Free smart metre pen test tool to be released

Powered by SC Magazine
 

Termineter presented at B-Sides.

An IT assessment firm will release an open-source framework that can be used to gauge the security of smart meters.

Cleveland-based SecureState, which is planning to demonstrate the tool, dubbed Termineter, next week at the Security B-Sides conference in Las Vegas, said the purpose of the release is to raise security awareness for smart meters.

Such devices, which can be connected to appliances and enable two-way communication between homes and the utility companies to offer more electrical efficiency and reliability, may provide entryways for malicious individuals, and result in privacy and cyber security risks.

In April, security blogger Brian Krebs, citing an FBI internal document, warned that affordable and easily obtainable tools on the web can be used to attack these devices to alter readings. Security experts also have said attackers could compromise meters to cause power disruptions.

According to SecureState, the framework provides testing functionality for meter makers as well as others to "identify and validate internal flaws that leave [the meters] susceptible to fraud and significant vulnerabilities."

According to a Pike Research report released in the second quarter of this year, in 2008, fewer than 4 percent of the world's 1.5 billion electricity meters could be considered “smart,” but now 18 percent are. This number is expected to exceed 55 percent by 2020.

"Smart meters and advanced metering infrastructure (AMI), terms often used synonymously, integrate embedded computing and two-way communications to transform meters from simple manual recording instruments into highly intelligent devices serving increasingly broad roles within the electricity infrastructure," the report said.

Smart meter security, or lack thereof, is a hot research topic these days.

One of the talks generating some excitement at next week's Black Hat conference in Las Vegas is "Looking into the Eye of the Meter" from Don Weber of security consultancy InGuardians.

Weber is expected to discuss how criminals would be able to harvest various kinds of information from smart meters. They are becoming ubiquitous, and the session will center on the insecurity of embedded devices that are being installed in front of every home and connected to a network.

Weber was scheduled to present the talk earlier this year at ShmooCon 2012 in Washington, but pulled it at the last minute in response to requests from a smart grid vendor and several utilities.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Free smart metre pen test tool to be released
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 772

Vote