Smart Meters in the context of Smart Grid and AMI architecture. Security, Vulnerability and Best Practice – Part 3
The power grid, which is one of the most crucial pieces of critical infrastructure, is on top of the list of interest to various APTs (Advanced Persistent Threat – stealthy threat actor, typically nation or state-sponsored) and other threat actors. Hence the security testing of such solutions as Advanced Metering Infrastructure (AMI) and Smart Meters as well as their security solutions must be of the highest standards.
In this series of articles, SEQRED presents the topic of Smart Meter security in the wider context of the Smart Grid and the AMI architecture.
Last week, we presented the analysis of the Smart Meter itself as the possible point of entry to the grid. Today’s article covers a controlled attack on a Smart Meter and a summary of some other quite common vulnerabilities in AMI / smart metering solutions.
Part 3 – A controlled attack on a Smart Meter
Controlled attack on a Smart Meter
SEQRED research team purchased 3 different smart meters and in the first step tested them to replicate vulnerabilities found in the open-source DLMS/ COSEM stack on the physical device and the first frame that caused the memory reading in the previously tested stack has reset first of the meters tested. In the second step, in the effort to take over the meter, a dump of non-volatile memory was made, then the reverse of the firmware with an emphasis on the DLMS stack. The result was the SEQRED name displayed on the meter – the meter was taken over with little effort.
The methods described above are meant to provide a sample of diligence and thoroughness of methods and tactics that need to be applied to verify and ensure the security of advanced ISC/ OT installations operating in critical infrastructures.
Common vulnerabilities in AMI / smart metering solutions
For the sake of brevity, SEQRED decided to provide a summary of some other quite common vulnerabilities in AMI / smart metering solutions that were discovered in SEQRED’s full research: ·
- Sensitive data storage (i.e., access data and credentials to the network of the distribution system operator) in meters’ non-volatile memory without protection
- Errors in or lack of configuration of authentication mechanisms and in the authorization structure in communication devices (GSM modems, hubs, routers)
- Duplication or inappropriate cryptographic key management mechanisms on the meters·
- The multitude of security issues in mobile and web applications offered to energy consumers for contract management and consumption monitoring, i.e.:
- Sensitive data logging
- Hard-coded sensitive data (accounts, API keys)
- Incorrect implementation of SSL (possibility to carry out man-in-the-middle attacks)
- Excessive set of system permissions
- Insecure IPC mechanisms (Inter Process Communication)
Next week, we will present cybersecurity best practices for AMI infrastructure.