C12.22 is an ANSI protocol enabling smart meters to exchange data via TCP/IP networks. This is good news for penetration testers looking to attack meters remotely; however C12.22 implements key security features that make this a challenging task.
C12.22 is similar in functionality to C12.18 in that it allows tables to be written to and read from smart meters as well as the execution of procedures. Some of the new security features include encryption, which allows the authentication process to be encrypted. Furthermore C12.22 end points include unique identifiers which are not easily determined. The identifiers are not a static size and are commonly 10 bytes or larger once BER encoded. Many C12.22 end points will not respond to requests that do not include their unique ID, which can make communication with these devices more difficult.
SecureState has recently been adding C12.22 support to their smart meter penetration testing framework Termineter. While developing this new functionality, SecureState has discovered a couple of flaws with data collectors which support C12.22. The most concerning flaw would allow a remote attacker to create a denial of service condition and crash the data collector while knowing only the device’s AP title. SecureState has been working diligently with the device’s manufacturer to resolve the issue and more details will be made available in the following month.
[To Receive Release Notifications & Updates via E-mail Please Register HERE]
C12.22 support is one of the largest enhancements to the next major version of Termineter. The new version will also include additional modules as well as bug fixes and improvements based on feedback from the community.