World’s first open source framework allows individuals to test for vulnerabilities in Smart Meters
SecureState will be releasing Termineter, an open source tool that allows users to interact with Smart Meter utility meters over the optical interface. This is the first framework designed to give individuals access to manipulate smart meters.
The Termineter framework allows authorized individuals to test Smart Meters for vulnerabilities such as energy consumption fraud, network hijacking, and more. Many of these vulnerabilities have been highlighted by the media and advisories have been sent out by law enforcement agencies. This is a major concern for energy companies, as SecureState is seeing an emergence of these types of vulnerabilities that can drastically affect the security landscape.
The goal of a public release for this utility is to promote security awareness for Smart Meters and provide a tool that brings basic testing capabilities to the community and meter manufactures so that security can be improved. Power companies can use the framework to identify and validate internal flaws that leave them susceptible to fraud and significant vulnerabilities. Users must have general knowledge of the meter’s internal workings in order to use Termineter proficiently.
SecureState will send a private prerelease of the framework to the first 20 people who sign up on the Termineter preview page. The full open source tool will be released to the public on July 19.
The Termineter framework implements and supports the ANSI C12.18 and ANSI C12.19 standards offering basic non-vendor specific routines that allow users to interact with and view information on the device using the optical port.
Termineter gives users fine-grained control and direct access to the data on the meter. Current modules allow users to read and write raw data to tables, which in turn can be used to initiate procedures. Certain modules require passwords in order to be used. Additional modules allow higher level access to certain functionality, such as parsing useful information from the Security, Modem and Log tables.
Neither “Termineter” nor the modules contained within it carry any vendor specific information. The design of “Termineter” was largely dependent on the ANSI published standards which can be purchased by the general population.