European researchers will reveal major security weaknesses in smart meters that could allow an attacker to order a power blackout.
A widely deployed smart meter device can be programmed to cause a power blackout or commit power usage fraud.
Researchers Javier Vazquez Vidal and Alberto Garcia Illera will reveal this month at Black Hat Europe in Amsterdam how they reverse engineered smart meters and found blatant security weaknesses
that allowed them to commandeer the devices to shut down power or perform electricity usage fraud over the power line communications network.
The smart meter device Vazquez Vidal and Garcia Illera tested stores the same pair of symmetric AES-128 encryption keys inside every such device. An attacker who lifted these keys would be able
to send commands -- including an order to shut down power -- directly to the smart meter.
"There were very scary things we found. You can practically turn the lights off in a city or neighborhood"
The really bad news is that there's nothing smart meter customers can do to defend against an attack.