https://goo.gl/q2BpnN
大意:
英国GCHQ(政府通讯总部:独立情报机关,层级与MI5、MI6相同)警告目前市面上超过
2700万台智慧电表有安全漏洞,骇客除了可侵入电表获取用电数据外,也可窜改用电
纪录,透过加收电费向用户取得其中差价。
也可透过电表作为入侵大门,侵入家中与电表连接之IoT设备。
科普:
智慧电表会记录使用者的特定电器使用时间、瓦数、用电量等,透过电表可熟知该使
用者之生活习惯。
In the United Kingdom, new smart energy meters that are set to be installed
in 27 million homes were found vulnerable by GCHQ.
Unsecured IoT devices are a privileged target of hackers and unfortunately,
smart energy meters belong to this category.
In the UK, new smart energy meters that are set to be installed in 27 million
homes were found vulnerable by GCHQ.
According to the intelligence agency the vulnerabilities could be exploited
by hackers to compromise the IoT devices posing a serious risk to the users.
In 2017, some energy providers in the UK, including British Gas, E.on,
Npower, Scottish Power and EDF, started testing SMETS 2 smart energy meters,
the successor of SMETS 1 meters.
The new model smart energy meters addressed several issues that affected the
8 million of SMETS 1 meters
SMETS 2 smart energy meters solved various problems that both consumers and
energy firms faced with first-generation SMETS 1 meters. Unlike the older
SMETS 1 meters, the UK, SMETS 2 could be used by energy suppliers to remotely
receive meter readings electronically.
The SMETS 2 smart energy meters were also designed to interoperate with
different suppliers, consumers can change the energy provider without needing
to change the meters.
According to a post published by the Telegraph, the GCHQ has raised concerns
over the security of the smart energy meters. Attackers hack them to steal
personal details and defraud consumers by tampering with their bills.
“Cyber security experts say that making the meters universal will make them
more attractive to hackers because the potential returns are so much greater
if they can hack every meter using the same software.” states The Telegraph.
“The cyber criminals are able to artificially inflate meter readings, making
bills higher.
They then try to intercept payments, and if they simply skim off the
difference between the real reading and the false reading, energy companies
will think the bill has been paid normally.”
The intelligence agency also warned attackers could use the devices as a “
Trojan horse” to enter in the customers’ networks.
The UK Government also fears that nation-state actors could exploit the flaws
in the energy smart meters to create a power surge that would damage the
National Grid.
Security experts also warn of BlueBorne attacks that potentially expose smart
meters to hack by leveraging Bluetooth connections.
Robert Cheesewright, of Smart Energy GB, the Government-funded agency
promoting the smart meter roll-out, tried to downplay the risks explaining
that no financial data is directly managed by the devices, but evidently, its
explanation doesn’t consider different attack scenarios.
“Smart meters are one of the safest and most secure pieces of technology in
your home.” said Robert Cheesewright.
“Only energy data is stored on a meter and this is encrypted. Your name,
address, bank account or other financial details are not stored on the meter.
”
Risks associated with vulnerable smart meters were already analyzed in the
past, in 2014 the security researchers, Javier Vazquez Vidal and Alberto
Garcia Illera discovered that millions of Network-connected electricity
meters in Spain were are susceptible to cyberattack due to lack of proper
security controls.