Industry comment: smart meters leave British homes vulnerable to cyber attacks
It’s been reported that ministers have been warned smart energy meters are leaving householders vulnerable to cyber-attacks. Why are smart meters ideal territory for hackers? Kirill Kasavchenko, principal security technologist, EMEA at NETSCOUT Arbor, offers his thoughts below.
“Hackers are opportunistic, tech-savvy and astute, so it should come as no surprise that they’re eyeing up smart meters as a new tool for launching cyber-attacks. Any device that is able to connect to the internet can be weaponised by criminals who can tap into the network and launch DDoS attacks – knocking websites and services offline. As more IoT devices flood our homes and our workplaces, attackers accordingly build and weaponise IoT botnets of unprecedented size and capability.
“IoT devices are attractive to attackers because so many are shipped with insecure defaults, including default administrative credentials, open access to management protocols, and shipping with insecure, remotely exploitable code. A large proportion of embedded systems are rarely if ever updated in order to patch against security vulnerabilities – indeed, many vendors of such devices do not provide security updates at all.
“With smart meters in particular, they’re a risk to households across the UK for a few reasons. They’re generally always turned on, they mostly reside on residential networks which aren’t monitored for either incoming or outgoing attack traffic, and the networks where they’re deployed increasingly offer high-speed connections. Everyone needs to take responsibility for their role in protecting our connected world against criminal activities, which is why all players need to assess how they can make it harder for criminals to exploit devices. From the utilities companies, to the manufacturers of these devices, to consumers – we all need to come together to create a more cyber aware culture.”