Ingenuity isn’t exactly a quality you want in hackers, unless of course, they’re on your side. In a rather terrifying discovery, researchers have found an alarming vulnerability in our security system, and it’s one that can be found in most American homes and offices — the air conditioner.
Power grid failures, a topic of great consternation in movies and in real life, would pose a serious problem on a large scale, and as computer hacking and digital warfare grow more advanced, security personnel are looking into some unconventional methods by which certain breaches might occur. And the latest possibility lies in none other than your AC unit. Experts told Wired that hackers could potentially “remotely manipulate home and office air conditioners to create a surge,” with consequences that could be “very serious.”
Apparently, the danger lies in remotely controlled devices that utility companies place on AC units in order to save energy during the hottest months of the summer. Service providers often give customers financial kickbacks if they agree to the installation, which allows power companies to turn off the unit if demand for power gets too high. Unfortunately, not only can utility companies access the devices, but as it turns out, talented hackers can as well.
According to Vasilios Hioureas of Kaspersky Lab and Thomas Kinsey of Exigent Systems, who carried out a research project in conjunction with the Securing Smart Cities initiative, “operators at regional power centers send a command via radio frequency that gets amplified through repeater stations installed throughout a city to reach the devices and shut down air conditioners.” The issue arises, however, when this communication remains unencrypted with no authentication system in place, which means that there’s really no protection from unauthorized, malicious users. In short, “anyone in the vicinity who can emit a stronger signal than the one the utility company sends out through the repeater stations can manipulate the devices as well.”
“Anyone with $50 can generate a signal that can trump a repeater [to take out a few air conditioners]; and anyone with $150 can generate that through an [amplifier] and presumably take out a whole neighborhood,” Kinsey told Wired. “And obviously you can scale that up as much as you want to [depending on the strength of your signal].”
And because entire groups of devices are given unique ID codes, hackers could theoretically target certain offices, neighborhoods, or areas. Moreover, if these devices were flipped on and off continuously, it could throw the entire power grid off balance, creating even further rolling effects. Most frightening of all, perhaps, is Wired’s claim that “the attack against the devices requires little skill.” So if we don’t find a fix to this and fast, we could be in for a pretty problematic summer.