BALTIMORE—At USENIX Security Symposium here on Wednesday, Saleh Soltan from Princeton University's Department of Electrical Engineering presented research that showed that if Wi-Fi-based high-wattage appliances become common, they could conceivably be used to manipulate electrical demand over a wide area—potentially causing local blackouts and even cascading failures of regional electrical grids. The research by Soltan, Prateek Mittal, and H. Vincent Poor used models of real-world power grids to simulate the effects of a "MaDIoT" (Manipulation of Demand Internet of Things) attack. It found that even swings in power usage that would be within the normal range of appliances such as air conditioners, ovens, and electric heating systems connected to "smart home" systems would be enough to cause fluctuations in demand that could trigger grid failures.
These kinds of attacks—focused on home-automation hubs and stand-alone connected appliances—have not yet been seen widely. But the increasing adoption of connected appliances (with many home appliances now coming with connectivity by default) and the difficulty of applying security patches to such devices make a Mirai-style botnet of refrigerators increasingly plausible, if not likely.
Soltan and his team looked at three possible categories of potential malicious demand manipulation: