Smart Grid Security Risks – Not So Smart Electricity Meters


You might recall we’ve discussed the security of Industrial Control Systems before, the latest ‘evolution’ is the so called Smart Grid.

Which in all honestly, doesn’t seem to be very smart at all. In basic terms they are trying to turn the power-grid into a two way communication medium so consumers homes can report back to the grid what they are using and they can be disconnected via software rather than requiring physical intervention.

The scary part is there’s no encryption and many things are done without authentication, meaning with a little reverse engineering you can probably shut down the power to anyone on the not-so-smart grid.

New electricity meters being rolled out to millions of homes and businesses are riddled with security bugs that could bring down the power grid, according to a security researcher who plans to demonstrate several attacks at a security conference next month.

The so-called smart meters for the first time provide two-way communications between electricity users and the power plants that serve them. Prodded by billions of dollars from President Obama’s economic stimulus package, utilities in Seattle, Houston, Miami, and elsewhere are racing to install them as part of a plan to make the power grid more efficient. Their counterparts throughout Europe are also spending heavily on the new technology.

There’s just one problem: The newfangled meters needed to make the smart grid work are built on buggy software that’s easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse.

An embedded hardware system that will accept new firmware without authentication and nothing is encrypted? That is a hackers playground!

I hope they consider re-architecting the whole system ASAP on a secure platform and rolling that out as a software update. This is no small matter, this is the power grid we are talking about here – lives and business can be seriously effected by someone malicious who wanted to screw up the system.

Imagine if you work out the system and get in there first installing your own firmware which won’t accept any more updates from the main Grid system.

“For an embedded platform, they’re kind of scary,” he said. “It’s really not designed from the ground up for security. Just imagine if somebody is outside your house and has the unique identifier that’s printed on your meter.”

Companies that make gear for smart grids include GE Energy, The ABB Group, Sensus Metering, Itron and Landis+Gyr

One deficiency common among many of the meters is the use of insecure programming functions, such as memcpy() and strcpy(), which are two of the most common sources of exploitable software bugs. In many cases, the devices use general purpose hardware and software that aren’t designed for highly targeted or mission critical systems.

And all paid for by the new president and his generous stimulus packages. It seems like the whole thing has been taped together with band-aids.

There’s no excuse at all for using insecure programming functions in this day and age, I mean it’s 2009 for goodness sake.

How long has C programming been around now? And the concept of security and secure programming, especially for critical infrastructure systems like this.

Source: The Register (Thanks Alan)

Posted in: Hardware Hacking, Legal Issues


Latest Posts:


Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors


4 Responses to Smart Grid Security Risks – Not So Smart Electricity Meters

  1. JibbaJabber July 14, 2009 at 7:21 pm #

    Of course, to screw with the dumb grid, all you need is a pair of boltcutters and flip a switch. :)

  2. Dan Philpott July 15, 2009 at 2:23 am #

    The Smart Grid specs are still being worked out so inferring from security problems with smart devices used now that the Smart Grid will have poor security is not entirely accurate. From what I can see there is encryption but where and how it is used depends on what part of the Smart Grid you are talking about.

    If you are motivated the information on the Smart Grid specs development is publicly available. To see the conversations made about Security during the first Smart Grid workshop (Interim Roadmap Workshop 1) you can have a look Track C: Security here:

    http://collaborate.nist.gov/twiki-sggrid/bin/view/_SmartGridInterimRoadmap/WorkshopITrackC

    The Report to NIST on the Smart Grid Interoperability Standards Roadmap is in it’s comment phase so if you have constructive criticisms and comments you may want to comment. It is available here:

    http://www.nist.gov/smartgrid/InterimSmartGridRoadmapNISTRestructure.pdf

  3. Alan July 15, 2009 at 7:27 am #

    @JibbaJabber. This is of course true, except with a dumb grid you have to be physically near your target location and not half way around the country :P No physical danger either and I wouldn’t be surprised if there is very little logging or it’d be easy to wipe one’s tracks.

  4. Alan July 15, 2009 at 10:29 am #

    @Dan. It’s good to see there is a decent plan behind what is essentially a pretty good idea. Thanks for the heads up and detailed information.

    The original article from the register was posted on the 12th of June so it’s a little outdated and prior to the release of the Road map link you posted, nonetheless it points out the fact that the vendor products which were tested are shocking to say the least.

    Hopefully those products don’t see the light of day as they need a bus load of improvements.