Electric utility smart meters installed in millions of homes across the United States will likely have a hard time ahead, as security consulting firm SecureState released a new open source hacking tool that can â€œauditâ€ the meter for software bugs.
Dubbed the â€œTermineterâ€, the tool can be freely downloaded from the companyâ€™s website. It’sÂ aimed at security professionals and penetration testers hired by utility companies to detect internal flaws that could allow unauthorized users into the smart meter.
The Termineter connects to the smart meter via the infrared port and can access raw data on these devices in both read and write modes. This means that, once connected to the meter, an attacker could change energy consumption data and minimize their monthly bill, among other actions.
â€œTermineter will give them low level access to smart meters to do security assessment of the device, regardless of the vendor of the deviceâ€, Spencer McIntyre, a SecureState researcher said in an interview for Computerworld.
The release of the tool is two-fold: on one hand, it will make auditing and flaw detection easier for utility companies but, on the other hand, it might facilitate unauthorized access to the system. By modifying consumption data, a hacker can inflict financial loss on the provider, but will also invalidate data related to demand.
The electricity meters are also a sensitive issue, as they are used for more than taxing and demand estimation: it allows the police to detect unusual spikes in consumption and identify households that illegally farm marijuana.
Software auditing tools have a way of turning bad when they get into the wrong hands. This was the case with the Low-Orbit Ion Canon, a server stress tool that has been used by Anonymous to attack financial institutions in 2011, or the Metasploit exploitation framework that allows cyber-criminals to devise their exploits prior to delivering them to web users.