The team identifies a thermostat, some home automation switches, and a PC, which includes the energy company's passwords and backed-up USB drives, Roberts says.
The attack vector
The power plant engineer's NAS network drive is full of company backups—FTP in that case is open, allowing the perps to "extract all the content."
The connected thermostat's GUI is then used for its eco-smart grid server access—whereupon the baddies hypothetically attack the power provider's network with its 30 dams and 15,000-or-so miles of electrical lines.
And all that via the oven. Roberts doesn't say what happens to the roast.
Sign up for CIO Asia eNewsletters.