A security researcher who has exposed a series of vulnerabilities in IoT devices says he is concerned about systemic attacks that could take down parts of the internet or national power grids
Poor security on devices making up the internet of things (IoT) could potentially enable attackers to use them to down power grids, a security researcher and penetration tester has warned.
Ken Munro, partner at Pen Test Partners, is continually testing the security of IoT devices and recently found that some types of internet-connected thermostats are vulnerable to attack.
This means an attacker could take control of these devices and potentially trigger hundreds of thousands of heating or cooling systems in the same area to come on at the same time.
“That would be an enormous drain on the power grid, and it doesn’t take much to push a power grid into an overload situation, causing shutdowns, ” he told delegates at IPExpo at Excel, London.
This could result in the need for a “black start” procedure to recover from a shutdown, but all power stations need some power to start up.
In normal conditions, this power comes from neighbouring power stations, but if all surrounding power stations have been shut down by an attacker, a total blackout could result.
“Some, but not all, power stations in the UK have a ‘black start’ power source on site to bring the power grid back up, and auxiliary power supplies of this sort are quite rare in the US,” said Munro.
For Full Story, Please click here.