The “Power Grid” is a growing topic in the security industry and Advanced Metering Infrastructure (AMI) is a topic that hasn’t been discussed to its full potential. This presentation will discuss the types of vulnerabilities that have been found in Smart Meters, and give examples from real world assessments we’ve conducted. Different methods of accessing the meter will be presented such as over the optical interface and the Zigbee wireless radio. In addition, we will discuss a testing methodology we’ve developed which covers Smart Meter testing. Finally a live demonstration of the attacks that were discussed will be performed on a real Smart Meter during the presentation for the audience.
As a member of the Profiling Team, Spencer McIntyre works to discover vulnerabilities within organizations’ systems and understand underlying risks. Mr. McIntyre balances his focus between assessments and in-house tool development. During his time with SecureState, Mr. McIntyre has worked with a variety of clients across multiple industries, giving him experience in how each secures their data and the threats that they encounter. Mr. McIntyre uses his background in software development to help him to understand and exploit the underlying logic in the software he encounters. He is active in the open source community, making multiple contributions to a variety of projects such as the Metasploit Framework and Scapy.