How to hack a smart meter

How to hack a smart meter

Power system security needs constant monitoring and awareness in order to stay on top of the emerging threats.
Published: Mon 12 Feb 2018

In a digitally connected world, constant security awareness is becoming ever more crucial, especially for complex and critical infrastructure such as the power system.

Typically, one thinks of sophisticated criminal organisations perhaps looking for a ransom. But the hacker could equally be a hobbyist out to gain fame or a state actor intent on spying or causing disruption, says Nicolas Viot, Senior Consultant at the security organisation Trusted Labs.

Smart meter vulnerabilities

In order to understand the security requirements for smart metering, Viot breaks down the system and the smart meter itself into its components, offering multiple potential points of attack, depending on the skills and tools at the availability of the hacker.

For example, potentially the easiest, he says, is the flash memory, which may contain information such as passwords and keys that could be retrieved or erased. Others possible attack routes include bus probing, software attacks and network interception.


Nicolas Viot gives his opinion on utility cybersecurity

‘Security by design’

With the common wisdom that an attack is a matter of when, not if, and considering the complexity of a smart metering system, what can be done for protection?

Viot recommends a ‘security by design’ approach in which security is built into the system from the outset and integrated in each step of the development. To try to build in security at the end would be difficult, costly, and unlikely to be sufficiently effective, he indicates.

“The threats are real and the impacts will be real and all it takes is one skillful attacker,” says Viot. “Learn the risks and test and review your security measures."


Bo Danielsen, Head of Metering at Danish utility SEAS-NVE, and Emil Gurevitch, Security Architect at US-based smart energy company Networked Energy Services

Smart grid security at SEAS-NVE

A separate presentation with Bo Danielsen, Head of Metering at Danish utility SEAS-NVE, and Emil Gurevitch, Security Architect at US-based smart energy company Networked Energy Services (NES), reveal how the hacker’s approach to smart metering was used to develop and implement a security solution at the Danish utility.

The project was initiated in early 2012, following completion of SEAS-NVE’s 400,000 smart meter rollout and a time when security concerns were just starting to make headlines.

“We realised that security was a global issue that needed answers,” says Danielsen, recalling that the issue had received a mere few lines in the smart meter tender documents.

The outcome, which was delivered via a series of firmware upgrades to the smart meters, have included improvements to the network security protocol, hardening of the attack surface using tools such as Fuzzing and stronger authentication.

“Most importantly, we looked at how we could detect compromises after the fact,” Gurevitch comments. “We now have very high fidelity signals of compromise.”

Summing up the lessons learned, Danielsen reiterates the need for users to understand their system and the security requirements. He also highlights the need for cooperation: “The bad guys work together, so should we.”

Related Webinar