Millions of Network-connected electricity meters or Smart meters used in Spain are susceptible to cyberattack by hackers due to lack of basic and essential security controls that could put Millions of homes at risk, according to studies carried out by a pair of security researcher.The security vulnerabilities found in the electricity meters could allow an intruder to carry out billing fraud or even shut down electric power to homes and cause blackouts.
Poorly protected credentials inside the devices could let attackers take control over the gadgets, warn the researchers. The utility that deployed the meters is now improving the devices’ security to help protect its network.
The discovery comes as one security expert warns some terror groups may attack critical infrastructure systems.Many utility companies are installing smart meters to help customers monitor and manage their power use and help them be more energy efficient.
Buried inside the onboard software, or firmware, the pair found encryption keys used to scramble all the information that the smart meter shares with “nodes” sitting higher in the power distribution system.Using the keys and the unique identifier associated with each meter it became possible for the researchers to spoof messages being sent from the power-watching device to a utility company.
The Smart meters use relatively easy to crack symmetric AES-128 encryption, which was designed to secure communications and prevent tampering with billing systems by fraudsters.
There are three major utility companies in Spain — Endesa, Iberdrola and E.ON and collectively 8 million Smart meters have been installed on over 30 percent of households.