Researchers Show How To Hack The Power Grid Through Home Air Conditioners
While there are many ways to hack and cause a blackout, researchers have now discovered another rather simple way to take down the power grid: by remotely controlling home and office air conditioners to create an outpour. The grid experts told WIRED that it is an attack that has the potential to be very severe.
The remote shut-off devices that utility companies during peak summer periods install on air conditioners to preserve energy are targeted by hackers. If the customers agree to install the devices, they are offered discounts by many power companies, which in turn allows the utility company to remotely turn off their air conditioner when demand for power is high and it’s hot outside.
Vasilios Hioureas of Kaspersky Lab and Thomas Kinsey of Exigent Systems, who conducted their research as part of the Securing Smart Cities initiative says that the devices can be installed on both central air conditioning systems as well as window-installed units and easily be manipulated by hackers. Yesterday, the two presented their findings at the Kaspersky Security Analyst Summit.
The manner in which the system works is that operators at regional power centers send a command via radio frequency that gets magnified through repeater stations installed throughout a city to reach the devices and shut down air conditioners. However, anybody in the neighbourhood who can release a stronger signal than the one the utility company transmits through the repeater stations can control the devices, as the systems Hioureas and Kinsey studied don’t encode that communication and do not make use of validation to stop parties or systems that are not authorized from interacting with them.
“Anyone with $50 can generate a signal that can trump a repeater [to take out a few air conditioners]; and anyone with $150 can generate that through an [amplifier] and presumably take out a whole neighborhood,” says Kinsey. “And obviously you can scale that up as much as you want to [depending on the strength of your signal].”
During a heatwave, a hacker could possibly create a serious condition for the elderly and sick by cutting air conditioners or by turning air conditioners on during peak energy periods that results in an outpour leading to a widespread blackout. Or a hacker can take advantage of the fact that unique IDs are assigned to groups of devices that singles them out, which would help in directly attack a group of specific homes or offices.
The hack could be even worse says another researcher. The attacker can create an even more widespread blackout, if the air conditioners are turned on and off repeatedly. This would in turn create imbalances and disturbances in the grid that could trip breakers away from the neighborhood they are aiming at.
Eric Johansson, founder of Management Doctors, a security firm in Sweden that specializes in SCADA says, “This is bad, and that’s why we need better security so that we don’t have the ability to manipulate the load. You shouldn’t be able to do this.”
Very little skill is required to carry out the attack against the devices. The hacker just needs to be on the same radio frequency as the utility company, and then they could observe and record the orders the company transmits to the devices through a method known as sniffing. They could just play back those recorded commands to other devices from there in order to turn them on or off (a so-called “replay” attack).
“This is the funny part, to show how ridiculously insecure it really is, you don’t have to even know anything or reverse-engineer anything and you can reproduce the result [by doing a replay attack],” says Hioureas.
To stop the power company from communicating with the devices to turn air conditioners on or off, an attacker could also just jam the RF traffic with noise and stop them from shutting down the devices during peak hours.
Since the two researchers are still in the process of reaching out to vendors, they have not identified the devices they examined. According to Kinsey, the chips used in some of them are so obsolete and limited that even if the vendors wanted to add authentication to make the devices more secure, they would have doubts if they could do it. An example of this, was one system that used a chip made in 1995.
“It doesn’t look like there’s room [to add authentication]…it looks like the hardware is not capable of doing something like that,” he says.