Open Source Smart Meter Hacking Framework Released 74
wiredmikey writes "A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed 'Termineter,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities. Spencer McIntyre, a member of SecureState's Research and Innovation Team, is scheduled to demonstrate Termineter in a session 'How I Learned to Stop Worrying and Love the Smart Meter,' at Security B-Sides Vegas on July 25. The Termineter Framework can be downloaded here." As the recent lucky winner of a smart meter from the local gas company, I wish householder access to this data was easy and expected.
Comment removed (Score:5, Interesting)
Re:Hack the planet for ransom! (Score:4, Interesting)
One of the main reasons for installing smart gas meters is to not have to deal with customers like you. The meters are accurate and can be read from a distance. Meter readers who used to read 200 to 300 meters a day can now read 3000 a day, and they don't have to deal with your fences, holly bushes, mean dogs, and bad attitude.
Doesn't help me on my job because I have to physically walk over your service line and be able to touch the meter. I check for leaks, and if I can't do my job because of the bloody obstacle course you've made your yard into, then I just write it down as uncheckable and you're on your own.
Nobody is out to cheat you. The gas company gets cheated way more often than the customer does.
The problem I have with smart meters for gas & electricity isn't a worry about the utility company somehow "cheating" me.
It's a number of things.
First, it allows real-time rationing on an individual level, allowing for all kinds of possible discrimination and other shenanigans. For instance, you get identified at a protest against your utility company, a politician your utility company supports, or some piece of legislation, and then suddenly, and completely coincidentally of course, all sorts of bad things happen to your service and your billing.
Second, it also provides a pool of very granular and detailed data that I don't particularly care to to have in the hands of either the utility or the government/LEAs, especially without strict rules that we as citizens and consumers get to vote on. How about a spouse using the data in a divorce to prove another person was there? Or a LEA using that blip in usage when you pulled out that old broken toaster-oven/microwave/etc to try to fix it as evidence of criminal activity.
Third, it's another set of data points that allow a more thorough profiling of individual habits, schedules, and activities. It's data that's also sure to be stolen/hacked at some point, either directly from the meters or from the utility database. Hack the smart meter of somebody you don't like and get them raided by a paramilitary SWAT team looking for a grow operation, maybe even getting them or their family members killed.
Sorry that your job is difficult. However, I'm not about to allow myself to be put into the above scenarios just to make your job easier. Get another job if it's that bad.
Strat
Re:Not surprising. (Score:3, Interesting)
No moral issues for us. None at all. Our client's data is their own. And can and has been used to check and audit the supply authorities meters. Their data never leaves their internal networks. Our software has saved vast amounts of money for loads of users. That is why it sells.
TOU tarriffs make a lot of sense. They encourage big users to shift their load so that your house does not get cut off at peak times. Electricity generation in not the simplest thing to do. Your 30min load profile is useful for that as a total for each block from all users in your area, sure. But a central check meter can give the same info. The reason they want load profile on your small user's smart meter is to catch when you bypassed it... The meter log is proof.
Re:Warning to those who want to try it out (Score:4, Interesting)
All the meters I code software for log "incidents"..... You'll most likely get caught unless you can rewrite the log. More I can not say for legal reasons, but, that being said, it is not impossible to get around that. Mod parent up, he is correct.