#BlackHat: Supressed smart meter vulnerability tool is unleashed

Powered by SC Magazine
 

Allows for wireless access to meters.

InGuardians researcher Don Weber unveiled a previously hushed tool that utilities and meter makers can use to assess smart meters.

The framework allows for the assessment of the optical port, which is an external port that field technicians use to gather information from the smart meter and to reconfigure the devices, Weber said in a press conference following his talk at the Black Hat conference in Las Vegas.

Successfully tampering with the optical port can allow intruders to change data on the meter to obtain free or reduced energy, commit corporate espionage, access back-end resources, among other malevolent acts.

Black Hat 2012 coverage

Weber was scheduled to present the talk earlier this year at ShmooCon 2012 in Washington but pulled it at the last minute in response to requests from a smart grid vendor and several utilities.

OptiGuard, the the tool looks for data that appears irregular and determines what hacker actions might look like.

"There wasn't a lot out there that provided these capabilities," Weber said at the press conference. "[Vendors and utilities] can't have someone standing at every single meter, saying, 'Hey, don't touch that."

To develop the tool, known as OptiGuard, Weber reverse engineered the meters by dumping memory, eavesdropping on certain data and brute forcing the security code, he explained during his talk. This enabled him to conduct an assessment of the meter, but it still required him to be physically connected to the device. OptiGuard allows for wireless communication with the meter.

Weber concluded his presentation by offering utilities and meter manufacturers advice, including the need to properly protect the security codes -- which are required to use OptiGuard -- as well as enlist robust incident response and employee awareness training. 

On the back-end, he suggested securing data storage, employing configuration identity checks and obfuscating protocols.

According to a Pike Research report released in the second quarter of this year, in 2008, fewer than 4 percent of the world's 1.5 billion electricity meters could be considered “smart,” but now 18 percent are. This number is expected to exceed 55 percent by 2020.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


#BlackHat: Supressed smart meter vulnerability tool is unleashed
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1071

Vote