Free smart metre pen test tool to be released

Powered by SC Magazine
 

Termineter presented at B-Sides.

An IT assessment firm will release an open-source framework that can be used to gauge the security of smart meters.

Cleveland-based SecureState, which is planning to demonstrate the tool, dubbed Termineter, next week at the Security B-Sides conference in Las Vegas, said the purpose of the release is to raise security awareness for smart meters.

Such devices, which can be connected to appliances and enable two-way communication between homes and the utility companies to offer more electrical efficiency and reliability, may provide entryways for malicious individuals, and result in privacy and cyber security risks.

In April, security blogger Brian Krebs, citing an FBI internal document, warned that affordable and easily obtainable tools on the web can be used to attack these devices to alter readings. Security experts also have said attackers could compromise meters to cause power disruptions.

According to SecureState, the framework provides testing functionality for meter makers as well as others to "identify and validate internal flaws that leave [the meters] susceptible to fraud and significant vulnerabilities."

According to a Pike Research report released in the second quarter of this year, in 2008, fewer than 4 percent of the world's 1.5 billion electricity meters could be considered “smart,” but now 18 percent are. This number is expected to exceed 55 percent by 2020.

"Smart meters and advanced metering infrastructure (AMI), terms often used synonymously, integrate embedded computing and two-way communications to transform meters from simple manual recording instruments into highly intelligent devices serving increasingly broad roles within the electricity infrastructure," the report said.

Smart meter security, or lack thereof, is a hot research topic these days.

One of the talks generating some excitement at next week's Black Hat conference in Las Vegas is "Looking into the Eye of the Meter" from Don Weber of security consultancy InGuardians.

Weber is expected to discuss how criminals would be able to harvest various kinds of information from smart meters. They are becoming ubiquitous, and the session will center on the insecurity of embedded devices that are being installed in front of every home and connected to a network.

Weber was scheduled to present the talk earlier this year at ShmooCon 2012 in Washington, but pulled it at the last minute in response to requests from a smart grid vendor and several utilities.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Free smart metre pen test tool to be released
 
 
 
Top Stories
Slow progress in Turnbullistan
[Blog post] How has the NBN moved ahead since regime change?
 
Hacks and frauds can't dampen Bitcoin buzz
[Blog post] Enthusiasts meet in Melbourne.
 
Qantas checks in with cloud computing
Impressed with results of public cloud bake-off.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  22%
 
Application integration concerns
  3%
 
Security and compliance concerns
  30%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  25%
 
Lack of stakeholder support
  4%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 535

Vote