IOActive researchers have spent the past year testing Smart Grid devices for security vulnerabilities and have discovered a number of flaws that could allow hackers to access the network and cut power, according to Joshua Pennell, IOActive's CEO. Smart Grid devices are small computers that are connected to the power grid, giving customers and power companies better control over the electricity they use. There are about 2 million of these devices currently deployed, but many more are expected to be added in coming years.
The researchers created a computer worm that could quickly spread among Smart Grid devices, many of which use wireless technology to communicate, according to Travis Goodspeed, an independent security consultant who worked with the team. "It spread from one meter to another and then it changed the text in the LCD screen to say 'pwned'," he said. Pwned is hacker-speak meaning "taken over."
In the hands of a malicious hacker, this code could be used to cut power to Smart Grid devices that use a feature called "remote disconnect," which allows power companies to cut a customer's power via the network.
IOActive briefed the U.S. Department of Homeland Security on its findings Monday and is advising the utilities industry to better test the systems before deploying them in the real world.
News of IOActive's research was first , ensuring that the security of the Smart Grid will get a lot of public attention as the U.S. moves forward with plans to add another 17 million of these devices over the next few years.