Free smart metre pen test tool to be released

Powered by SC Magazine

Termineter presented at B-Sides.

An IT assessment firm will release an open-source framework that can be used to gauge the security of smart meters.

Cleveland-based SecureState, which is planning to demonstrate the tool, dubbed Termineter, next week at the Security B-Sides conference in Las Vegas, said the purpose of the release is to raise security awareness for smart meters.

Such devices, which can be connected to appliances and enable two-way communication between homes and the utility companies to offer more electrical efficiency and reliability, may provide entryways for malicious individuals, and result in privacy and cyber security risks.

In April, security blogger Brian Krebs, citing an FBI internal document, warned that affordable and easily obtainable tools on the web can be used to attack these devices to alter readings. Security experts also have said attackers could compromise meters to cause power disruptions.

According to SecureState, the framework provides testing functionality for meter makers as well as others to "identify and validate internal flaws that leave [the meters] susceptible to fraud and significant vulnerabilities."

According to a Pike Research report released in the second quarter of this year, in 2008, fewer than 4 percent of the world's 1.5 billion electricity meters could be considered “smart,” but now 18 percent are. This number is expected to exceed 55 percent by 2020.

"Smart meters and advanced metering infrastructure (AMI), terms often used synonymously, integrate embedded computing and two-way communications to transform meters from simple manual recording instruments into highly intelligent devices serving increasingly broad roles within the electricity infrastructure," the report said.

Smart meter security, or lack thereof, is a hot research topic these days.

One of the talks generating some excitement at next week's Black Hat conference in Las Vegas is "Looking into the Eye of the Meter" from Don Weber of security consultancy InGuardians.

Weber is expected to discuss how criminals would be able to harvest various kinds of information from smart meters. They are becoming ubiquitous, and the session will center on the insecurity of embedded devices that are being installed in front of every home and connected to a network.

Weber was scheduled to present the talk earlier this year at ShmooCon 2012 in Washington, but pulled it at the last minute in response to requests from a smart grid vendor and several utilities.

This article originally appeared at

Copyright © SC Magazine, US edition

Free smart metre pen test tool to be released
Top Stories
Making a case for collaboration
[Blog post] Tap into your company’s people power.
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
Tracking the year of CIO churn
[Blog post] Who shone through in 12 months of disruption?
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats