SecureState, an information security firm, on Thursday announced the public release of Termineter, an open-source framework written in Python that allows users to assess the security of Smart Meter utility meters over the optical interface. The company is calling it the first framework designed to give authorized individuals access to manipulate and test the security of smart meters. You can check it out, as well as download it for yourself, over on Google Code.
For the uninitiated, smart meters measure the amount of power and water being used in a home or business as well as gather other data. They send periodic reports back to the utility company for analysis. Smart meters have been criticized by privacy advocates for tracking consumer actions while security researchers have warned about their potential for being exploited.
Here's the tool's official description:
Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.
SecureState says it is releasing Termineter publicly to promote security awareness for Smart Meters and to improve security overall by providing a tool that brings basic testing capabilities to the community and meter manufactures. While individual users will require general knowledge of the meter's internal workings in order to use Termineter proficiently, power companies can use the framework to identify and validate internal flaws that leave them susceptible to fraud and significant vulnerabilities.
As with any release of a hacking tool, there are two sides of the same coin (see Power Pwn: This DARPA-funded power strip will hack your network). On the one hand, Termineter should help companies find vulnerabilities and test their products. On the other hand, Termineter can also be used maliciously to modify consumer data, inflicting financial loss on one or multiple victims.