Free smart metre pen test tool to be released

Powered by SC Magazine

Termineter presented at B-Sides.

An IT assessment firm will release an open-source framework that can be used to gauge the security of smart meters.

Cleveland-based SecureState, which is planning to demonstrate the tool, dubbed Termineter, next week at the Security B-Sides conference in Las Vegas, said the purpose of the release is to raise security awareness for smart meters.

Such devices, which can be connected to appliances and enable two-way communication between homes and the utility companies to offer more electrical efficiency and reliability, may provide entryways for malicious individuals, and result in privacy and cyber security risks.

In April, security blogger Brian Krebs, citing an FBI internal document, warned that affordable and easily obtainable tools on the web can be used to attack these devices to alter readings. Security experts also have said attackers could compromise meters to cause power disruptions.

According to SecureState, the framework provides testing functionality for meter makers as well as others to "identify and validate internal flaws that leave [the meters] susceptible to fraud and significant vulnerabilities."

According to a Pike Research report released in the second quarter of this year, in 2008, fewer than 4 percent of the world's 1.5 billion electricity meters could be considered “smart,” but now 18 percent are. This number is expected to exceed 55 percent by 2020.

"Smart meters and advanced metering infrastructure (AMI), terms often used synonymously, integrate embedded computing and two-way communications to transform meters from simple manual recording instruments into highly intelligent devices serving increasingly broad roles within the electricity infrastructure," the report said.

Smart meter security, or lack thereof, is a hot research topic these days.

One of the talks generating some excitement at next week's Black Hat conference in Las Vegas is "Looking into the Eye of the Meter" from Don Weber of security consultancy InGuardians.

Weber is expected to discuss how criminals would be able to harvest various kinds of information from smart meters. They are becoming ubiquitous, and the session will center on the insecurity of embedded devices that are being installed in front of every home and connected to a network.

Weber was scheduled to present the talk earlier this year at ShmooCon 2012 in Washington, but pulled it at the last minute in response to requests from a smart grid vendor and several utilities.

This article originally appeared at

Copyright © SC Magazine, US edition

Free smart metre pen test tool to be released
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.