It claims will let security researchers and penetration testers verify the security of electric utility smart meters being installed in millions of homes around the country. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities.
Spencer McIntyre, of the SecureState Research & Innovation Team, will perform the first live public demonstration of the Termineter framework during his presentation, "How I Learned To Stop Worrying and Love the Smart Meter" at Security B-Sides Vegas on Wednesday, July 25, 3 pm at The Artisan Boutique Hotel.
The release of the tool is two-fold: on one hand, it will make auditing and flaw detection easier for utility companies but, on the other hand, it might facilitate unauthorized access to the system. By modifying consumption data, a hacker can inflict financial loss on the provider, but will also invalidate data related to demand.
The electricity meters are also a sensitive issue, as they are used for more than taxing and demand estimation: it allows the police to detect unusual spikes in consumption and identify households that illegally farm marijuana.
The Termineter Framework can be downloaded here.