Preventing smart meters from getting hacked

Cybersecurity researchers have developed an automated program that addresses software-interference attacks on smart meters and aims to boost security in the smart grid.

Smart electricity meters can be easily accessed by malicious hackers. Software-interference attacks are where the attacker physically accesses the meter and modifies its communication interfaces or reboots it. As a result, the meter is unable to send data to the grid, keeps sending data when it shouldn’t or performs other actions it wouldn’t normally do.

Researchers from the University of British Columbia (UBC) have developed an automated program that uses two detection methods for these attacks: design-level analysis and code-level analysis. The latter proved to be more efficient and accurate.

“First, we created a virtual model of the smart meter and represented how attacks can be carried out against it. This is what we call design-level analysis. Second, we performed code-level analysis. That means probing the smart meter's code for vulnerabilities, launching a variety of attacks on these vulnerabilities,” said Karthik Pattabiraman, co-author and Associate Professor of Electrical and Computer Engineering at UBC.

Code-level analysis found nine different types of attacks within an hour, which was three times more than the three identified by design-level analysis.

All of the attacks can be carried out with equipment purchased for less than US$50 online and do not require specialised expertise, Pattabiraman explained.

According to the researchers, vendors can use the findings to test their designs before they are manufactured, so they can build in security from the beginning.

“By using both approaches — design-level and code-level — you can guard against software tampering on two different fronts,” said Pattabiraman. “Our findings can be applied to other kinds of devices connected to a smart grid as well, and that’s important because our homes and offices are increasingly more interconnected through our devices.”

With 588 million smart meters projected to be installed worldwide by 2022, and multiple smart devices connected to electricity through a smart meter, the consequences could be devastating. Pattabiraman explained that a hacker could deactivate an alarm system, see how much energy someone is using and rack up bills, and hacked meters could cause house fires or a widespread blackout.

“Like all security techniques, there is no such thing as 100% protection. Security is a cat-and-mouse game between the attacker and the defender, and our goal is to make it more difficult to launch the attacks,” he said. “I believe the fact that our techniques were able to find not just one or two vulnerabilities, but a whole series of them, makes them a great starting point for defending against attacks.”

The research is published in ACM Transactions on Embedded Computing Systems.

Image credit: ©stock.adobe.com/au/Sergey Nivens