At this year’s Black Hat, a global information security event hosted in Amsterdam, two researchers will share their findings, pointing to vulnerabilities of the smart meter enabling hackers to order a power blackout. Javier Vazquez Vidal and Alberto Garcia Illera have ‘reverse engineered’ smart meters, identifying glaring weakness in the device. Vidal and Illera have indicated that the brand of smart meters evaluated have been installed in Spain. They have not disclosed the manufacturer of the meters.
Kelly Higgins of DarkReading.com, reports that through the testing of the smart meter, the researchers found it had the ‘same pair of symmetric AES-128 encryption keys’ which could be contained ‘inside every such device’. It is believed that if these encryption keys are removed, hackers are able to send commands directly to the smart meter, creating the conditions for a power shutdown.
Vazquez Vidal said: ‘The device is not properly secured. Once you’ve got the [encryption] keys and know the hardware, you can have full control of the network in a really big area… to turn off and on the lights remotely, and you could know power consumption in a house [to determine] if someone is in the house.
‘You didn’t need any tools to trigger the vulnerabilities we found’, he continued.
The researchers said that the flaws found can have very detrimental effects including being able to ‘turn the lights off in a city or neighborhood’.
‘One would be to access one meter and use it as an entry point for the network’ said Vidal…