Forgot your password?
typodupeerror
Hardware Hacking Security News Build Technology

Open Source Smart Meter Hacking Framework Released 74

Posted by timothy
from the granular-snapshots dept.
wiredmikey writes "A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed 'Termineter,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities. Spencer McIntyre, a member of SecureState's Research and Innovation Team, is scheduled to demonstrate Termineter in a session 'How I Learned to Stop Worrying and Love the Smart Meter,' at Security B-Sides Vegas on July 25. The Termineter Framework can be downloaded here." As the recent lucky winner of a smart meter from the local gas company, I wish householder access to this data was easy and expected.
This discussion has been archived. No new comments can be posted.

Open Source Smart Meter Hacking Framework Released

Comments Filter:
  • Not surprising. (Score:5, Insightful)

    by inasity_rules (1110095) on Sunday July 22, 2012 @06:28AM (#40729019) Journal

    As someone who writes drivers for various smart meters to do AMR, I am surprised it took this long. Most protocols are childishly simple with little in the way of encryption or authentication. Often the passwords are sent in plain text. Check metering might be a simpler way to secure your meters. Catch them at it rather than get into an arms race...

    • What does AMR mean in this context? Also, yah, lots of "new tech" isn't security hardened- car computers are getting more sophisticated, but still have no real authentication protocols!
      • Automatic Meter Reading.... It is actually old tech. The company I am at has been doing systems since the late 90s... Used to use PLCs to pulse count in simpler times... :)

  • Smart enough (Score:4, Informative)

    by JustOK (667959) on Sunday July 22, 2012 @07:22AM (#40729127) Journal

    Soon, the meters will be smart enough to connect to your bank account.

  • by rmdingler (1955220) on Sunday July 22, 2012 @07:53AM (#40729261)
    I witnessed an old electrician use a fragment of a standard household item to mitigate his monthly payment to the electricity provider. This was 20 years ago and obviously on a dumber meter. The new meters will not stop theft, though they will change the perp's resume` from HS dropout to 'sum book larnin'.
  • by Anonymous Coward on Sunday July 22, 2012 @07:57AM (#40729273)

    The meter is not your property and hacking it without authorization is illegal. You don't use Metasploit on other people's systems and you shouldn't use this on the utility's meter either. Buy your own meter if you want to run some experiments.

    • by inasity_rules (1110095) on Sunday July 22, 2012 @08:50AM (#40729455) Journal

      All the meters I code software for log "incidents"..... You'll most likely get caught unless you can rewrite the log. More I can not say for legal reasons, but, that being said, it is not impossible to get around that. Mod parent up, he is correct.

      • by ukemike (956477)
        Just a few posts ago you stated, "Our client's data is their own" and you seemed to imply that hacking the smart meter data to record your own usage was a good way to verify that you are being billed correctly. Now you tell us that accessing the smart meter this way is likely to get you caught. I'm a bit confused.
        • by inasity_rules (1110095) on Sunday July 22, 2012 @10:39AM (#40729931) Journal

          I am not with a utility. Utilities use logs to prove stuff. The company I work for installs separate check meters. We do not read the utilities' meters. The only people who may do that (in any country as far as I am aware) are the utilities themselves. The meters belong to them. You need a check meter approved by them to audit them. That's the breaks I'm afraid. Side note: you would not believe how often 3 phase meters are wired wrong, giving false readings which look right but over or under read 10%...

    • "The meter is not your property and hacking it without authorization is illegal."

      If you attach it to the wall of MY home, expect it to get hacked.

      Seriously. You attach something to my house that is intended for surveillance (which is in fact what it does), and then have the gall to try to call it unethical if * I * mess with it???

      Get real.

      • So, they'll put it on the pole then. But since any tampering would look like attempt to commit fraud, you'd be better off going solar and disconnecting. After all, if they are providing a service and you're unhappy with the terms, go elsewhere. If you can't, tough. Deal with it. And put your tinfoil hat back on, and wait for that stalker to go through millions of records to find your house. They're after you, you know...

        • "After all, if they are providing a service and you're unhappy with the terms, go elsewhere."

          The problem is that it's effectively a government-endorsed monopoly, and solar (in most places) is not yet cost-effective.

          "And put your tinfoil hat back on, and wait for that stalker to go through millions of records to find your house."

          It has already been well-established that there are all kinds of things a moment-to-moment analysis of a person's electrical usage can tell about them (as long as a few other pieces of information are known). I have never seen anyone seriously attempt to dispute that. Is that what you are doing?

          I did not say the power company is interested in me. We don't even have those here, but jus

          • I am not American, so I do not share your paranoia... :) as to moment to moment? Normally that is a 30min profile block. It isn't always read, as the billing registers are more efficient in terms of bandwidth. If there were a dispute (your TOU billing could be wrong if your meter clock is), they would need to be read. They might pull back instantaneous usage (though most small meters don't support that), but it would be stupid, as information from an area meter would be useful and faster. The American news?

            • "As I said, you can always get your energy elsewhere"

              And as I stated, no, you can't. In most places in the U.S., it just isn't a viable option.

              • All you are telling me is your perceived privacy is less valuable than the cost difference.

                • Repeat: it ISN'T just a matter of cost. In many places it quite literally is not a viable option.

                  In some areas not far from here, for example, solar simply isn't viable, unless you have 10 acres to spare per home, and the money to line them will cells.
                  • Wind, diesel, gas, steam? I lived for years in a failed state. We had weeklong powercuts at times. There is always an option if it is valuable enough to you. Electricity is a luxury, not a necessity. It may be a cheap luxury, but until you live an extended period without it, you probably won't understand it.

      • by PPH (736903)

        Terms of service. You want power? They put a meter on your house. They own it, you don't. Accessing it in any unauthorized manner is considered to be tampering under those TOS. You violate those TOS and you can be charged with theft of service. And they can cut your power off.

        • No shit, Sherlock. That doesn't mean I have to appreciate a device that is designed to monitor my moment-to-moment activities being attached to my house. It may be legal, but I question the ethics.
          • by Darinbob (1142669)

            They're designed to monitor hour to hour, or quarter hour usage. Big deal. They can do that with dumb meters if they waste the time to watch. Too much data and they'll be overloaded so they're not going to go for "moment to moment".

            What about other stuff? Your car can monitor where you drive, moment to moment. Take it in for service and they can theoretically figure out how you drove, safely or like a maniac, conserving fuel or wasting it, etc. Maybe even figure out when you went on vacation.

      • by Darinbob (1142669)

        Then the utility can just remove it from your home and you can figure out how to get electricity out of the ether. This is why they have easement laws and the like. Just because it is on your property does not mean it is yours. You are also not allowed to open up a cable box on your property and give the neighborhood free cable.

    • by couchslug (175151)

      "The meter is not your property and hacking it without authorization is illegal. "

      My business and political masters don't need to _respect_ laws, so I don't either. I don't have any moral obligation to them since they have none to me.

      I can choose to WEIGH the risk/benefit tradeoffs of obediance, then do what I will.

Between infinite and short there is a big difference. -- G.H. Gonnet

Working...