Energy Fraud and Orchestrated Blackouts: Issues with Wireless Metering Protocols (wM-Bus)

Presented at Black Hat USA 2013, Aug. 1, 2013, 11:45 a.m. (60 minutes).

Government requirements, new business cases, and consumer behavioral changes drive energy market players to improve the overall management of energy infrastructures.

While the energy infrastructure is steadily maintained and improved, some significant changes have been introduced to the power grids of late. Actually, the significance of the changes could be compared to the early days of the Internet where computers started to become largely interconnected. Naturally, questions arise whether a grid composed of so many interacting components can still meet today's requirements for reliability, availability, and privacy.

Nations absolutely recognize the criticality of the energy infrastructure for their economic and political stability. Therefore, various initiatives to ensure reliability and availability of their energy infrastructures are being driven at nation as well as at nation union levels. In order to contribute to the evaluation of national cyber security risks, the author decided to conduct a security analysis in the field of smart energy.

Utilities have started to introduce new field device technology - smart meters. As the name implies, smart meters do support many more use cases than any old conventional electricity meter did. Not only does the new generation of meters support fine granular remote data reading, but it also facilitates remote load control or remote software updates. Hence, to build a secure advanced metering infrastructure (AMI), communication protocols must support bi-directional data transmission and protect meter data and control commands in transit.

Therefore, analysis of smart metering protocols is of great interest. The work presented has analyzed the security of the Meter Bus (M-Bus) as specified within the relevant standards. The M-Bus is very popular in remote meter reading and has its roots in the heat metering industries. It has continuously been adopted to fit more complex applications during the past twenty years. According to a workshop note, an estimated 15 million devices were relying on the wireless version of M-Bus in 2010. It was analyzed whether smart meters using wireless M-Bus do fit the overall security and reliability needs of the grid or whether such devices might threaten the infrastructure.

The M-Bus standard has been analyzed whether it provides effective security mechanisms. It can be stated that wireless M-Bus seems to be robust against deduction of consumption behaviour from the wireless network traffic. For this reason, it is considered privacy-preserving against network traffic analysis. Unfortunately, vulnerabilities have been identified that render that fact obsolete. The findings are mainly related to confidentiality, integrity, and authentication.

Consequently, smart meters relying on wireless M-Bus and supporting remote disconnects are prone to become subject to an orchestrated remote disconnect which poses a severe risk to the grid. Further issues may lead to zero consumption detection, disclosure of consumption values, and disclosure of encryption keys.

Following that, the availability and reliability of the smart grid or at least parts of it may not be guaranteed.


Presenters:

  • Cyrill Brunschwiler - Compass Security Network Computing AG
    With more than twelve years of experience within the security scene, Cyrill has come across numerous technologies and issues. He has been extensively contributing wargame challenges and educational material to the hacking-lab.com platform in its early days. Cyrill has been providing independent advice in the fields of penetration testing, security reviews and digital forensics to customers within the industries, utilities, pharma, finance and government sectors since 2005. He has been teaching network pentesting, wireless security and application security in cooperation with the Swiss ISACA chapter to several hundred students since and volunteers now and then for security lectures at local universities and the local OWASP chapter. Cyrill has also contributed and supported (CFP board) to former Swiss Cyber Storm and Hack&Learn Conferences. Since 2011 Cyrill Brunschwiler has been working as Head of Security Assessment and Forensics at Compass Security Switzerland. His duties mainly entail project scoping, providing second opinion, employee skill development and dealing with all aspects of penetration tests, reviews and forensics. He is currently on the finishing line to gain his MSc in Information Security from the renowned Royal Holloway University of London.

Links:

Similar Presentations: