Security Market Segment LS
Tuesday, 24 July 2012 00:14

The latest tools for hacking Smart Meters Featured


For a category of devices intended to operate for 20 - 50 years, we sure are seeing a lot of early security problem with Smart Meters.

When it comes to guaranteeing resistance against determined, long-term intruders, most security experts will shy violently away from any substantive predictions of long-term viability. And that doesn't matter whether you're talking about hardware or software applications (how long did DES last?)

In mid 2009, iTWire spoke with Gabriel d'Eustachio, Security Consulting Lead at CSC to gain his thoughts on the state of play with Smart metering (also known as Advanced Metering Infrastructure) - this conversation happened a little after the Victorian Government had called a halt to the meter roll-out avalanche; Gabriel was speaking more generally on the overall project.

The Victorian Government has made a bold decision in this space. They have mandated the implementation of one of the most advanced systems in the world. This is a double edged proposition: this system will give Victoria a long-term edge in both energy efficiency and reliability; on the other hand, something this complex brings on incredible amounts of risk. The standards and guidelines for security and privacy are not formally defined to any detail, and the power companies are compelled to fly "seat-of-the-pants" until some standards are produced. Very interesting time to be involved in this industry.

I agree with you that consumers have a valid concern that their privacy will be respected with this new technology. Step 1 of enforcing privacy is strong security controls. In my opinion, decisions regarding privacy and consumer protections should be made prior to the implementation of this technology. I would advocate including key stakeholders (this could be facilitated by the National Smart Metering Program) and also including independent consumer and privacy advocates in the decision making process.

In the weeks before d'Eustachio spoke with iTWire, there were three presentations at BlackHat (the Las Vegas hackers' conference) dealing with how to break into Smart Meters - not bad for brand-new technology intended to survive for a generation or more.

At around the same time, iTWire reached out to the Victorian Department of Primary Industry - the department responsible for Smart Meter roll-out for their thoughts on the various security issues already announced.

iTWire: Every meter is essentially a computer; what will be done to ensure that these meters are installed untampered and also are provided with regular security updates (should later 'issues' be identified)?

Read on for DPI's response and also the latest ways to cause mischief to Smart Meters.

iTWireEvery meter is essentially a computer; what will be done to ensure that these meters are installed untampered and also are provided with regular security updates (should later 'issues' be identified)?

DPI Spokesperson: The security for the smart meters is much tighter than is typical for wireless computer networks.

Every meter is managed and remotely controlled by the electricity distribution company, significantly reducing the scope for hacking when compared to a wireless network of independent users and computers.

The smart meters will be supplied directly from the meter manufacturer and will undergo further checks and trials by the electricity distribution companies as the rollout continues.

The smart meter software is remotely configurable so that any operational or security improvements that are required can be installed in a very quick timeframe.

Although that sounds gratifying, it does still leave some gaping holes (which we will leave for the hackers to discover for themselves). Additionally, nothing of any significance has changed to render this response obsolete in the three years since it was made. Also, it's just a tad difficult to repair a hardware flaw with an over-the-wire upgrade!

The stream of such research has continued unabated, and now we see two new tools announced at BlackHat 2012; Optiguard, which is a privately developed 'testing' tool and Termineter which is styled on the Metasploit framework and is entirely open source, and available for download here.

Both tools make use of the widely implemented infra-red interface on smart meters (iTWire is thankful no such meter is installed at this abode, but this also means we can't check if ours is so equipped).

Termineter was developed by SecureState and a representative spoke with DarkReading. Spencer McIntyre noted, "Our tool is framework-extensible by the community: It's completely open source ... and you can use it for whatever purposes you will to facilitate auditing of smart meters. The idea is to provide utilities with the tools to check the risks and vulnerabilities with the smart meter equipment they provide their customers."

Authentication issues such as weak passwords and weak access controls in these devices are top of mind for power company concerns, McIntyre says. "Being able to write and read from a meter while being authenticated as an underprivileged user or to not have to authenticate at all; that could be used for fraud, which is a large concern for power companies."

A substantial number of 'smart' metering projects are being planned or rolled out around the world - here is a map showing many of them.

Over the weekend, US President Barack Obama published an OpEd piece exhorting both Government and Industry to pay more attention to protecting critical infrastructure; "So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility's internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted," the President wrote.

It's a pity (as we wrote soon after) that the Texas water incident was a non-event. iTWire spoke with the 'hacker' Pr0f who made it very clear that he penetrated the system, took screen shots and left - no damage was done; the only intention being to demonstrate that the system was wide open.

It's also a pity that in the first-ever attempt to push critical infrastructure out to the household, we have performed so very poorly.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips




Recent Comments