A cyber security researcher will demonstrate a toolset later this week which allows users to break into so-called “smart meters” that control a structure’s access to the power grid and water utilities, potentially enabling the user to modify the reported volume of services used or even avoid being charged altogether.
Of course, that’s not what the tool is meant for, but power companies are still worried — and for good reason.
Security researcher Spencer McIntyre, with the consulting firm SecureState, wrote that “Termineter” was designed to “test smart meters for vulnerabilities such as energy consumption fraud, network hijacking, and more.” He explained that the very existence of this toolset should spur smart meter makers into improving their security, rather than simply ignoring it and letting hackers steal electricity.
“Many of these vulnerabilities have been highlighted by the media and advisories have been sent out by law enforcement agencies,” he wrote. “This is a major concern for energy companies, as SecureState is seeing an emergence of these types of vulnerabilities that can drastically affect the security landscape.”
McIntyre’s new hack will be demonstrated on Wednesday at the BSides Las Vegas hacker convention. And while stealing power sounds like common hacker fare, his toolset is actually the world’s first to be capable of breaking into a smart meter and modifying its raw data.
That work was called out just last week by President Obama himself, in a Wall Street Journal editorial published last Thursday, in which he warned that hackers could wreak havoc on American infrastructure if the country does not begin taking cyber security more seriously. That means more hackers are needed to develop more tools that help demonstrate and repair — rather than exploit — the vulnerabilities in public infrastructure.
“It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries,” President Obama wrote, officially throwing his support behind a bill called The Cybersecurity Act of 2012,
That bill would create a National Cybersecurity Council and provide ongoing, voluntary incentives to firms like power and water companies, which would have to prove they’re living up to the industry’s best possible security practices in order to receive the inventives. While it would also open up information sharing avenues between corporations and the government, the bill would prohibit military organizations like the National Security Agency from accessing that information.
Though it has been praised by some civil liberties groups for improving on prior cybersecurity legislative efforts, the Obama-supported bill would still create a massive new exception in privacy protections and a fight is still ongoing as to whether there will be safeguards in place to ensure that data is never misused.
Meanwhile, while Washington toils away at the potential politics of future wars, hackers like McIntyre continue to innovate without malice, showing the way forward to a more secure technological future without taking that advantage for themselves.
Stephen C. Webster is the senior editor of Raw Story, and is based out of Austin, Texas. He previously worked as the associate editor of The Lone Star Iconoclast in Crawford, Texas, where he covered state politics and the peace movement’s resurgence at the start of the Iraq war. Webster has also contributed to publications such as True/Slant, Austin Monthly, The Dallas Business Journal, The Dallas Morning News, Fort Worth Weekly, The News Connection and others. Follow him on Twitter at @StephenCWebster.
Raw Story is a progressive news site that focuses on stories often ignored in the mainstream media. While giving coverage to the big stories of the day, we also bring our readers' attention to policy, politics, legal and human rights stories that get ignored in an infotainment culture driven solely by pageviews.
Founded in 2004, Raw Story reaches 5 million unique readers per month and serves more than 19 million pageviews.