GCHQ fears energy smart meters could expose millions of Bretons to hack

In the United Kingdom, new smart energy meters that are set to be installed in 27 million homes were found vulnerable by GCHQ.

Unsecured IoT devices are a privileged target of hackers and unfortunately, smart energy meters belong to this category.

In the UK, new smart energy meters that are set to be installed in 27 million homes were found vulnerable by GCHQ.

According to the intelligence agency the vulnerabilities could be exploited by hackers to compromise the IoT devices posing a serious risk to the users.

In 2017, some energy providers in the UK, including British Gas, E.on, Npower, Scottish Power and EDF, started testing SMETS 2 smart energy meters, the successor of SMETS 1 meters.

The new model smart energy meters addressed several issues that affected the 8 million of SMETS 1 meters

SMETS 2 smart energy meters solved various problems that both consumers and energy firms faced with first-generation SMETS 1 meters. Unlike the older SMETS 1 meters, the UK, SMETS 2 could be used by energy suppliers to remotely receive meter readings electronically.

The SMETS 2 smart energy meters were also designed to interoperate with different suppliers, consumers can change the energy provider without needing to change the meters.

According to a post published by the Telegraph, the GCHQ has raised concerns over the security of the smart energy meters. Attackers hack them to steal personal details and defraud consumers by tampering with their bills.

The intelligence agency also warned attackers could use the devices as a “Trojan horse” to enter in the customers’ networks.

The UK Government also fears that nation-state actors could exploit the flaws in the energy smart meters to create a power surge that would damage the National Grid.

Security experts also warn of BlueBorne attacks that potentially expose smart meters to hack by leveraging Bluetooth connections.

Robert Cheesewright, of Smart Energy GB, the Government-funded agency promoting the smart meter roll-out, tried to downplay the risks explaining that no financial data is directly managed by the devices, but evidently, its explanation doesn’t consider different attack scenarios.

“Smart meters are one of the safest and most secure pieces of technology in your home.” said Robert Cheesewright.

“Only energy data is stored on a meter and this is encrypted. Your name, address, bank account or other financial details are not stored on the meter.”

Risks associated with vulnerable smart meters were already analyzed in the past, in 2014 the security researchers, Javier Vazquez Vidal and Alberto Garcia Illera discovered that millions of Network-connected electricity meters in Spain were are susceptible to cyberattack due to lack of proper security controls.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – smart energy meters, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]