Industry News

Open Source Tool Lets You Hack into the Power Grid for “Educational Purposes”

Electric utility smart meters installed in millions of homes across the United States will likely have a hard time ahead, as security consulting firm SecureState released a new open source hacking tool that can “audit” the meter for software bugs.

Dubbed the “Termineter”, the tool can be freely downloaded from the company’s website. It’s  aimed at security professionals and penetration testers hired by utility companies to detect internal flaws that could allow unauthorized users into the smart meter.

The Termineter connects to the smart meter via the infrared port and can access raw data on these devices in both read and write modes. This means that, once connected to the meter, an attacker could change energy consumption data and minimize their monthly bill, among other actions.

“Termineter will give them low level access to smart meters to do security assessment of the device, regardless of the vendor of the device”, Spencer McIntyre, a SecureState researcher said in an interview for Computerworld.

The release of the tool is two-fold: on one hand, it will make auditing and flaw detection easier for utility companies but, on the other hand, it might facilitate unauthorized access to the system. By modifying consumption data, a hacker can inflict financial loss on the provider, but will also invalidate data related to demand.

The electricity meters are also a sensitive issue, as they are used for more than taxing and demand estimation: it allows the police to detect unusual spikes in consumption and identify households that illegally farm marijuana.

Software auditing tools have a way of turning bad when they get into the wrong hands. This was the case with the Low-Orbit Ion Canon, a server stress tool that has been used by Anonymous to attack financial institutions in 2011, or the Metasploit exploitation framework that allows cyber-criminals to devise their exploits prior to delivering them to web users.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

2 Comments

Click here to post a comment