The moment the industry of cybersecurity advises about blackouts caused by hackers, people immediately think about world-class hackers making their way into the main server of the power grid. Yet, a team or researchers established the idea that a huge power grid can be brought down by just hacking a less guarded and less consolidated category of utilities such as water heaters and air conditioners.

A team of security researchers at Princeton University will present a study this week during the Usenix Security Conference. Their said study concentrates on the least regarded possibility in the world of a power grid’s cybersecurity—black hats hacking the demand side instead of the supply side. During their simulations, the team thought that if hackers controlled a botnet comprised of hacked IoT devices. Such devices could very well be IoT space heater, conditioners, and water heaters. They ran software simulations to know how many IoT devices a cyber attacker needs to hack at the same time to destabilize a power grid.

The results of their simulations all lead to a practical yet unsettling situation in which a large power network that could serve a region of 38 million residents can be taken down with just 1% increase in demand. This small bump could be brought about by just thousands of smart air conditioners or tens of thousands of IoT water heaters. As long as the demand is equal to the supply of electricity, the power grids are stable. If the hacker has a botnet of IoT-based HVAC gadgets, the hacker can change the demand in an instant.

There is an increasing demand for smart HVAC devices with smart thermostats because of their efficiency and convenience. If the hacker’s botnet is successful, the attack on the power grid will be successful. With all the vulnerable air conditioners and heaters out there, the local cyber-attacks on the main power grid will be much easier. If a hacker has more than one botnet, that hacker can easily increase or decrease the electricity demands in several areas. This could even make it more challenging to pinpoint the source of the instability.

A resident can detect the hacking of their IoT devices once the devices start to behave chaotically. Usually, the resident will just try to repair the devices or just report them to the manufacturer. This won’t be of any help at all because the disruption is directly focused on the power system.

IoT devices are at risk of getting hacked because of the connectivity they offer. Every device manufacturer should be vigilant in securing their products so that they won’t be used to corrupt power grids. If not, countries will be at high risk of experiencing power outages at the will of a clever black hat.