Researcher releases smart meter hacking tool
Termineter designed for researchers and penetration testers, SecureState says
Computerworld - Security consulting firm SecureState today released a new open source hacking tool that it claims will let security researchers and penetration testers verify the security of electric utility smart meters being installed in millions of homes around the country.
The tool, called Termineter, is available for public download from SecureState's website and will be demonstrated at the BSides security event in Las Vegas next week. The company had earlier sent out a stripped down version of the tool to a limited number of individuals.
Security consultancy InGuardians had planned to publicly release details of a similar tool called OptiGuard at the Shmoocon security conference a few months ago. The company however pulled the talk at the last minute in after a unnamed smart grid vendor and several utilities expressed concern that the tool would allow hackers to exploit vulnerable smart meters.
InGuardian is scheduled to disclose details of its tool at the Black Hat security conference also being held in Las Vegas next week.
Spencer McIntyre, a SecureState researcher said the goal in releasing Termineter publicly is to raise awareness of security issues pertaining to smart meters and to get vendors of such products to address those issues.
Power companies and utilities will be able to use Termineter to identify and validate internal flaws that make the meters vulnerable to hacking and tampering, he said.
The tool will give independent security researchers a way to probe such meters for potential access control and user authentication weaknesses, he said. "[Termineter] will give them low level access to smart meters to do security assessment of the device," regardless of the vendor of the device, McIntyre said.
Termineter supports ANSI C12.18 and ANSI C12.19 standards, and can communicate with smart meters via the infrared ports on each device. The tool will let penetration testers and researchers get direct access to the data on the meter.
Currently, Termineter modules allow testers to read and write raw data on a device in order to get it to respond in specific ways, McIntyre said. Researchers can extend Termineter's capabilities to build their own applications around it, he said.
Smart meters are a crucial component of the smart grid. The devices are designed to collect energy consumption data from homes and transmit it back to power distribution companies for billing, network and demand management purpose. The technology also lets consumer view their energy usage patterns in near real time to help them better manage home energy use.
Utility companies around the country are in the process of installing millions of smart meters in homes to better manage energy consumption, respond to demand better and eventually offer tiered rating plans based on a consumer's energy use habits.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cybercrime and Hacking White Papers |