FBI Warns Smart Meter Hacking May Cost Utility Companies $400 Million A Year

The FBI has seen an increase of smart meter hacks which allow consumers to reduced power bills by 50-75%. Crazy hacking skills are not required and can be accomplished by using a magnet to fake readings or hiring hackers to attack smart meters. The FBI warned the cost of smart meter fraud may cost utility companies $400 million per year.

While smart meters going dumb has been called an "urban myth," and some Americans have padlocked their dumb meters to stop smart meters from being installed, others have happily welcomed and hacked smart meters in order to significantly reduce power bills by 50-75%. The FBI warned that hacking smart meters and the resulting fraudulent power bills may end up costing utility companies about $400 million per year.

Krebs on Security posted an FBI cyber intelligence bulletin in which the Feds report seeing an increase of smart meter hacking which allows "power theft" by consumers who want free electricity. In fact, hacking smart meters does not require mad skills, only modest hacking skills or hiring it done for a modest fee. Not all smart meters are equally smart, nor can all "block unauthorized modifications." The "FBI warns that insiders and individuals with only a moderate level of computer knowledge are likely able to compromise meters with low-cost tools and software readily available on the Internet."

Brian Krebs reported, "Citing confidential sources, the FBI said it believes former employees of the meter manufacturer and employees of the utility were altering the meters in exchange for cash and training others to do so. 'These individuals are charging $300 to $1,000 to reprogram residential meters, and about $3,000 to reprogram commercial meters,' the alert states."

The FBI bulletin said one tool being used is an "optical converter" which can be found online for about $400. The optical port is meant to allow diagnostics, but this method of attacking a smart meter "does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact." Yet another no-skills-required attack method involves strong magnets that interfere with measuring the actual electricity used. Those magnets are removed during daylight hours in case a power company technician drops by to inspect the smart meter.

While smart meter fraud such as the FBI warns about would lower electricity bills, some people have figured out how to hack without breaking smart meters so there is no electric bill. At the Chaos Communication Congress, during a hacking for privacy presentation, amateur hackers proved that it took only two days to hack a smart meter and fake the readings so that electricity bills showed no power consumption at all.

The insecurity of smart meters and the power grid has been in the news for years as security researchers warn that America's infrastructure is a mess waiting to be hacked. "By the end of 2015, the potential security risks to the smart grid will reach 440 million new hackable points," Computerworld reported. Then not too long ago, Pike Security reported that it would only take a $60 piece of malware to bring mass chaos to power grid security. The latest smart grid cybersecurity survey by nCircle asked 104 energy security professionals, "Do smart meter installations have sufficient security controls to protect against false data injection?" A whopping 61% said "No."

Yet in the march toward making all dumb meters "smart," Wired announced that thanks to new financing, cities will be able to upgrade their parking infrastructure to "pay as you go" smart parking systems. Streetline technology turns "dumb parking meters into a meshed network of smart devices that can interact with smartphones for mobile payment and reservations, and city data centers for tracking and analysis." But during Black Hat 2009, security researchers hacked a variety of electronic parking meters for free parking.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2012 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.