The security weaknesses could potentially allow miscreants to snoop on customers and steal data, cut off power to buildings, and even cause widespread outages, according to a number of experts who have studied the meters and looked into smart-grid systems. A new paper out of the University of Cambridge highlights privacy concerns from smart meters, as well as security risks caused by linking home-area networks, of which smart meters are an initial piece, to utilities.
“From a hardware perspective, [mobile] phones today are more secure than many of the smart meters in deployment,” said Karsten Nohl, a security researcher based in Germany who has previously analysed mobile phone and smart card security.
(Smart meter image by Tom Raftery, CC BY-SA 2.0)
“Those meters, however, may be used as attack vectors into the spheres of power distribution and generation, as well as into customer databases at the utilities,” Nohl said. “They deserve nothing less than the best hardware protection available.”
Sources for this story would not name which smart meters they found problems in or which utilities are deploying them. In general, the meter projects tend to have similar issues because of how quickly they are being deployed, they suggested.
There are about 250 active smart-metering projects worldwide, with about 49 million meters already installed and 800 million planned for installation, according to the Meterpedia.com blog. Projects in the US are being accelerated because of the US$3.4 billion in stimulus funds set aside for smart-grid technologies. In Australia, Victoria has plans to roll out meters to 680,000 customers by 2013. Western Australia and New South Wales have also been involved in trials.
Utilities are focused on their core business and they are relying on vendors to provide security in the meters, sources said. But vendors have a disincentive to provide strong security features because that tends to increase the cost to develop and manufacture, making the meters more expensive and less competitive in the market, Jonathan Pollet, founder of Red Tiger Security which tests security features in SCADA systems said.
“Since there is no federal mandate as to how much security to have in the meters, there aren’t the right motivation factors for security to be a major factor,” Pollet said. “It’s an afterthought.”……………………………………. continue reading via Are smart meters security disasters? – Security – News – ZDNet Australia.