FBI: Smart Meter hacks likely to spread — Utilities are unprepared

[SSM UK comment] We seem to be experiencing a surge in stories being contributed to us which warn about the unnecessary systemic vulnerabilities that a Smart [sic] Grid presents.  Remedying this – if indeed possible – can only add to the burden on tax payers and bill payers.  The excerpts included below are from a report from the FBI’s cyber intelligence bulletin.

~ Hacks against so-called “smart meters” over the past several years may have cost just a single U.S. electric utility hundreds of millions of dollars annually.

~ The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology.

~ Spot checks found that one in ten smart meters had been modified!  The company estimates the resulting losses at up to $400 million (around €300 million) per year.

~ Suitable probes are available online for around $400 and are connected to a laptop which runs software to modify the meter’s settings.

~ The software needed to carry out the hack is freely available online. The hack does not damage the smart meter hardware or require its removal.

~ The FBI warns that insiders and individuals with only a moderate level of computer knowledge are likely able to compromise meters with low-cost tools and software readily available on the Internet.

~ “The FBI assesses with medium confidence that as Smart Grid use continues to spread throughout the country, this type of fraud will also spread because of the ease of intrusion and the economic benefit to both the hacker and the electric customer,” the agency said in its bulletin.

~ “This is a well-known and common issue, one that we’ve warning people about for three years now, where some of these smart meter devices implement unencrypted memory”

~ The two researchers were slated to demo their smart meter hacking tools at the Shmoocon security conference earlier this year, but agreed to pull the presentation at the last minute at the request of several vendors and utilities that they declined to name.

Read more at FBI: Smart Meter Hacks Likely to Spread — Krebs on Security.