will have power over all of your smart devices connected to the electricity. This will have more severe consequences: imagine you woke up to find you’d been robbed by a burglar who didn’t have to break in.
“But even if you don’t have smart devices, you are still at risk. An attacker who controls the meter also controls the meter’s software, allowing him to cause it to literally explode.”
Rubin said many of the warnings were not hypothetical. In 2009 Puerto Rican smart meters were hacked en masse, leading to widespread billing fraud, and in 2015 a house fire in Ontario was traced back to a faulty smart meter, although hacking was not implicated in that.
The problems at the heart of the insecurity stem from outdated protocols, half-hearted implementations and weak design principles. While the physical security of smart meters is strong – “trust me, I tried” to hack in that way, Rubin said – the wireless protocols many of them use are problematic.
Our IP Address: