This article was published when I just flipped through the final slides talking at “Hack in Paris” on smart meter wireless protocol issues. The combo of trainings, conference and the “nuit du hack” is held at the Disney Land Resort Paris for the 4th edition.

hip2014

Yes, Disney Land. When I arrived at the hotel I ran into a crowd of kids gathering around Goofy. Their parents ready to capture to moment of joy. When I entered my room, a Pluto greeting card spread a warm welcome from the small desk. A Bambi painting decorates the wall and the body wash has Mickey Mouse ears at its cap.

Well, as unusual it sounds, isn’t it imagination, creativity and an urge to play what the venue and hackers share? We are definitely not the average visitor and this got immediately confirmed when I showed up at breakfast where the waiter somewhat puzzled asked me: “Combien ?”. Still watching at the corner, expecting kids and wife would turn up in a second. “No, je suis tout seul”, I answered with a smile 🙂

For Comic fans definitely a must see and must stay. The venue’s magic is what really matters in life: fun and family. So do hackers love to have fun and to share knowledge with equal minded.

While we are at sharing stuff. For those who have ever looked for a security checklist for smart meters. Here it is: compass_security_smart_meter_controls_whitepaper_v1.0

That checklist built the foundation of all my research. The full paper features a lengthy introduction and analysis based on the OCTAVE Allegro Risk Assessment method in order to identify suitable controls for smart meters. For the quick reader: Skip to chapter 3.3 for the total list of 43 smart meter controls. Your feedback is highly appreciated!

And here are the links to the HIP 2014 slides, the git repos and other related work

Presentation Slides HIP 2014
Whitepaper Blackhat 2013
Google Go Sniffer & MUC (credits lukas.reschke@csnc.ch)
Python Sniffer „Scambus“
GNU Radio wM-Bus (credits neundorf@kde.org)
– Clipart credits go to http://openclipart.org

For those interested in solving puzzles and hands-on security training sign-up for a free remote hacking-lab.com account and get knee deep into our virtual pwnable lab. Hacking-lab features a wide variety of information security, penetration testing, security assessment and forensics hands-on training exercises to educate students and information security professionals. Give it a try.