Open Source "Smart" Power Meter hacking framework is released
Security outfit SecureState’s smart meter hacking framework, Termineter, has gone live over at Google Code."Extensible Framework" has been the security hotness for five or six years now. I've been warning about these stupid "Smart" meters for basically as long as I've been blogging. Companies rushed to get them deployed before the security framework was thought through. Welcome to Hell, Department of Energy types!
The software is described as having a structure like Metasploit, with a similar interface and ability to be extended with external modules.
Termineter isn’t up to the full doomsday-scenario “remote attack” that troubles owners of critical infrastructure who stupidly opened up their control interfaces to the Internet (so as to save themselves the cost of private networks): it gathers smart meter data over the devices’ local serial optical interfaces.
For everyone else, I think that the first use for this will be to audit your power company. This tool likely will let you get access to all sorts of meter data, so you'll be able to tell if the power company is trying to rip you off. Or if someone has pwned the power company and is messing with you.
It's the End Of The World As We Know It
A couple of folks have emailed links to this (thanks), although the security community is pretty well going bonkers over it:
Looks harmless, right. Of course it does - that's the point. But inside this friendly looking power strip is a linux computer loaded with H4X0r 'sploits, WiFi and enhanced Bluetooth radios, WiFi key cracking goodness, and a 3G cell phone for high speed pwnage even if there's no WiFi. If the Bad Guy drops one of these in your office, he can get presto-changeo reverse SSH shell access through your firewall, tunneling back through an outbound https connection.
And oh yeah, the power outlets all work, so nobody's the wiser.
This 100 proof pure distilled evil is brought to you courtesy of the good folks at DARPA, which is very, very interesting indeed. As ZDNet truthfully says, if you see one of these around the office, make sure it's supposed to be there.
Ready, fire, aim, apologize
Black Hat conference Organisers of the annual Black Hat conference have apologised after an estimated 7,500 conference delegates received a suspicious email yesterday resembling a phishing attack.Oops. Remember, if I come across as paranoid, I was trained to be that way by the finest minds in the Free World.
The dodgy email, informing entrants of a supposed password reset, was sent out after a volunteer with ITN International, the third-party firm handling on-site registrations for this week's Las Vegas conference, "pressed the wrong button" on a mail-out webform, the organisers explained.
More over the next few days.
The power strip is the size of a house brick maybe that should clue people in. Probably has made in China.
ReplyDeleteAnd yet I can't get through to people WHY I DON'T WANT A SMART METER. Dammit.
ReplyDeleteIf Termineter is a smart meter hacking tool then Hyperterminal can be used to hack the Pentagon. The protocols it uses (ANSI C12.18 and .19, also called ANSI Tables) aren't used by anybody as far as I can tell, and I work in the industry.
ReplyDeleteMy meters have minimal support for ANSI Tables because utilities like to see it on the brochure. But every time someone asks for it we ask them, "What are you going to read it with?" They never have an answer. There are software products that know a number of manufacturers' proprietary protocols, including our own, but they don't do ANSI Tables.
Besides, that serial optical port they're talking about isn't even wireless. It's just a 9600 bps serial port that uses infrared LEDs instead of RS-232. You'd need the special connector to attach to it, or cobble together something with perfboard and LEDs from Radio Shack. Either way you'll need physical access to the meter to interrogate it.
The Power Pwn! Nifty little device, I just can't believe some .mil agency would bankroll such a thing. /sarc
ReplyDeleteIf it ain't APC it ain't for me. O' course, it APC ever gets any DARPA subcontracts it might not be for me anymore (they don't do they?!?).
Good 'report' and we all now this is just the TIP of the iceberg...
ReplyDeleteDave: dress up in a uniform, and wander the neighbor hood early/mid afternoon. Access to outdoor meters no problem.
ReplyDeleteMitnick demonstrated something like that last year. His was some kind of wall wart that had some official looking badge on it, so he could plug it in and no-one would mess with it. He used it during a pentest at some government facility or another by plugging it into an external power outlet after talking his way through the front gate and being invited on a facility tour.
ReplyDeleteRuth: Agreed, for residential and commercial meters. But the big iron used to control the grid and power plants is locked up in substations. Usually.
ReplyDeleteInteresting that I've already gotten comment spam flogging security devices. Let's keep safe out there.
ReplyDeleteRuth I tried that but got arrested apparently they didn't like the maids uniform.
ReplyDeleteThat 'power-pwn' thing ... I'm not sure how successful it would be. Or rather, how long it would last.
ReplyDeleteNow I'll admit I'm a compulsive noticer-of-things. Maybe nobody else would see it. But to me, that doesn't look like a modern power strip. First, I've never seen a power strip in which every outlet has room for a wall wart without interfering with the outlet next to it. Second, this is a large dual-row unit, the kind you'd use in an office or an entertainment center, but it has no color coding, no display window, no indicator lights, no warning stickers, and no extra ports for giving protection to cable TV, phone, and who knows what else.
Any modern IT/network guy who saw that lurking under a desk and didn't have at least a tiny trace of curiosity cross the back of his mind...
I am so glad I know you people cuz I am clueless on so many of these things.
ReplyDeleteWell, keep in mind that the externals of the thing can be tweaked within certain limits. And made to resemble a product from a locally abundant manufacturer — "local" in the sense of being commonly found (hence appearing normal and ordinary) in Chinese or Pakistani internet cafes...
ReplyDeleteSeriously, this kind of black manufactured item can be used for both good (us against them) as well as bad (them against us).
I'm sure we've got ample enough craftyness to make these things ourselves (and deploy where useful for us). My worry is more the mindset that we're just so damn smart no one could pull something similar on us.
That's the kind of complacency that really hurts us.