“You shouldn’t be able to do this.” But you can. It may be one of the most dangerous flaws in technology to date.
It seems that the smart devices in store for the future under a smart grid pose some pretty serious security flaws – and could pose a risk to your life.
A number of hackers have pointed out how unencrypted, remote thermostat devices could be manipulated to attack a single home/business, an entire neighborhood, or even the entire country.
Worse, the industry is pumping out hundreds of new connected smart appliances that could leave security vulnerabilities in the homes of every American.
According to Wired Magazine:
A hacker could cut air conditioners during a heatwave—creating a potentially fatal condition for the elderly and sick—or turn air conditioners on during peak energy periods, causing a surge that creates a widespread blackout. Or a hacker could directly attack a group of specific homes or offices by taking advantage of the fact that unique IDs are assigned to groups of devices, allowing them to be singled out.
According to another researcher, the hack could be even worse. If an attacker were to turn the air conditioners on and off repeatedly, the could create disturbances and imbalances in the grid that could trip breakers beyond the neighborhood they’re targeting and cause an even more widespread blackout.
“This is bad, and that’s why we need better security so that we don’t have the ability to manipulate the load,” says Eric Johansson, founder of Management Doctors, a security firm in Sweden that specializes in SCADA. “You shouldn’t be able to do this.”
The attack against the devices requires little skill. All a hacker would need is to be on the same radio frequency as the utility company, and then they could monitor and record the commands the company sends to the devices (a technique known as sniffing). From there, they could just play back those recorded commands to other devices to get them to turn on or off (a so-called “replay” attack).
And there are many other issues with the technology, as experts who talked to Wired note.
Hackers brought up the issue to urge the need for encryption and protection with relatively-open “smart” devices that have been increasingly phased into home appliance use.
Many homes have now given their power company permission to adjust their thermostat remotely, while others have implemented consumer devices to control the temperature remotely while members of the household are at work or away from home.
But at the heart of the issue is the open door for saboteurs that could bring society to its knees.
In the worst case, a prolonged, widespread power outage – that includes damage to generators and relay stations system wide – could leave hundreds of millions without power and on the verge of life and death – as desperate people in cities would almost certainly riot, loot and kill each other for remaining resources, while others could die from exposure to extreme cold or heat without power and utilities.
Experts have predicted that 90% of the population would die if the grid went down and took 6 months or longer to restore.
As it stands, most sprawling urban areas are mere days away from chaos at any given point – once people get hungry and upset.
Now they know they need to fix it, but will they?
For now, the threat is mostly hypothetical, though a cyber attack has been considered a threat for years now. But it is yet another reason to prepare for all eventualities, especially surviving comfortably without electricity for prolonged periods of time.
Such a scenario will bring enormous pressure to bear on the rest of society – but that doesn’t have to include you.