2 min read

Open Source Tool Lets You Hack into the Power Grid for "Educational Purposes"

Bogdan BOTEZATU

July 20, 2012

Open Source Tool Lets You Hack into the Power Grid for "Educational Purposes"

Electric utility smart meters installed in millions of homes across the United States will likely have a hard time ahead, as security consulting firm SecureState released a new open source hacking tool that can “audit” the meter for software bugs.

Dubbed the “Termineter”, the tool can be freely downloaded from the company`s website. It’s aimed at security professionals and penetration testers hired by utility companies to detect internal flaws that could allow unauthorized users into the smart meter.

The Termineter connects to the smart meter via the infrared port and can access raw data on these devices in both read and write modes. This means that, once connected to the meter, an attacker could change energy consumption data and minimize their monthly bill, among other actions.

Termineter will give them low level access to smart meters to do security assessment of the device, regardless of the vendor of the device“, Spencer McIntyre, a SecureState researcher said in an interview for Computerworld.

The release of the tool is two-fold: on one hand, it will make auditing and flaw detection easier for utility companies but, on the other hand, it might facilitate unauthorized access to the system. By modifying consumption data, a hacker can inflict financial loss on the provider, but will also invalidate data related to demand.

The electricity meters are also a sensitive issue, as they are used for more than taxing and demand estimation: it allows the police to detect unusual spikes in consumption and identify households that illegally farm marijuana.

Software auditing tools have a way of turning bad when they get into the wrong hands. This was the case with the Low-Orbit Ion Canon, a server stress tool that has been used by Anonymous to attack financial institutions in 2011, or the Metasploit exploitation framework that allows cyber-criminals to devise their exploits prior to delivering them to web users.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read