44CON LONDON 2015

The use of smart meters and their associated technologies is becoming more widespread as utility providers struggle to deal with ever growing demand and scarcer resources. The European Union has deployed over 46 million smart meters to date, with an additional 119 million smart meters intended to be deployed in member countries by 2019. Likewise, in the United States of America, there are indications that the number of smart meters deployed had topped the 50 million mark in middle July, 2014.

Previous work has shown security and privacy concerns with smart metering specifically, with researchers at IOActive even developing a "Smart Grid Worm". However, this work has done little to open either smart meter research to a wider audience, or provide tools for approaching new platforms and devices.

To address this, we developed a pluggable framework and easy-to-build low-cost hardware platform for embedded device protocol analysis and manipulation. Both of which will be released under an open-source license during the talk.

Whilst smart devices have been developed for managing resources, their functionality has also been found to be applicable to other spheres, resulting in technologies (based on, or similar to smart technologies) often being found in other applications. Some smart device platforms are also used in process management applications, and even transport management systems. The resources governed by these systems are regarded as critical infrastructure by most governments. Disruption of these systems could result in significant damage to national infrastructure – or even political instability in a region targeted by attackers. In addition to smart networks, the advent of the so-called "Internet of Things", has added a plethora of new devices to home networks. Thus these technologies are responsible for securing access to both nation-state as well as residential resources, making research in this area an important concern.

Given the present and growing criticality of these devices, we embarked on a lengthy assessment of the popular LonMark platform as implemented in the Echelon Series 5000-based devices with the aim of discovering platform-wide vulnerabilities that could be used to attack devices or their backend management platforms.

However, no to very little tools exist for assessing devices making use of obscure networks or protocols. Currently, attacking smart meters, interconnected hardware and associated applications – is not as simple as firing up a web proxy and intercepting traffic, as is the case with web applications, something this talk hopes to change. In most cases, the devices communicate over mediums researchers may not be familiar with and may use custom protocols, resulting in difficulties obtaining access to network communication streams.

To counter these obstacles, I will present various mechanisms for assessing the security of obscure networks, protocols and devices. This will be performed using off-the-shelf hardware and a custom framework for conducting this type of work.

This toolset, the result of thousands of hours worth of research, will provide functionality for conducting traditional sniffing, replay and fuzzing attacks against devices making use of wired connections. Using this framework, the analyst will practically demonstrate attacks against the smart devices used during the course of this research.

Previously, we have demonstrated vulnerabilities in Z-Wave home automation and security devices at BlackHat [1], as well as building proxy frameworks for obscure protocols such as SAP DIAG that led to a significant opening up of the protocol for further research [2]. Thus, this work, while on a different platform is a natural extension of past expertise and interests.