2 min read

MadIoT: How an IoT botnet could launch a major attack on the power grid

Graham CLULEY

August 21, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
MadIoT: How an IoT botnet could launch a major attack on the power grid

Academic researchers claim that hackers could exploit high wattage IoT appliances such as air conditioners, heaters, and cookers, to perform attacks on the power grid.

The researchers – Saleh Soltan, Prateek Mittal, and H. Vincent Poor, from Princeton University – describe in a paper presented at the 27th USENIX Security Symposium how a botnet of compromised power-consuming IoT devices could be commanded to switch on or off at the same time, abruptly increasing or decreasing power demands and create an imbalance between power supply and demand with dramatic effects:

“This imbalance instantly results in a sudden drop in the system’s frequency. If the imbalance is greater than the system’s threshold, the frequency may reach a critical value that causes generators tripping and potentially a large-scale blackout.”

What is ingenious about this attack on the power grid is that it is not the supply-side of the power grid that is being attacked, but rather the demand-side.

The researchers say that in a simulation on a small-scale power grid model they were able to demonstrate that a 30% increase in demand resulted in the tripping of all of the generators. For that attack, a malicious hacker would need access to “about 90
thousand air conditioners or 18 thousand electric water heaters within the targeted geographical area.”

The new class of attack on the power grid has been dubbed MadIoT (“Manipulation of demand via IoT”) by the researchers. What makes MadIOT different from previous attacks on the electricity grid is that it is not the power grid’s SCADA system that is being targeted, but rather the load that the grid is being put under.

Another threat is that an attacker could cause line failures by redistributing demand for power. For instance, there could be an increase in power required for appliances remotely turned on within one IP range, while a decrease in another where devices are remotely turned off.

“These attacks, in particular, can cause failures in important high capacity tie – lines that connect two neighboring independent power systems – e.g., of neighboring countries.”

The researchers recommend that power grid operators prepare now for MadIoT attacks – ensuring that infrastructure can cope with abrupt changes in loads. In addition, IoT device manufacturers are once again reminded that they should do more to treat security as a priority, testing their appliances for vulnerabilities, and taking measures to prevent potential future compromise.

As we’ve previously reported, upmarket “smart” cookers have been found vulnerable to remote compromise, opening opportunities for hackers to ruin your Sunday dinner.

If attacks like MadIoT become a reality, however, a poorly-cooked chicken will be the least of our problems.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Researchers Find Thousands of Websites that Record Everything You Type Researchers Find Thousands of Websites that Record Everything You Type
Radu CRAHMALIUC

May 16, 2022

2 min read
Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read