Princeton University security researchers have determined that a botnet composed of thousands of connected-but-hacked home appliances, such as air conditioners and water heaters, could cause massive blackouts by overwhelming the power grid with demand for electricity, according to a Wired report. The Princeton team will present its findings at the Usenix Security conference in Baltimore this week.
“We hope that our work raises awareness of the significance of these attacks to grid operators, smart appliance manufacturers, and systems security experts in order to make the power grid (and other interdependent networks) more secure against cyber attacks,” the researchers wrote in the report. “This is especially critical in the near future when more smart appliances with the ability to connect to the Internet are going to be manufactured.”
The findings turn the conventional concern about hackers and the power grid on its head. Usually, researchers worry that dedicated hackers could directly infiltrate critical infrastructure, like the power grid, turning off power and creating chaos.
The new study suggests similar results can be achieved by amping the demand for electricity. The Princeton team estimated a 1 percent bump in demand — which could be created by a botnet of a few tens of thousands of hacked water heaters or a few hundred thousand air conditioners — could take down most of a power grid designed to serve as many as 38 million people.
If such an attack were successful, hackers might find it easier to keep the power down as plant staff try to bring it back, according to Wired.
Mass blackouts can be extremely dangerous because everything from law enforcement facilities to hospitals lose electricity simultaneously. Malware, such as Crash Override, could be used to hijack electrical systems from afar by taking advantage of communication protocols for power supply infrastructure, transportation controls, and water and gas systems.
Experts warned last year that cyberattack-caused blackouts could be what future cyberwarfare looks like.
“Insecure IoT devices can have devastating consequences that go far beyond individual security/privacy losses,” the researchers wrote in the report. “This necessitates a rigorous pursuit of the security of IoT devices, including regulatory frameworks.”
“Attacking the grid using IoT devices is not as critical today as it would be in the future when high wattage appliances will become more common. This will give the grid operators a window to protect their systems against these type of attacks by operating the grid in a state that it will not be affected by such demand manipulations,” said Dr. Saleh Soltan, the lead author of the report, in an email statement. “Finding such an operating point for the grid that is also efficient is part of our current research.”
First published on Aug. 13, 2:24 p.m. PT.
Updates on Aug. 14, 1:33 p.m. PT: Adds Dr. Soltan’s statement.
Follow the Money: This is how digital cash is changing the way we save, shop and work.
CNET Magazine: Check out a sample of the stories in CNET’s newsstand edition.