It’s that most wonderful time of the year again: tool release season. With Black Hat, DEF CON and BSides Las Vegas all looming, researchers are beginning to publish the tools that they’ll be discussing during their talks at the various conferences next week. Among the more interesting releases so far is Termineter, a tool designed for testing the security of smart meters.
The tool, which is written in Python, is designed to enable security personnel to essentially do penetration test on the smart meters that have become so popular of late. Smart meters are meant to not only measure the amount of power or water being used in a home or business, but also to gather other data and then send periodic reports back to the utility company. They have been criticized in the privacy community as another tool for tracking and keeping tabs on the actions of consumers. Security researchers also have warned about potentially exploitable vulnerabilities in some of these meters.
Termineter is the work of researchers at SecureState, who say that the tool is meant to promote the need for awareness about smart meter security. It allows users to access the meters through the optical interface and gives users access to the data on the meters. The tool is available for free on Google Code right now, and Spencer McIntyre of SecureState will discuss the tool and give a live demo of Termineter at BSides Las Vegas next week.
“Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface,” the documentation for Termineter says.
The security of smart meters and utilities in general have drawn a lot of attention recently. California last year became one of the first states to issue regulations for the security of smart meters. The rules govern the security of the data on the meters as well as the privacy of it and who can access the data and for what purposes.
The problem even has drawn the attention of President Barack Obama, as well. On Friday, Obama published an op-ed in The Wall Street Journal discussing the need for better cooperation between industry and government on critical infrastructure security and urging Congress to pass a pending cybersecurity bill. In the column, Obama discussed the the threat of attacks on the country’s utilities.
“So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility’s internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted,” Obama wrote in the column.
The presentation featuring Termineter will be on July 25 at BSides Las Vegas.