[Rushtalk] smart meter hacking tool

Paf Dvorak notmyname at thatswaytoomuch.info
Mon Feb 11 19:26:00 MST 2013

Researcher releases smart meter hacking tool


Termineter designed for researchers and penetration testers, SecureState says

By <http://www.computerworld.com/s/author/241/Jaikumar+Vijayan>Jaikumar Vijayan

Computerworld - Security consulting firm SecureState today released a 
new open source hacking tool that it claims will let security 
researchers and penetration testers verify the security of electric 
utility smart meters being installed in millions of homes around the country.

The tool, called Termineter, is available for public download from 
SecureState's website and will be demonstrated at the BSides security 
event in Las Vegas next week. The company had earlier sent out a 
stripped down version of the tool to a limited number of individuals.

Security consultancy InGuardians had planned to publicly release 
details of a similar tool called OptiGuard at the Shmoocon security 
conference a few months ago. The company however pulled the talk at 
the last minute in after a unnamed smart grid vendor and several 
utilities expressed concern that the tool would allow hackers to 
exploit vulnerable smart meters.

InGuardian is scheduled to 
details of its tool at the Black Hat security conference also being 
held in Las Vegas next week.

Spencer McIntyre, a SecureState researcher said the goal in releasing 
Termineter publicly is to raise awareness of security issues 
pertaining to smart meters and to get vendors of such products to 
address those issues.

Power companies and utilities will be able to use Termineter to 
identify and validate internal flaws that make the meters vulnerable 
to hacking and tampering, he said.

The tool will give independent security researchers a way to probe 
such meters for potential access control and user authentication 
weaknesses, he said. "[Termineter] will give them low level access to 
smart meters to do security assessment of the device," regardless of 
the vendor of the device, McIntyre said.

Termineter supports ANSI C12.18 and ANSI C12.19 standards, and can 
communicate with smart meters via the infrared ports on each device. 
The tool will let penetration testers and researchers get direct 
access to the data on the meter.

Currently, Termineter modules allow testers to read and write raw 
data on a device in order to get it to respond in specific ways, 
McIntyre said. Researchers can extend Termineter's capabilities to 
build their own applications around it, he said.

Smart meters are a crucial component of the smart grid. The devices 
are designed to collect energy consumption data from homes and 
transmit it back to power distribution companies for billing, network 
and demand management purpose. The technology also lets consumer view 
their energy usage patterns in near real time to help them better 
manage home energy use.

Utility companies around the country are in the process of installing 
millions of smart meters in homes to better manage energy 
consumption, respond to demand better and eventually offer tiered 
rating plans based on a consumer's energy use habits.



Paf Dvorak

<http://thatswaytoomuch.info/>notmyname at thatswaytoomuch.info  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kalos.csdco.com/pipermail/rushtalk/attachments/20130211/e69621d8/attachment-0001.html 

More information about the Rushtalk mailing list