What would it take for a hacker to take down a city’s power grid? Cyber security researchers have been theorizing about hackers causing blackouts for some time now, evoking images of sophisticated hackers gaining access to an entire switchboard of electric controls. Now, Wired reports, researchers are describing how hackers could infiltrate through commonplace IoT devices like water heaters and air conditioners. Hackers have improved cyber hacker software by such great lengths that it’s not just web hacking that we should worry about.

Princeton researchers developed several proof-of-concept (PoC) attacks to show precisely how a large-scale attack would play out. The PoC attacks involved attackers manipulating demand – MadIoT for short. By simultaneously turning multiple high-wattage IoT devices on and off, hackers could create a frequency instability that would imbalance the supply and demand.

Researchers theorize that it would only take a one percent bump in demand to take down the grid for a population the size of California or Canada – a bump that could easily be created by a botnet of hacked electric water heaters or air conditioners.

Meanwhile, a separate set of researchers in Israel discovered that flaws in smart irrigation systems could be exploited and used to drain municipal water supplies.

“Power grids are stable as long as supply is equal to demand,” said Princeton lead researcher Saleh Soltan. “If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want.”

Get the full story on Wired.