The robustness of U.S. power networks has been a hot-button issue after a technical glitch in 2003 caused a cascading power failure in the eastern United States and Canada that affected 55 million people.

Hackers have eyed power systems before. Last year, the U.S. Central Intelligence Agency confirmed that criminals had hacked into computer systems via the Internet and cut power to several cities in countries outside of the U.S.

The IOActive research will probably never be released publicly: Many of these devices are already deployed and it would be too dangerous to make the bugs known. Pennell said that his team's work was not focused on one particular device maker and that they were able to confirm a number of the theoretical vulnerabilities identified by Goodspeed, who has researched chip used by some Smart Grid devices.

"They demonstrated that the same vulnerability exists within a particular smart meter and they demonstrated that they could exploit it, and do this on a stock software with no changes," Goodspeed said.

These Advanced Metering Infrastructure (AMI) Smart Grid systems use a variety of low-power processors along with custom-designed firmware and operating systems and can be equipped with a variety of wireless protocols, which can give attackers different ways to break into the systems, Pennell said.