The new smart meters designed to help deliver electricity more efficiently are inviting – and vulnerable – targets for hackers, security analysts say. The Associated Press (News - Alert) reports that hackers can access the power grid “in previously impossible ways” from hacking the meters.

Last July, at the annual Black Hat security conference, IOActive’s (News - Alert) Mike Davis showed how he and his team “created a simulation in which over a period of 24 hours about 15,000 out of 22,000 homes had their smart meters taken over by a worm that could render the device under the control of the worm’s designers,” Earth2Tech reported.

Yet there are already over eight million smart meters deployed by American electric utilities alone and “nearly 60 million should be in place by 2020,” according to a list of publicly announced projects kept by The Edison Foundation, an organization focused on the electric industry, the AP reports.

And “the allocation of the smart grid stimulus funds has caused a rush to roll out smart meters,” Earth2Tech reported, noting that Davis is concerned that the speed in deployment could cause companies to be neglectful of proper security. There’s an attitude of “we’ll fix this later,” he explained.

“At the very least, the vulnerabilities open the door for attackers to jack up strangers’ power bills,” the AP says. “These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else’s power on and off.”

Joshua Wright, a senior security analyst with InGuardians, told the AP that attacks could be pulled off by stealing meters outside of a home and reprogramming them. “Or an attacker could sit near a home or business and wirelessly hack the meter from a laptop,” the AP paraphrased Wright as saying.

According to Earth2Tech, Davis said the reason that the he could so easily hack and spread the worm in the simulation was because there was a fundamental design flaw in the specific meter model itself, though Davis wouldn’t name any individual manufacturers.

Wright told the AP his firm found “egregious” errors, such as flaws in the meters and the technologies that utilities use to manage data from meters: “Even though these protocols were designed recently, they exhibit security failures we’ve known about for the past 10 years.”

There is no evidence the security flaws have been exploited, Wright says, at least to utilites’ knowledge.

As the AP explains, smart meters measure consumption in real time, and by being networked to computers in electric utilities, can signal people or their appliances to take certain actions, such as reducing power usage when electricity prices spike.

Wright found that “hackers could exploit the weakness to break into meters remotely, which would be a key step for shutting down someone’s power. Or someone could impersonate meters to the power company, to inflate victims’ bills or lower his own. A criminal could even sneak into the utilities’ computer networks to steal data or stage bigger attacks on the grid.