Open Source Smart Meter Hacking Framework Released 74
wiredmikey writes "A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed 'Termineter,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities. Spencer McIntyre, a member of SecureState's Research and Innovation Team, is scheduled to demonstrate Termineter in a session 'How I Learned to Stop Worrying and Love the Smart Meter,' at Security B-Sides Vegas on July 25. The Termineter Framework can be downloaded here." As the recent lucky winner of a smart meter from the local gas company, I wish householder access to this data was easy and expected.
Smart enough (Score:4, Informative)
Soon, the meters will be smart enough to connect to your bank account.
Re:Not surprising. (Score:5, Informative)
Never. Our product is designed to save clients money. Basically the supply utility implements TOU tariffs and we provide data capture and analysis tools to optimize when and how they use their power. I see no moral issue with this. Besides, how is being asked to pay for your power a moral issue?
Re:Not surprising. (Score:5, Informative)
Besides, how is being asked to pay for your power a moral issue?
The moral issue is that you helped install a system that you stated very clearly is "childishly simple with little in the way of encryption or authentication" and these meters are responsible for a critical and potentially very expensive bill being sent to every person every month. Now a hacking framework is available, it is only a matter of time before smart meters will be hacked and people will get incorrect bills for far more than what they owed. It doesn't take a very good imagination to figure out even worse outcomes of having an easy to hack critical infrastructure. Someone could write a virus that could propagate through the smart meter network and then shut off power over a very wide area. When there are big power outages, sometimes people die.
So perhaps now the moral issue is a bit more clear? It is immoral to make critical infrastructure that is deliberately insecure.
Our product is designed to save clients money.
I can't imagine what utility you work for but it couldn't possibly be PG&E. The smart meters we have here are most decidedly NOT designed to save customers money. They were used as a backdoor way to implement "time of use" metering, so they can charge extra during peak hours. Many people I know with a smart meter have had their bill go up while their usage stayed the same. I often work from home so my bill went up fairly substantially. The other reason for the smart meters is that PG&E get to charge a percent markup for profit on "capital upgrades" so they decided "hey if we install a fancy expensive new meter on every single customer in the state we can make a huge extra pile of money!!!" So you can sell your "save the customer money" to a more gullible audience, but we aren't going to buy it here.
Re:Warning to those who want to try it out (Score:4, Informative)
I am not with a utility. Utilities use logs to prove stuff. The company I work for installs separate check meters. We do not read the utilities' meters. The only people who may do that (in any country as far as I am aware) are the utilities themselves. The meters belong to them. You need a check meter approved by them to audit them. That's the breaks I'm afraid. Side note: you would not believe how often 3 phase meters are wired wrong, giving false readings which look right but over or under read 10%...