Skip to main content

Smart meters can be hacked to under-report energy usage

Poorly built smart meters are being left open to hackers and criminals that are able to take advantage of the flaws to under-report energy usage and make big savings as a result.

Read more: Smart metering: A once-in-a-generation chance for supplier to forge new relationships with customers

Security researchers found that meters rolled out by a Spanish utility firm to track usage could be cracked and spoof messages sent back to the company on how much energy is being used with the firm involved already working to repair the fault.

"We took them apart to see how they work," said independent researcher Javier Vidal, according to the BBC. "We suspected there could be some issues with them and we wanted to check. We feared the security would be easy to break and we confirmed that.”

Vidal, along with fellow researcher Alberto Illera, found encryption keys inside the device’s firmware that could be used in conjunction with the smart meter’s unique identifier to spoof messages sent from the device to the utility firm. As well as under-reporting energy usage, the flaw could also be used to get someone else to pay your bill and it’s claimed that eventually the pair could shut off power to certain locations by using the vulnerability.

The findings follow similar work done by security investigator Greg Jones in the UK that found shared IDs, inadequate protection from tampering, and data that can be easily duplicated, and he is “not surprised” at the latest findings.

"I'm pretty sure that anyone who picked up one of these units would find similar problems," he said. “If you physically own a piece of hardware you can compromise it.”

Researchers aren’t that worried that cybercrime gangs will knock out power grids due to the fact they are far more interested in making money by using programming skills. Terror groups aren’t thought to possess the abilities to bring down power grids yet, however, it won’t be long until this is the case.

"We have a lot of brutal, non-state entities popping up all around the world and they are getting more organised on a daily basis,” said Ashar Aziz, founder and head of FireEye. "That capability is getting to be within the reach of them."

Read more: UK businesses aren’t taking mobile security seriously enough

The government plans to roll out some 53 million smart energy meters to UK households by 2020 and has already awarded a £2.8 billion contract to Telefónica UK to deliver the meters. They cost each household over £200 and there has already been criticism with a reported saving of just £26 a year for any premises that installs the technology that risks completely undermining the project.

Image Credit: Flickr (saffroncisco)Porthole Ad