The new meters are useful for utility firms as they provide an easy way to track the energy usage of individual customers without needing to rely on self-reporting.

But they can also be compromised by hackers with thousands of videos online showing how to tamper with the devices, a potentially dangerous and illegal practice.

The UBC team has developed an automated program aimed at improving the security of these devices and boosting security in the smart grid.

“Our program uses two detection methods for these types of attacks. First, we created a virtual model of the smart meter and represented how attacks can be carried out against it. This is what we call design-level analysis. Second, we performed code-level analysis. That means probing the smart meter’s code for vulnerabilities, launching a variety of attacks on these vulnerabilities,” said Cybersecurity researcher Karthik Pattabiraman.

The method addresses smart meters’ vulnerability to what the researchers call software-interference attacks, in which the attacker physically accesses the meter and modifies its communication interfaces or reboots it. As a result, the meter is unable to send data to the grid, or it keeps sending data when it shouldn’t, or performs other actions it wouldn’t normally do.

All of the attacks can be carried out by an attacker with relatively low cost-equipment purchased for less than $50 online, and do not require specialized expertise.

“Smart meters are critical components of the smart grid, sometimes called the Internet of Things, with more than 588 million units projected to be installed worldwide by 2022,” Pattabiraman said. “In a single household you can have multiple smart devices connected to electricity through a smart meter. If someone took over that meter, they could deactivate your alarm system, see how much energy you’re using, or can rack up your bill. In 2009, to cite one real-life example, a massive hack of smart meters in Puerto Rico led to widespread power thefts and numerous fraudulent bills.”

Hacked meters can even cause house fires and explosions or even a widespread blackout. Unlike remote servers, smart meters can be relatively easily accessed by attackers, so each smart meter must be quite hackproof and resilient in the field.

By using both the design-level and code-level approaches vendors can guard against software tampering on two different levels.

“Our findings can be applied to other kinds of devices connected to a smart grid as well, and that’s important because our homes and offices are increasingly more interconnected through our devices,” said Pattabiraman.

He adds that as with all security techniques, there is no such thing as 100 per cent protection: “Security is a cat-and-mouse game between the attacker and the defender, and our goal is to make it more difficult to launch the attacks. I believe the fact that our techniques were able to find not just one or two vulnerabilities, but a whole series of them, makes them a great starting point for defending against attacks.”

The UK has suffered a rocky rollout of smart meters, last year analysis from Which? found that suppliers would need to triple the rate of installations to hit a target of replacing all existing meters by 2020. 

The new meters are useful for utility firms as they provide an easy way to track the energy usage of individual customers without needing to rely on self-reporting.

But they can also be compromised by hackers with thousands of videos online showing how to tamper with the devices, a potentially dangerous and illegal practice.

The UBC team has developed an automated program aimed at improving the security of these devices and boosting security in the smart grid.

“Our program uses two detection methods for these types of attacks. First, we created a virtual model of the smart meter and represented how attacks can be carried out against it. This is what we call design-level analysis. Second, we performed code-level analysis. That means probing the smart meter’s code for vulnerabilities, launching a variety of attacks on these vulnerabilities,” said Cybersecurity researcher Karthik Pattabiraman.

The method addresses smart meters’ vulnerability to what the researchers call software-interference attacks, in which the attacker physically accesses the meter and modifies its communication interfaces or reboots it. As a result, the meter is unable to send data to the grid, or it keeps sending data when it shouldn’t, or performs other actions it wouldn’t normally do.

All of the attacks can be carried out by an attacker with relatively low cost-equipment purchased for less than $50 online, and do not require specialized expertise.

“Smart meters are critical components of the smart grid, sometimes called the Internet of Things, with more than 588 million units projected to be installed worldwide by 2022,” Pattabiraman said. “In a single household you can have multiple smart devices connected to electricity through a smart meter. If someone took over that meter, they could deactivate your alarm system, see how much energy you’re using, or can rack up your bill. In 2009, to cite one real-life example, a massive hack of smart meters in Puerto Rico led to widespread power thefts and numerous fraudulent bills.”

Hacked meters can even cause house fires and explosions or even a widespread blackout. Unlike remote servers, smart meters can be relatively easily accessed by attackers, so each smart meter must be quite hackproof and resilient in the field.

By using both the design-level and code-level approaches vendors can guard against software tampering on two different levels.

“Our findings can be applied to other kinds of devices connected to a smart grid as well, and that’s important because our homes and offices are increasingly more interconnected through our devices,” said Pattabiraman.

He adds that as with all security techniques, there is no such thing as 100 per cent protection: “Security is a cat-and-mouse game between the attacker and the defender, and our goal is to make it more difficult to launch the attacks. I believe the fact that our techniques were able to find not just one or two vulnerabilities, but a whole series of them, makes them a great starting point for defending against attacks.”

The UK has suffered a rocky rollout of smart meters, last year analysis from Which? found that suppliers would need to triple the rate of installations to hit a target of replacing all existing meters by 2020.