Smart Meter Penetration Test

Make sure that improved technology doesn’t lead to diminished security.

Smart meter technology is a key component of the Advanced Metering Infrastructure (AMI) that will help the smart grid link the flow of electricity with the flow of information. However, privacy and security concerns surrounding smart meter technology arise from the meters’ essential functions, monitoring and transmitting consumer data over a network. Smart Meter Penetration Testing can determine the risk that is posed by unsupervised access of customers to the smart meters. Given that many smart meters are used in residential areas easily accessible by users, security flaws could allow them to change the data stored in the table, such as energy usage.


Regular testing of your smart meters will help identify new vulnerabilities, risks, and changes in your environment. This will also facilitate continual compliance with regulatory requirements.


SecureState’s hands-on experience testing vulnerabilities in smart meters can provide your organization with a low risk solution to dealing with your critical systems and data.

Approach and Methodology

SecureState performs a physical review of the smart meter to determine the location of access points, including serial and ethernet ports. This includes assessing the physical security controls for each device. SecureState then uses documentation provided by your organization or available publicly to identify connection methods. Using a variety of gathering techniques, all data collected will be used to benchmark system behavior and determine possible abnormalities via communication, system utilization/processing, and interfaces. Additionally SecureState will perform offsite research to gather previous research on the topic and look for public information on the system being tested. For example information could be gathered from vendor documentation, patent files and regulatory documentation.

SecureState begins penetration testing with simplistic attacks that a basic hacker or beginner would attempt. SecureState then gradually increases the sophistication of the attacks to identify a wide spectrum of vulnerabilities. Based on the connection method, SecureState may use the open source tool Termineter, which was developed internally by SecureState. Termineter uses the ANSI C12.18 standard for communication with the smart meter over the optical interface to read the C12.19 data stored on the meters. Interacting with meters over the optical interface is a very common attack vector as it does not require the meter to be removed from its mounting, making it much safer than attacking the hardware.

SecureState may also develop customized tools to assess the Smart Meters, providing our clients with the knowledge and confidence to be resilient to a potential attack. Since the testing is adaptive by nature, the procedures are unique to each environment.

SecureState is able to perform Smart Meter Penetration Tests on devices deployed in the field or in our onsite lab.

Get Started!