11 Comments

Summary:

For a utility that’s in the process of installing smart meters, there are probably few things more terrifying than the simulation of a smart meter worm that IOActive’s Mike Davis showed off at the annual security conference Black Hat on Thursday. During Davis’ presentation, he showed […]

blackhatlogoFor a utility that’s in the process of installing smart meters, there are probably few things more terrifying than the simulation of a smart meter worm that IOActive’s Mike Davis showed off at the annual security conference Black Hat on Thursday. During Davis’ presentation, he showed how he and his team at the security consulting firm created a simulation in which over a period of 24 hours about 15,000 out of 22,000 homes had their smart meters taken over by a worm that could render the device under the control of the worm’s designers.

Davis showed off a time-condensed version of the simulation using an overlay on Google Earth. At the beginning of the simulation there were 22,000 green pins on the image of the satellite map to signify actual plotted address in a metropolitan area; after the introduction of the smart meter worm, the majority of the pins quickly turned a shade of red, rapidly spreading from the point where the worm was introduced. The image was reminiscent of the introduction of infectious diseases and Davis said in a real world scenario the rate of the spread of the worm could be slower or faster considering a variety of technical conditions.

Davis said the reason that the he could so easily hack and spread the worm in the simulation was because there was a fundamental design flaw in the specific meter model itself, though Davis wouldn’t name any individual manufacturers. Among other things, the meter he took over didn’t have the proper data encryption and didn’t know the difference between the meter next to it in the network or a device that was intended to wirelessly upgrade its software. “The guys that built this meter had a short term view of how it would work,” Davis said.

The manufacturer used in the simulation didn’t take kindly to being told their security wasn’t up to snuff. Davis explained to the audience how when he told the manufacturer about the capabilities of the worm simulation, the first response from the meter maker was: “that’s impossible, our meters can’t spread something like that.” When Davis told them he had personally done this in his company’s security lab, the next response from the meter maker was: “how can you even access our meters,” to which Davis says he explained he bought it on eBay.

Given Davis’ research has already gotten a lot of press (and negative reactions from some in the utility and energy industry) over the past month, Davis was cautious during his presentation. Over the past couple of months he seemed to have gone through a range of emotions, from the hacker-style joy of successfully being able to take over a system (he showed a photo of him and a colleague drinking champagne at 4AM the morning he “pwned” the meter) to an admitted sensitivity over wanting to explain to the utility and energy industry that the point of his exercise was to get them to take security seriously and patch the vulnerabilities. “Nobody [in that industry] likes me,” he said at one point in response to a question about whether or not he would do more research on parts of the smart grid network that were more under control of the utilities.

But while the specific meter company didn’t respond well to Davis’ simulation, there are greater lessons for the industry. Davis explained in his presentation that once a worm started to spread in the manner of his simulation, “it’s hard to see how a vendor could react quickly enough.” The only effective response he could think of he said, was to have a kill switch that would just shut down the meter, to stop the spread. Members of the utility industry seemed to agree and queried Davis after his talk about their company’s own experiences with meter security. In addition meters should be designed to be recoverable from such an attack, and be as secure as the mechanical meters of the first generation of dumb meters, Davis said.

Davis was also concerned with what someone could do with a large amount of meters under their control and reminded the audience that he didn’t research how the worm could be used as a weapon. After the presentation members of the audience discussed how turning on and off a large amount of meters — say, 50,000 meters and 3 MW worth of electricity — could cause problems for the stability of that section of the grid.

At the end of the day the allocation of the smart grid stimulus funds has caused a rush to roll out smart meters and Davis is concerned that the speed in deployment could cause companies to be neglectful of proper security. There’s an attitude of “we’ll fix this later,” he explained. But as Davis’ worm simulation showed: no company wants the attention and financial and reputation problems, of a meter security incident.

You’re subscribed! If you like, you can update your settings

By Katie Fehrenbacher

You're subscribed! If you like, you can update your settings

  1. Smart Meter Worm Could Spread Like A Virus « SmartGrid Current Friday, July 31, 2009

    [...] Smart Meter Worm Could Spread Like A Virus Posted July 31, 2009 Filed under: Uncategorized | http://earth2tech.com/2009/07/31/smart-meter-worm-could-spread-like-a-virus/ [...]

  2. Michael Toecker Friday, July 31, 2009

    FYI: Davis’s attack and simulation assumes a completely open smart grid network, which allows application communication between smart meters. This should have been disclosed.

    In a real world implementation, applications on the smart meter would communicate to the Control Center, and no where else. This can be accomplished using many existing network technologies, and would be a valid defense in depth measure for a network this size.

    Mike Toecker
    Burns and McDonnell

  3. Whiplash. In Case You Missed the Energy Efficiency News of July 27-31, 2009 | Energy Circle Monday, August 3, 2009

    [...] flu formerly known as Swine), the last thing most of us care to hear about is a fresh virus. But Earth2Tech has unearthed a worm it thinks we ought to know about. It’s the work of IOActive and it premiered at a recent [...]

  4. Future Threat: Black hat erasatz hack attack hits homes on smart-grid » Hybrid News Monday, August 3, 2009

    [...] &#83&#111urce: eart&#1042te&#99&#104] [...]

  5. Smart Grid Blog » Blog Archive » Smart Meter Worm Could Spread Like A Virus | Earth2Tech Monday, August 3, 2009

    [...] via Smart Meter Worm Could Spread Like A Virus. [...]

  6. Future Threat: Black hat erasatz hack attack hits homes on smart-grid | AvailableGreenEnergy Monday, August 3, 2009

    [...] Source: earth2tech] [...]

  7. Future Threat: Black hat erasatz hack attack hits homes on smart-grid Tuesday, August 4, 2009

    [...] Source: earth2tech] [...]

  8. What’s the big deal of sharing the details. Attendees indicated that nothing was shown.
    Where’s the U tube

  9. Smart meters? No, dumb government « StasiNation Thursday, December 3, 2009

    [...] to put the icing on the cake, Mike Davis showed off at the annual security conference Black Hat…how he and his team at the [...]

  10. Smart Grid Problem?: Smart at the Edge, Dumb In the Middle Wednesday, February 3, 2010

    [...] in some areas or have blackouts in others. I remember at the Black Hat security convention, Mike Davis of security firm IOActive told me how turning on and off a large number of meters — say, 50,000 meters and 3 MW worth of [...]

Comments have been disabled for this post