Something as simple as an air conditioner could enable hackers to bring down an entire electric power grid – and it wouldn’t be that difficult for them to do it, according to a new report.
The so-called “smart grid” technology that is installed on some units could allow bad guys to use the unit – and its remote connection to the electric company — to crash the grid, according to security experts Vasilios Hioureas of Kaspersky Lab and Thomas Kinsey of Exigent Systems. Their report was recounted in Wired.
The technology at issue does not involve the Internet but instead radio waves used by the power company. The power company installs a device on an air conditioning unit, and then employs a radio frequency to “tell” the unit to shut off during peak hours, saving the homeowner money and also relieving pressure on the grid. Some companies even offer discounts to homeowners who allow the units to the installed.
The radio signal is amplified on “repeater” stations throughout the area or city.
The problem: The signals aren’t always encrypted. Hioureas and Kinsey said that the units can be easily hacked, Wired reported.
“Anyone with $50 can generate a signal that can trump a repeater [to take out a few air conditioners]; and anyone with $150 can generate that through an [amplifier] and presumably take out a whole neighborhood,” Kinsey said. “And obviously you can scale that up as much as you want to [depending on the strength of your signal].”
There are several ways that hackers could wreak havoc with the power grid through air conditioning units, Wired reported. The potential attacks include:
- Turn on all the air conditioners at once in a city so that they use so much energy that the grid gets overloaded and blows. One way in which a bad guy could do this would be to turn all the air conditioners at commercial or government buildings up to full at a time when nobody is at work, such as the weekend.
- Turn off air conditioning during a heatwave, endangering many of society’s most vulnerable members. Upwards of 15,000 mostly elderly people died during a heat wave in France in 2003 because they lacked air conditioning.
- Target individual homes or businesses. For example, turning off refrigerators or air conditioning at supermarkets or warehouses in an attempt to destroy food supplies.
“This is bad, and that’s why we need better security so that we don’t have the ability to manipulate the load,” Eric Johansson of the Swedish security firm Management Doctors told Wired. “You shouldn’t be able to do this.”
Little skill is required to implement the attack, Wired said.
“All a hacker would need is to be on the same radio frequency as the utility company, and then they could monitor and record the commands the company sends to the devices (a technique known as sniffing). From there, they could just play back those recorded commands to other devices to get them to turn on or off (a so-called ‘replay’ attack),” Wired reported.
Sadly, it looks as if almost all of the appliances and systems in the homes of Americans could become weapons against us.
What is your reaction to the latest threat against the grid? Share your thoughts in the section below: