Smart Grid Security Risks – Not So Smart Electricity Meters

The New Acunetix V12 Engine

You might recall we’ve discussed the security of Industrial Control Systems before, the latest ‘evolution’ is the so called Smart Grid.

Which in all honestly, doesn’t seem to be very smart at all. In basic terms they are trying to turn the power-grid into a two way communication medium so consumers homes can report back to the grid what they are using and they can be disconnected via software rather than requiring physical intervention.

The scary part is there’s no encryption and many things are done without authentication, meaning with a little reverse engineering you can probably shut down the power to anyone on the not-so-smart grid.

New electricity meters being rolled out to millions of homes and businesses are riddled with security bugs that could bring down the power grid, according to a security researcher who plans to demonstrate several attacks at a security conference next month.

The so-called smart meters for the first time provide two-way communications between electricity users and the power plants that serve them. Prodded by billions of dollars from President Obama’s economic stimulus package, utilities in Seattle, Houston, Miami, and elsewhere are racing to install them as part of a plan to make the power grid more efficient. Their counterparts throughout Europe are also spending heavily on the new technology.

There’s just one problem: The newfangled meters needed to make the smart grid work are built on buggy software that’s easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse.

An embedded hardware system that will accept new firmware without authentication and nothing is encrypted? That is a hackers playground!

I hope they consider re-architecting the whole system ASAP on a secure platform and rolling that out as a software update. This is no small matter, this is the power grid we are talking about here – lives and business can be seriously effected by someone malicious who wanted to screw up the system.

Imagine if you work out the system and get in there first installing your own firmware which won’t accept any more updates from the main Grid system.

“For an embedded platform, they’re kind of scary,” he said. “It’s really not designed from the ground up for security. Just imagine if somebody is outside your house and has the unique identifier that’s printed on your meter.”

Companies that make gear for smart grids include GE Energy, The ABB Group, Sensus Metering, Itron and Landis+Gyr

One deficiency common among many of the meters is the use of insecure programming functions, such as memcpy() and strcpy(), which are two of the most common sources of exploitable software bugs. In many cases, the devices use general purpose hardware and software that aren’t designed for highly targeted or mission critical systems.

And all paid for by the new president and his generous stimulus packages. It seems like the whole thing has been taped together with band-aids.

There’s no excuse at all for using insecure programming functions in this day and age, I mean it’s 2009 for goodness sake.

How long has C programming been around now? And the concept of security and secure programming, especially for critical infrastructure systems like this.

Source: The Register (Thanks Alan)

Posted in: Hardware Hacking, Legal Issues

Latest Posts:

Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds. - Test SSL Security Including Ciphers, Protocols & Detect Flaws – Test SSL Security Including Ciphers, Protocols & Detect Flaws is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.

4 Responses to Smart Grid Security Risks – Not So Smart Electricity Meters

  1. JibbaJabber July 14, 2009 at 7:21 pm #

    Of course, to screw with the dumb grid, all you need is a pair of boltcutters and flip a switch. :)

  2. Dan Philpott July 15, 2009 at 2:23 am #

    The Smart Grid specs are still being worked out so inferring from security problems with smart devices used now that the Smart Grid will have poor security is not entirely accurate. From what I can see there is encryption but where and how it is used depends on what part of the Smart Grid you are talking about.

    If you are motivated the information on the Smart Grid specs development is publicly available. To see the conversations made about Security during the first Smart Grid workshop (Interim Roadmap Workshop 1) you can have a look Track C: Security here:

    The Report to NIST on the Smart Grid Interoperability Standards Roadmap is in it’s comment phase so if you have constructive criticisms and comments you may want to comment. It is available here:

  3. Alan July 15, 2009 at 7:27 am #

    @JibbaJabber. This is of course true, except with a dumb grid you have to be physically near your target location and not half way around the country :P No physical danger either and I wouldn’t be surprised if there is very little logging or it’d be easy to wipe one’s tracks.

  4. Alan July 15, 2009 at 10:29 am #

    @Dan. It’s good to see there is a decent plan behind what is essentially a pretty good idea. Thanks for the heads up and detailed information.

    The original article from the register was posted on the 12th of June so it’s a little outdated and prior to the release of the Road map link you posted, nonetheless it points out the fact that the vendor products which were tested are shocking to say the least.

    Hopefully those products don’t see the light of day as they need a bus load of improvements.