Connect with us

Hi, what are you looking for?


Security Infrastructure

Open Source Smart Meter Hacking Framework Released

Black Hat 2012

A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters.

Black Hat 2012

A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters.

The open-source framework “Termineter” would allow authorized users, such as grid operators and administrators, to test smart meters for vulnerabilities, SecureState, a management consulting company focused on critical infrastructure, said Thursday. Malicious perpetrators can take advantage of the data collected by smart meters in various attacks, including energy consumption fraud and network hijacking, SecureState said.

There has been a lot of interest in smart meters recently, as utilities modernize their infrastructure to take advantage of the efficiency games promised by smart grids. However, power companies are worried about authentication issues such as weak passwords and weak access controls which would allow attackers to conduct fraud or cause power outages.

Power Grid Security

SecureState decided to publicly release the tool to promote security awareness for smart meters and bring basic testing capabilities to the community and meter manufacturers. Power companies can use the framework to give authorized individuals a way to manipulate and test the security of smart meters, SecureState said. The user must have physical access to the meter and know how meters work in order to use the tool.

Termineter uses the serial port connection that interacts with the meter’s optical infrared interface to give the user access to the smart meter’s inner workings.

SecureState’s Termineter’s user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities.

Spencer McIntyre, a member of SecureState’s Research and Innovation Team, is scheduled to demonstrate Termineter in a session “How I Learned to Stop Worrying and Love the Smart Meter,” at Security B-Sides Vegas on July 25.

Advertisement. Scroll to continue reading.

Another researcher, Don Weber, a senior security analyst with InGuardians, is also scheduled to talk about smart meter hacking and unveil his own testing tool on the same day as part of Black Hat Las Vegas. The tool, dubbed OptiGuard, would demonstrate how infrared ports on a smart meter can be penetrated and vulnerabilities exploited. Unlike Termineter, OptiGuard will not be open-source and contains vendor-specific information.

Much of the existing energy grid is more than 30 years old, and integrating newer segments with legacy systems have been a challenge, McAfee researchers wrote in a report examining smart grids and cyberthreats, released Wednesday. “Security has largely been an afterthought,” McAfee wrote in the report.

Industrial control systems that handle many of the functions in critical infrastructure are very different from traditional IT networks and equipment, Kim Legelis, vice-president of marketing at Industrial Defender, told SecurityWeek. Not only were control systems originally designed to be isolated from the rest of the network, they aren’t intended to be patched on a regular basis, Legelis said.

“These systems aren’t something that can be down for maintenance on Sunday evenings at 11pm,” Legelis said.

As a result, traditional security measures aren’t sufficient for critical infrastructure. In order to protect smart grids, the industry needs security products that are dedicated to these types of systems, Legelis said.

The Termineter Framework can be downloaded here.

Related Reading: Smart Grids Need to be Updated, Rebuilt With Security to Reduce Vulnerabilities

Related ReadingFun and Games Hacking German Smart Meters

Related ReadingSmart Meters Widely Considered Vulnerable to False Data Injection

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.