It is feared that the new UK government household smart energy meters may present a major cybersecurity risk, GCHQ has warned the government.
The intelligence agency in the UK raised its concerns to the government that the connected devices could be leveraged by hackers to steal valuable personal data.
Possibly proving a critical spanner in the works, the meters are being installed as part of a nationwide £11 billion project that comes at a time of growing concern surrounding the security of IoT devices.
This revelation from GCHQ may slow down the implementation process, with only eight million of 27 million households signed up to be part of the initiative. The news may make people unwilling to get involved in the scheme.
James Wickes, CEO and co-founder at Cloudview, said: “It’s not the first smart device to be slammed for poor security, and it won’t be the last. Hackers are increasingly targeting poorly secured IoT devices to access supposedly private data. In the case of smart meters, cyber criminals are able to artificially inflate meter readings, making bills higher.”
“Worst case, the insecurity of these devices could lead to something more sinister – an attack on our national critical infrastructure. Poor IoT security might be just a little too tempting for a nosey nation and, for terrorists, why bother with suicide bombs if they can shut down power stations at will?”
Large-scale infrastructure attacks have already been witnessed around the world, with SCADA attacks on Ukrainian power grids standing out in terms of magnitude. In light of this some may deem it unwise to connect the entire country under the new project.
David Emm, principal security researcher, Kaspersky Lab, said: “Today’s homes include more smart devices than ever before, including smart meters. The main benefit of such connected domestic devices is convenience as they are able to send data automatically; in the case of smart meters, data on energy consumption.”
“But if smart meters are open to attack from cybercriminals, this should concern us all. Even if there are no personal financial details at stake, a criminal could falsify a bill so that a customer would be paying extra. The energy company would receive the correct payment and would be none the wiser about the surplus payment skimmed off by the criminals.”