- This new class of attack majorly focuses on home-automation hubs and stand-alone connected appliances.
- MadIoT attacks could result in cascading power failures, disrupt grid re-starts and increase the cost of operation.
Cybercriminals may soon be able to launch large-scale coordinated attacks on the power grid, without relying on the Stuxnet worm to infiltrate critical infrastructure.
Researchers at Princeton University have developed a proof-of-concept (PoC) which shows that threat actors could enslave high-wattage IoT devices such as air conditioners and heaters to manipulate the power demand of electrical grids. Such an attack could lead to local power outages or large-scale blackouts.
This new class of attack is dubbed as MadIoT (Manipulation of demand via IoT) and majorly focuses on home-automation hubs and stand-alone connected appliances.
Researchers conducted the PoC test on three different appliances. This included air conditioner, electric water heater and electric oven - all which consumed between 1000 to 5000 watts of power. They determined that a threat actor would require access to 90,000 air conditioners or 18,000 electric water heaters to disrupt the power demand in a targeted geographical area, such as the grid of Western System Coordinating Council that is used to serve most of the western United States.
The researchers highlighted that MadIoT attacks could result in frequent instability, cascading power failures, disrupt grid re-starts and increase the cost of operation. With the growing numbers of IoT devices, the chances of of MadIot attacks is also rising - a threat that researchers believe needs proper security attention.
“We believe that with universality and growth in the number of high-wattage IoT devices and smart thermostats, the probability of Mad attacks is increasing and there is an urgent need for more studies on the potential effects of these attacks and developing tools for grid protection” said the researchers in a research paper.