Posting in Energy
Security consulting firm SecureState has recently released a new open source hacking tool that can check smart meters for vulnerabilities.
Security consulting firm SecureState has recently released a new open source hacking tool that allows security professionals and penetration testers check meters being installed across the United States.
SecureState's new tool, "Termineter", was developed by its Research & innovation team. It is not the first example of software of this type to be developed -- but it is one of the first to be released as an open source download. The framework written in Python and is hosted on the Google Projects network.
"InGuardians initially wasn't so lucky. Researcher Don Weber was supposed to release his firm's tool earlier this year at the ShmooCon conference," reports Dark Reading. "[..] but had to put the talk and tool on hold after a vendor came forward with concerns. The company ended up providing the tool to smart grid vendors and utilities."
Both tools, InGuardians' OptiGuard and SecureState's Termineter, are to be demonstrated at Black Hat USA in Las Vegas this week. Through infrared ports, the software checks for vulnerabilities in a smart meter, as well as verifying functionality levels. Some of the vulnerabilities which are checked include weak passwords, attempts at smart meter control or fraud, and ways in which attacks can be executed.
In order to use either tool, an individual has to physically access the meter through a serial port connection which connects to an optical infrared interface.
According to a member of SecureState's Research & Innovation Team, Spencer McIntyre, the point in releasing their tool as an open source project is to give utilities more reign over testing smart meter vulnerabilities, which include password strength levels and attempted fraud. McIntyre said:
"Our tool is framework-extensible by the community: It's completely open source ... and you can use it for whatever purposes you will to facilitate auditing of smart meters.
Being able to write and read from a meter while being authenticated as an underprivileged user or to not have to authenticate at all. That could be used for fraud, which is a large concern for power companies."
Whether the release of open source tools is going to backfire is anyone's guess. Currently, SecureState's tool is available as a pubic download, whereas InGuardians has no plans to follow suit.
The overall security of smart meters has been heavily debated in the wake of roll-out installations across the world. However, it is not only concerns of smart meter hacking costing utilities millions per year which is an issue -- but also how much information concerning an energy user is tracked and stored.
Jul 22, 2012