Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Internet security expert says smart meters are dangerously insecure

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 4, 2017

According to internet security researcher Netanel Rubin, so-called 'smart meters' are dangerously insecure.

Rubin asserts that they feature insecure encryption and known-pwned protocols and that attacks reach all the way to making them explode, in extreme cases.

The utility hacker and founder of Vaultra has literally derided global governmental efforts to install the meters as reckless, saying the dangerous IoT devices are a risk to all connected smart home devices.

On any given day, smart meters can easily communicate with various devices inside homes and offices, such as air conditioners, fridges, cameras and the like.

A hacker who could break into the meters could control those, potentially unlocking doors and other security apparatus.

"An attacker who controls the meter also controls its software, allowing them to literally blow the meter up. If an attacker could hack your meter, he could have access to all the devices connected to the meter," he asserted.

"The smart meter network in its current state is completely exposed to attackers," Rubin warned users.

He also acknowledged some complaint over fear-mongering from the security audience at the Chaos Communications Congress in Hamburg, Germany, but says his description of 'exploding boxes' is to deliver the message of smart meter insecurity to the wider public.

He fended off some comments that triggering explosions through hacking was not possible, saying it had been apparently acknowledged in the United States, although we cannot guarantee that claim.

The overall physical security of the meter is somewhat Okay, but hackers still have plenty of wireless vectors to attack, nevertheless.

Rubin lists smart meters' overall utilization of Zigbee or GSM protocols, often left insecure and unencrypted, or at best secured with the GPRS +A5 algorithm which has been known to be broken since at least 2011.

Potential hackers can also broadcast over the top of meters' communications protocols forcing all units in an area to connect to malicious base stations using hardcoded credentials, further escalating this security issue.

The access grants hackers direct access to the smart meter firmware for deep exploitation of more security problems.

"All meters of the same utility make use of the same APN credentials," asserted Rubin.

Making matters worse, Rubin also discovered that smart meters add home devices handing over the critical network key without first checking if the gadgets should be added in the first place.

This opens up a new avenue for attackers to masquerade as home devices, steal the key itself, and then impersonate the meter, among other nasty things.

You can communicate with and control any device in the house from way across the street, open up locks, cause a short in the electricity system, whatever we want to do, he asserted.

"A simple segmentation fault is enough to crash the meter, causing a blackout at the premises," Rubin added.

He added that the attack vectors would have been erased if proper encryption was used, and the network was segmented instead of treated as a giant LAN.

Some attacks date back to about 6 1/2 to 7 years ago in Puerto Rico, when hackers caused some $400 million in billing fraud.

Rubin says that smart meters' ability to communicate with internal smart home devices is only the first step as utilities expand in the future to build city-wide networks with smart appliances.

"The entirety of the electricity grid, your home, your city, and almost everything in between will be in control of your energy utility, and that's a bit scary.

Overall, nearly 40 percent of the smart meter market is held by Itron, Landis & Gyr, and Elster, but the market is expanding and there will soon be more players involved in the mix.

The EU wants to replace more than 70 percent of electricity meters with smart versions at a cost of about €45 billion. There are already some 100 million meters that are already installed globally.

Rubin also expects a sharp increase in hacking attempts, and called on utilities to step up their security efforts.

Rubin released an open source tool to help security researchers test their own smartmeters. He is clearly alarmed by what he's discovered in the last year, and warns that things will get a lot worse unless the various players that swift actions to reduce the overall risks.

Source: Dawid Golunski.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer