Black Hat: Smart Meters Insecure

Wednesday, July 25, 2012 @ 07:07 PM gHale


By Jacob Kitchel
Smart meter deployments suffer from insecure deployment and are vulnerable to attack through on-device optical ports, said researcher Don C. Weber of the security assessment firm InGuardians, Inc.

These vulnerabilities threaten the security and privacy of the utilities and consumers who have smart meters.

RELATED STORIES
Black Hat: Sub-GHz Wireless Within Reach
Black Hat: Air Gap Myth Buster
Black Hat: New Security Paradigm
ICS-CERT: Attacks on Rise

Weber outlined during his Wednesday presentation at Black Hat USA 2012 in Las Vegas, an approach to assessing smart meters which led to the creation of the software tool, OptiGuard, which can assess a smart meter’s security through the optical port on the front of the meter.

Smart meter optical ports have had issues. In April, there was a report the FBI published an intelligence bulletin outlining an attack on a Puerto Rico-based utility. In the attack, the FBI said, former employees of the utility utilized the optical ports to modify meters in exchange for payment.

Weber’s initial research evaluated the internal, electronic security of a smart meter to gain crucial insight into its operation. He was then able to translate that knowledge into general, flexible tools which could leverage that hard earned knowledge to communicate with smart meters from the outside. This process was important in turning the security knowledge into an attack scenario which could affect utilities and consumers.

Originally scheduled to be presented in 2011, Weber’s talk was initially pulled from another conference’s proceedings at the request of concerned vendors. Weber and his employer worked with the vendors to share his research and software to raise awareness of the smart meter security issues.

Weber plans on continuing his research and extending it to apply to the other various network interfaces present in smart meters. “As vendors and utilities being to secure their meters, we’ll work to verify that security and continue on to assess the other network capabilities present,” said Weber.



Leave a Reply

You must be logged in to post a comment.