Future Threat: Black hat erasatz hack attack hits homes on smart-grid
As the deft stroke of a finger from a black-hatted hacker's hand depressed a key, the lights dimmed and electric apparati cease operating in 68 percent of homes connected to America's smart grid. Washing machines stopped washing and cars stopped charging as the attack continued to issue forth for over 24 hours from deep within the bowels of a malcontent's lair. Lucky for us the assault was a smart meter worm simulation and the destructive hand belonged to Mike Davis of IOActive. This time.
The ersatz attack was presented to the audience at the Black Hat security conference last Thursday and underlines the need for the important pieces underpinning our future "smart" grid to be securely built. The exploit used in this case took advantage of security weaknesses in a smart meter from an unhappy, un-named company. When first confronted with news of their products failings they were somewhat chagrined to learn their device had been purchased on eBay to be examined and exploited by the security expert. If the anonymous concern wants future Department of Energy (DOE) money, they had better get their act together. The government agency has announced that it may withhold funding from smart meter stimulus projects if security concerns aren't addressed. Good thing, too, because having an internet-vunerable grid is just asking for trouble from antagonistic countries as well as bored teenagers.
Source: earth2tech]
Reader Comments (Page 1 of 1)
Mike!!ekiM 3:40PM (8/03/2009)
Time to put some real Jail Time to these kind of crimes. 20 Years Minimum.
Reply
augustus 4:50PM (8/03/2009)
Yes some jail time really scares teenagers in Russia, China, India or the DPRK.
Matt 4:09PM (8/03/2009)
I'm with Mike. We don't prosecute nearly as hard as we should on computer hacking. Of course, that pretty much means we have to sever the lines to China, but if it will keep my inbox from filling up with spam all the time, I'm ok with not getting Engadget Chinese. The web as it is can not survive, and a more secure environment will be necessary in the coming years.
Reply
John Rowell 4:29PM (8/03/2009)
I'm not so sure the threat of jail time is the solution. There will always be hackers around looking to exploit a security weakness. Critical networks such as this should not be connected to the Internet in the first place. The grid could be on its own independent network and might even use the existing power lines for communication. Alternatively make the protocols open-source so any vulnerabilities could be patched quickly.
Reply
augustus 4:52PM (8/03/2009)
Soon all the corny 24 plots about making nuclear power plants go critical will be reality!
These machines should have no connection to the internet. Talk to the DoD they do this stuff all the time.
Reply
letstakeawalk 5:38PM (8/03/2009)
Here's a pro for Hydrogen fuel cells! Hydrogen can be made in the users home, while disconnected from the grid. Sunshine, wind power, geothermal, there are many ways to potentially generate the electricity to generate hydrogen at the user's demand.
No need for a complicated interdependent grid which can be vulnerable to these sorts of attacks.
Just saying, folks, just saying.
Reply
McHoffa 7:58PM (8/03/2009)
Why not skip the hydrogen process altogether and just generate the electricity for our homes/cars using solar/thermal/wind?
Chris M 1:22AM (8/04/2009)
Yea, considering that batteries and charger are 85% efficient at storing electrical energy, but using electrolysis and compression and fuel cells would only be 24% efficient. Going the Hydrogen route would require 3x more of those expensive solar cells and windmills! Also, the H2 storage and the H2 fuel cells would cost a lot more than the equivalent in batteries.
Some rich idiot actually did that, using solar cells and an electrolyzer and a yard full of pressure tanks and a fuel cell to power his home. That setup cost a half million dollars. Had he used batteries instead, it would have been about 1/15th the cost.
The most practical solution would be to remain connected to the grid, but use old fashioned "dumb" appliances that won't listen to the hackers commands.
letstakeawalk 1:53AM (8/04/2009)
Chris
I accept your point. I hope you understood mine. It's not about cost - it's about self-sufficiency. Battery cost will go down, and wind/water turbine efficiency will increase. It will get cheaper to make your own electricity at home.
I just happen to like hydrogen. And audio amplifiers that don't use remotes. Most of my electric gear has switches that turn them "off", not just to "standby".
Personally, I wouldn't call that guy an idiot either - more of a visionary.
Mr. E 11:59PM (8/03/2009)
Forget hackers. This is the stuff that terrorists or the cyber arm of foreign militaries will be more than happy to exploit. Jail time won't mean a thing to them.
These are 100% mission critical systems. We should absolutely not tolerate poor security practices, or the mythical "security through obscurity."
Smart Meter manufacturers must fully publish the physical characteristics, security infrastructure, public/private key methodology, etc. of their hardware and software. Having the underpinnings out for all to view and experiment with is the only way to be fully hacker tested in the real world.
Reply
letstakeawalk 1:58AM (8/04/2009)
Can anyone lend me about $34,000?
I have it under best information that I can be completely off the grid and self-sufficient using batteries for about that much.
Seriously. Why are you all staring at me like that?
Reply