Smart Grid Security Risks – Not So Smart Electricity Meters

You might recall we’ve discussed the security of Industrial Control Systems before, the latest ‘evolution’ is the so called Smart Grid.

Which in all honestly, doesn’t seem to be very smart at all. In basic terms they are trying to turn the power-grid into a two way communication medium so consumers homes can report back to the grid what they are using and they can be disconnected via software rather than requiring physical intervention.

The scary part is there’s no encryption and many things are done without authentication, meaning with a little reverse engineering you can probably shut down the power to anyone on the not-so-smart grid.

New electricity meters being rolled out to millions of homes and businesses are riddled with security bugs that could bring down the power grid, according to a security researcher who plans to demonstrate several attacks at a security conference next month.

The so-called smart meters for the first time provide two-way communications between electricity users and the power plants that serve them. Prodded by billions of dollars from President Obama’s economic stimulus package, utilities in Seattle, Houston, Miami, and elsewhere are racing to install them as part of a plan to make the power grid more efficient. Their counterparts throughout Europe are also spending heavily on the new technology.

There’s just one problem: The newfangled meters needed to make the smart grid work are built on buggy software that’s easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse.

An embedded hardware system that will accept new firmware without authentication and nothing is encrypted? That is a hackers playground!

I hope they consider re-architecting the whole system ASAP on a secure platform and rolling that out as a software update. This is no small matter, this is the power grid we are talking about here – lives and business can be seriously effected by someone malicious who wanted to screw up the system.

Imagine if you work out the system and get in there first installing your own firmware which won’t accept any more updates from the main Grid system.

“For an embedded platform, they’re kind of scary,” he said. “It’s really not designed from the ground up for security. Just imagine if somebody is outside your house and has the unique identifier that’s printed on your meter.”

Companies that make gear for smart grids include GE Energy, The ABB Group, Sensus Metering, Itron and Landis+Gyr

One deficiency common among many of the meters is the use of insecure programming functions, such as memcpy() and strcpy(), which are two of the most common sources of exploitable software bugs. In many cases, the devices use general purpose hardware and software that aren’t designed for highly targeted or mission critical systems.

And all paid for by the new president and his generous stimulus packages. It seems like the whole thing has been taped together with band-aids.

There’s no excuse at all for using insecure programming functions in this day and age, I mean it’s 2009 for goodness sake.

How long has C programming been around now? And the concept of security and secure programming, especially for critical infrastructure systems like this.

Source: The Register (Thanks Alan)

Posted in: Hardware Hacking, Legal Issues

Latest Posts:

HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.

4 Responses to Smart Grid Security Risks – Not So Smart Electricity Meters

  1. JibbaJabber July 14, 2009 at 7:21 pm #

    Of course, to screw with the dumb grid, all you need is a pair of boltcutters and flip a switch. :)

  2. Dan Philpott July 15, 2009 at 2:23 am #

    The Smart Grid specs are still being worked out so inferring from security problems with smart devices used now that the Smart Grid will have poor security is not entirely accurate. From what I can see there is encryption but where and how it is used depends on what part of the Smart Grid you are talking about.

    If you are motivated the information on the Smart Grid specs development is publicly available. To see the conversations made about Security during the first Smart Grid workshop (Interim Roadmap Workshop 1) you can have a look Track C: Security here:

    The Report to NIST on the Smart Grid Interoperability Standards Roadmap is in it’s comment phase so if you have constructive criticisms and comments you may want to comment. It is available here:

  3. Alan July 15, 2009 at 7:27 am #

    @JibbaJabber. This is of course true, except with a dumb grid you have to be physically near your target location and not half way around the country :P No physical danger either and I wouldn’t be surprised if there is very little logging or it’d be easy to wipe one’s tracks.

  4. Alan July 15, 2009 at 10:29 am #

    @Dan. It’s good to see there is a decent plan behind what is essentially a pretty good idea. Thanks for the heads up and detailed information.

    The original article from the register was posted on the 12th of June so it’s a little outdated and prior to the release of the Road map link you posted, nonetheless it points out the fact that the vendor products which were tested are shocking to say the least.

    Hopefully those products don’t see the light of day as they need a bus load of improvements.