Energy Management Protocols (EMPs) are used in a variety of devices and environments. Their purpose is always the same: Controlling and measuring the energy consumption of connected devices. However, most EMPs are designed and implemented for embedded, non-IP environments, such as HDMI or home automation networks.
Cisco EnergyWise is a proprietary, closed-source protocol that brings EMPs to the main stream IP networks (e.g. by including EnergyWise clients in widely used notebooks and phones). The resulting broad deployment in a high number of environments, such as office networks (for example, ThinkPad notebooks include an EnergyWise Client in the default configuration) or even data centers (as power consumption is always a huge issue), leads to the potential to cause huge blackouts if EnergyWise is misconfigured or contains vulnerabilities which can be abused.
In this talk, we will describe our results on the EnergyWise architecture and protocol specification, present the reverse-engineered proprietary protocol , and show how you can hijack enerygwise domains in order to perform DoS service attacks. In addition, we will release our toolkit that implements all of the presented attacks.