Faculty: Cybersecurity research stays one step ahead of technology
All over the world, power companies have installed millions of smart meters, which enable two-way communication between the meter and the utility’s central system. Because smart meters gather data for remote reporting, in time, they will almost certainly be able to talk to any smart device. It’s this very capability that is both tantalizing and disconcerting. While it could be useful to know how much energy your TV, refrigerator or laundry appliances are consuming, for example, or to turn your lights or air conditioning on and off using a cell phone, the system may also prove vulnerable to malicious attacks. And that’s where Adam Kaplan’s research comes in.
Kaplan, an assistant professor of computer science, has developed a research project that seeks to determine whether smart meters are susceptible to hacking and if so, what kinds of information a hacker might be able to obtain.
“Smart meters themselves are running on a wifi-like interface,” he says. “Smart meters use a slightly different standard than the one we know, but it is still quite hackable and ‘sniffable.’”
Kaplan intends to find out if it is more hackable and sniffable than the wifi standard, using a radio device to sniff networks and see what is being broadcast unencrypted, as well as to find out what is being sent encrypted, what it takes to crack the encryption, what computer resources are needed to hack the system quickly, what information is gained from cracking that encryption and what damage potentially might be done.
“There are attacks that could cost consumers money,” he speculates. “Maybe utility use could increase significantly through devices that people are not aware of. Or maybe billing information is sent, and a hacker could get credit card numbers for billing. An attack could be physically damaging, such as disabling the air conditioning on a very hot day or turning off the refrigerator. It could have repercussions beyond simply annoying or financial.”
Kaplan’s goal for the research is to come up with a guide of best practices in smart meter security for savvy consumers. Just as there are established best practices to secure laptops, mobile devices or home networks against most major vulnerabilities and attacks, he wants to provide something similar for smart meter interfaces.
“This technology will be increasingly important to the home network,” he says, “and we need to know what we are opening ourselves up to four, six or ten years from now when it is widely adopted.”
