Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Rainer Link (Senior Threat Researcher)




    This is the third (and last) in a series of posts looking at the threats surrounding smart grids and smart meters. In the first post, we introduced smart meters, smart grids, and showed why these can pose risks. In the second post, we looked at the risks of attacks on smart meters.

    In this post, we’ll look at the risks when smart grids are attacked. Smart grids pertain to an electric grid with digital information/communication capabilities for recording information on both consumers and suppliers. What differentiates an attack on a smart grid from an attack on a smart meter? Simply put, scale: an attack on a smart grid affects many more users than an attack on an individual meter. The potential for damage is proportionately much more significant.

    However, this also means that the attack surface is different. Not only can the smart meters be attacked, but the servers at the utility that controls the smart meters can also serve as an attack vector. However, these servers can also be defended with tools used to defend against targeted attacks.

    Perhaps the most obvious smart grid attack scenario would be: extortion. An attacker would take control of the smart grid in order to disrupt the provided services. The attacker might even choose to “update” the firmware on the devices if they choose to, making the attack more difficult to completely mitigate. Either way, the goal of the attacker would be to cause disruption in the service in order to get money out of the local utility company or government. Alternately, the chaos itself may be the goal, either for political reasons or to distract local law enforcement from other crimes going on at the same time.

    One slightly more subtle attack against the smart grid would be a denial of service attack. How would the smart grid cope with corrupt data? This data can either be completely corrupt (incorrect format and content), or perhaps the corrupted data could have the correct format, but incorrect or crorrupt data. Either way, like buffer overflows on other piece of software, vulnerabilities in servers may also pose a risk to the grid as a whole.

    Figure 1. Denial of service attack targeting an entire grid
    (A screenshot from our video highlighting attack scenarios)

    An attack with less dire consequences would be meter tampering. It is very possible for smart meters to be tampered with – in fact, it’s already happened in Malta. As all the reading is “electronic”, it’s trivially easy to modify the readings of the meters. Modify the reading too much and the discrepancy becomes too obvious, but a small modification might not raise eyebrows much.

    We raise these scenarios not because we want to frighten people, but to raise awareness against them. It is possible to defend against these attacks – by designing the systems with security in mind, by ensuring that the appropriate custom defense solutions are in place, etcetera. However, these can only be put in place if people recognize that the threat does exist.

    You can read the previous blog posts on smart meters here:

    For more information on the security risks and how to secure smart devices, visit our Internet of Everything hub which contains our materials that discuss this emerging field.

     
    Posted in Internet of Everything, Vulnerabilities | Comments Off



    In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users.

    At their heart, a smart meter is simply… a computer. Let’s look at our existing computers – whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these smart meters are communicating via understood technologies: cellular connectivity, power-line networking, or the user’s own Internet connection.

    With that in mind, we have to consider the possible threats – what could happen if a smart meter is compromised? Similarly, what are the problems that could result if the connectivity of a smart meter is disrupted? Let us see.

    Perhaps the most obvious risk is simple: meter tampering. If a smart meter can be hacked, inaccurate information can be sent back to the utility, allowing an attacker to adjust the reading and resulting in an inflated bill. Let’s say, for example, that you have an argument with your neighbor. In revenge, if he can access your smart meter, you might see a rather large electric bill.

    Figure 1. Hacking a neighbor’s smart meter
    (A screenshot from our video highlighting attack scenarios)

    Of course, the bill can also change in the opposite direction. Let’s say you’re engaged in certain activities that require high levels of electricity… altcoin mining, for example. The biggest running cost for such an operation would be the electric bill. The smart meter could be hacked to have a lower reading – or, perhaps, in a location with time-varying electric rates, to make it look like the electricity was used at off-peak times?

    What are some other threats at the local, “retail” level when it comes to smart meters? Crime gangs (with smarts) may well find uses for smart meters too. Power savings are frequently promoted as a benefit of smart meter. However, power consumption is also a good way of checking if someone is in a home or not.

    Let’s say that a vulnerability made it easy for somebody other than the homeowner or the utility to see what the power usage was. (It could be as easy as a poorly-designed API, mobile app, or website.) The smart meter would then essentially become a giant “please rob me” sign for properly equipped thieves.

    Alternately, if that smart meter can be controlled remotely, you now have an excellent way to carry out extortion. Such a nice house you have there, it’d be shame if anything bad happened to its power…

    The connectivity of the smart meters can also be a security risk. Some meters use the cellular network to provide the connection to the main servers of their utility. The utility would, of course, be paying for the bills of these meters. A truly determined person could abuse this “free” phone to make calls, send text messages, even connect to the Internet.

    Alternately, the smart meter may use the same Internet connection as the home. This represents a potential risk: if somebody was able to hack the smart meter from the outside, then that attacker would have access to the house’s internal network. This would put your own internal network at risk of attack; it would be as dangerous as letting anyone connect to your home network.

    None of the above attacks are inevitable. You can build defenses against all of them. However, it is inevitable that somewhere, somehow, the defenses will fail. These attacks are possible, and we will have to figure out how to defend against them, especially once smart meters become more prevalent.

    All of the attacks I discussed above are essentially small-scale, however. What happens when you look at the security of not just individual meters, but the smart grid as a whole? That’s what we will discuss in the third post in this three-part series on smart meters and smart grids.

    You can read parts 1 and 3 of this blog series here:

    For more information on the security risks and how to secure smart devices, visit our Internet of Everything hub which contains our materials that discuss this emerging field.

     



    While wearable personal technology may be the most “public” face of the Internet of Everything, the most widespread use of it may be in smart meters.

    What is a smart meter, exactly? It’s a meter for utilities (electricity, gas, or water) that records the consumption of the utility in question, and transmits it to the utility provider via some sort of two-way communication method. (Examples of these methods include a wireless mesh network, power line networking, or a connection to the user’s own Internet service.) Unlike simple home monitors, smart meters can collect data for remote reporting to the utility.

    One smart meter in isolation has limited uses. However, if the majority of meters in an area are now “smart”, the utility is able to reap large benefits. With the added information provided by large numbers of smart meters, a utility can adjust their services as needed to improve the efficiency, reliability, costs, and sustainability of their services.

    Deployment and Usage

    Some may think that smart meters are more theoretical than anything else. However, they are already in widespread use in some countries, and it is easy to see how in the next few years they will become even more widespread.

    Let me talk about the part of the world I know – Europe. For example, the former Italian electric monopoly, Enel, has rolled out smart meters to almost all of its 36 million customers. In addition, Enel has deployed a remote management system known as Telegestore, which allows the utility to carry out actions via the smart meter that would otherwise require a physical visit. 330 million meter readings and over a million other operations were carried out remotely, making this easier for both customers and Enel. Enel also owns 92% of the Spanish utility firm Endesa, and is rolling out similar products in that market.

    Italy and Spain are not the only countries in Europe leading the way in smart meter adoption. Other countries identified by the European Union as being “dynamic movers” in smart meters include Estonia, Finland, France, Ireland, Malta, the Netherlands, Norway, Portugal, Sweden, and the United Kingdom. In these countries, regulators and utilities are both making the necessary steps to move forward with smart meter adoption.

    Technical Standards and Risks

    There are a diverse number of industry groups and protocols that are promoting smart meter technology. In part, this is a reflection of the varying ways that smart meters are deployed and used: for different applications, different technology may be needed. However, this also means that there a wide variety of technical standards used in smart meters.

    Other such niche devices – such as home automation equipment and Internet routers – have proven to have serious security risks. It’s one thing to have, say, a light switch have some sort of vulnerability. It’s another thing for utility meters and controls to have vulnerabilities. Smart meters and smart grids have not yet been fully tested and vetted for potential security risks; we have to consider the potential scenarios if these devices are proven to have flaws – as some of them inevitably well.

    The video below highlights some of these potential scenarios. In future blog posts, we will look into some of these scenarios in some detail and discuss the circumstances that can lead into these issues.

    You can read parts 2 and 3 of this blog series here:

    For more information on the security risks and how to secure smart devices, visit our Internet of Everything hub which contains our materials that discuss this emerging field.

     



    Black Hat Europe is a series of highly technical security conferences that gathers professionals, researchers, and leaders of the infosec industry. Below are some of my thoughts about the interesting discussions I attended, which include a compelling talk by Trend Micro threat researcher Kyle Wilhoit about ICS/SCADA.

    Day 1

    My colleague Kyle and I joined the first session of the full-day vehicle networks workshop. Robert Leale of www.canbushack.com gave a nice introduction to controller area network (CAN) bus and other bus systems by, in which he gave basic information on the types of networks found in modern vehicles. I went to the next talk, “Let’s Play – Applanting” by Ajit Hatti, the co-founder of “null -Open security community,” where he described an attack to silently install an app in a user’s device (this has already been fixed by Google). As it turns out, a lot of people in India use their smartphones for online banking.

    XML out-of-band data retrieval” from Alexey Osipov and Timur Yunusov, which I attended later, showed how to retrieve data from an internal machine and network using several web applications.

    Because I own a Huawei USB UMTS/4G stick, I went to the talk “Huawei – From China with Love” from Nikita Tarakanov and Oleg Kupreev. From the discussion, I gathered that the software (available for Windows and Mac) seems to be a mess, security-wise.

    One of the better conferences of the day, Tobias Jeske presented the results of his research about floating car data from smartphones, based from Google Navigation and Waze. For his research, he reversed engineered the protocols with an MiTM proxy and source code and later explained to us the several possible attacks that can be launched.

    Day 2

    The first talk for the day was “The Sandbox Roulette”, which we can summarize as “for an application sandbox (Sandboxie, Chrome, Adobe X) the weakest link is the Windows kernel. An hypervisor sandbox is more secure than an application sandbox.”

    Read the rest of this entry »

     
    Posted in Bad Sites | Comments Off



    A new wave of spammed emails with malicious attachments can be seen on the Internet. An email that promises cigarettes at very low prices comes with a password-protected archive that contains TROJ_YABE.BJ.


    Usually passwords are used to ensure the recipient gets exactly what the sender sent and to ensure nobody else accessed it. In this case everybody receives the same password, so all the security is gone. But this might trick users to believe the attachment is safe. This way of social engineering bypasses security by faking security.


    The email is send in the name of “Zigaretten GmbH” and the subject line – among others – is
    “Rauchen ist jetzt billiger ab 1 Euro”. The text just lies when it says something like: “your personal archive password is: angebot”


    We would suggest to temporarily block mails that come with an attachment named for example “Angebot.rar”, “Ausverkauf.rar” or “Preis.rar” and From display name is “Zigaretten GmbH”, if you run security solutions like IMSS. As usual, don’t open any attachments from untrusted sources or sources you simply don’t know.


     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice