Researcher releases smart meter hacking tool

Termineter designed for researchers and penetration testers, SecureState says

Security consulting firm SecureState today released a new open source hacking tool that it claims will let security researchers and penetration testers verify the security of electric utility smart meters being installed in millions of homes around the country.

The tool, called Termineter, is available for public download from SecureState's website and will be demonstrated at the BSides security event in Las Vegas next week. The company had earlier sent out a stripped down version of the tool to a limited number of individuals.

Security consultancy InGuardians had planned to publicly release details of a similar tool called OptiGuard at the Shmoocon security conference a few months ago. The company however pulled the talk at the last minute in after a unnamed smart grid vendor and several utilities expressed concern that the tool would allow hackers to exploit vulnerable smart meters.

InGuardian is scheduled to disclose details of its tool at the Black Hat security conference also being held in Las Vegas next week.

Spencer McIntyre, a SecureState researcher said the goal in releasing Termineter publicly is to raise awareness of security issues pertaining to smart meters and to get vendors of such products to address those issues.

Power companies and utilities will be able to use Termineter to identify and validate internal flaws that make the meters vulnerable to hacking and tampering, he said.

The tool will give independent security researchers a way to probe such meters for potential access control and user authentication weaknesses, he said. "[Termineter] will give them low level access to smart meters to do security assessment of the device," regardless of the vendor of the device, McIntyre said.

Termineter supports ANSI C12.18 and ANSI C12.19 standards, and can communicate with smart meters via the infrared ports on each device. The tool will let penetration testers and researchers get direct access to the data on the meter.

Currently, Termineter modules allow testers to read and write raw data on a device in order to get it to respond in specific ways, McIntyre said. Researchers can extend Termineter's capabilities to build their own applications around it, he said.

Smart meters are a crucial component of the smart grid. The devices are designed to collect energy consumption data from homes and transmit it back to power distribution companies for billing, network and demand management purpose. The technology also lets consumer view their energy usage patterns in near real time to help them better manage home energy use.

Utility companies around the country are in the process of installing millions of smart meters in homes to better manage energy consumption, respond to demand better and eventually offer tiered rating plans based on a consumer's energy use habits.

The problem is that there are no publicly available tools for testing the security controls of these systems, McIntyre said. Poorly configured and poorly protected smart meters can allow attackers to take control of the system and manipulate the data that they collect and transmit, he said.

"They can read and modify any data, they can reset usage tables, they could change the rate type," and commit other types of fraud, he said.

Most meters provide low-level access to the device, mid-level administrative access and super-user privileged access to the device, he said. Without the proper tools there is no way that utility companies and others can verify the strength of the access control and authentication mechanisms the device maker might have put in place for controlling access, he said.

McIntyre downplayed concerns about tools such as Termineter giving malicious hackers easy access to something they can use to attack smart meters. The same sort of open source tools that were used to build Terimenter is available to anybody that wants it so there's no telling if similar tools haven't already been built by malicious attackers, he said.

The tool as it exists today also requires the attacker to have a fairly good understanding of how smart meters work. To get it to communicate with a smart meter, users need to get physical access to the device he said.

Meanwhile, according to a description of InGuardian's presentation at Black Hat next week, the company will show how criminals can gather information and authentication credentials from smart meters. The company will also show how a smart meter's IR port can be used to interact with the device.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts