You might have read about how we’re spending billions of dollars on a new electrical “smart grid” to make electrical distribution more efficient. A critical component of this grid is a new generation of “smart meters” which can communicate with the grid to determine when electricity is relatively scarce or plentiful.
Now a report in the Register describes how a researcher from security firm IOActive will demonstrate security flaws in these meters that could bring the grid down. Mike Davis, a senior security consultant for IOActive, says that the software in the vast majority of meters uses no encryption and requires no authentication before accepting commands to perform critical operations like updating their own software. Davis will demonstrate the flaws at the Black Hat security conference next month.
Apparently our good old friends memcpy and strcpy are involved.