Mike Davis, a Senior Security Consultant from IOActive, will present Smart Grid Device Security today at Black Hat. The talk highlights the critical research Davis has spearheaded at IOActive over the last year, resulting in an increased industry focus on securing the Smart Grid.
The vision of the “Smart Grid” promises to combine the power of distributed computing with highly fault-tolerant data communications to deliver real-time distribution of power. Within this infrastructure, smart meters represent an important piece of the end-point distribution segment of the Smart Grid. With the stimulus package pushing for complete adoption of smart meters by utilities across the US, the promise of the Smart Grid is quickly becoming a reality.
While the benefits of the Smart Grid are undisputed, it is critical to consider the security of the infrastructure as well. In their research efforts to identify potential risks and threat vectors, Davis and a team of IOActive researchers developed proof-of-concept malicious code that self-propagated in a peer-to-peer fashion from one meter to the next. In his talk, Davis will present a simulation of this attack, showing how quickly the malicious code can propagate throughout a neighborhood, ultimately causing power disconnections and calibration modifications rendering the meters inoperable.
Davis’ research revealed that common attack techniques including buffer overflows, persistent, and non-persistent root kits could be assembled into self-propagating malicious software used to attack smart meters. These vulnerabilities could result in attacks against the Smart Grid, causing utilities to briefly lose system control of their AMI meters and expose them to fraud, extortion attempts, or widespread system interruption.
Despite the severity of his findings, Davis will discuss his optimism for the future of the Smart Grid and suggestions for developing more secure meters.