Benscomputer.no-ip.org
|
|
Computrend
Powergrid 902 Adaptors Security Testing 19th March 2009 Equipment
Information
Node Information
Network Information Powerline SSID - 123456789
Network Topography Linux-PC ----CAT5-E-----> BT-HomeHub ---------CAT5-E-----> Powerline-A -----Ethernet-Over-Mains ------~ ~------Ethernet-Over-Mains ------- Powerline-B <------CAT5-E------ Linux-Laptop Physical Layout For many of the tests, the Powerline Adaptors will be plugged into the same 4-Gang Mains Extension lead. Any changes to this setup will be explicitly stated in the test criterion. All other Mains powered devices will be powered from a seperate Mains Extension lead. Powergrid 902 Status Light The powergrid Status light has three modes. Red, Green and off. If the status light is off then the device is in standby mode (or not plugged in), Red means that the device is active but has not established a connection to another Powerline Adaptor. Green means that the device is active and has established a connection. Test Procedures All tests will be executed exactly as laid out in the test performa below. Each test will be assigned a status code based on an evaluation of the tests outcome when compared with the expected outcome. Any tests that are assigned the status code Inconclusive will be re-evaluated and repeated at a later date. It is expected that any Inconclusive results will require a re-assement of that test procedure. Tests
Notes Configuring the Powerline Adaptors for the tests took a lot more effort than expected/necessary. The adaptors have been disconnected from any power source since the last tests were run on the 11th of February. Whilst they successfully integrated into the network, and established comms between each other, they did not request an I.P Address from the DHCP server (in this case the BTHomeHub). They functioned as transparent devices with absolutely no noticeable presence on the network. Checking the pre-configured Static IP addresses also showed no hosts. In order to re-configure the devices it was necessary to reset the devices back to factory settings. The default factory setting appears to be to use DHCP, and to use no network identifier, or encryption key on the mains side. Once the range of these devices has been established (i.e. does the electricity meter act as a firewall?) it will provide a rough insight into how secure these devices are out of the box. Conclusions Based on the very basic tests conducted, the Powergrid 902 Adaptors appear to be reasonably secure against outside intrusion. However, no direct attempt to compromise the adaptors was made. Instead checks for errors in the basic implementation of the system were made, this level of security should at least protect users from attacks by the garden variety 'script kiddy', but does little to illustrate how effectively the system would resist attacks from a more determined or advanced intruder. The issue of using a NULL value as the default Network Identifier and Encryption key is somewhat concerning. However when the devices were received from the re-seller (in this case British Telecom) the devices did have both a network ID and an encryption key set. For this reason it is hard to project what percentage of users could be using the devices without any security set. Based on these, and previous tests it appears that the biggest risk the devices pose is when an attacker gains access to the Network to which the devices are connected. The attacker would then be able to provide a simple Denial of Service against the devices, and anything connected to the other side of the bridge. Alternatively the attacker could view the network ID and Encryption settings in order to more easily gain access at a later date. This could happen where a Wireless network is accidentally left open for a short time, or wherea worker leaves their desktop unlocked in an office setting. However regular rotation of the encryption key used on the devices could help to reduce this vector of attack. Where an attacker is able to action a DoS attack against the devices, this could cause a complete loss of traffic for a segment of the network, and is likely to be highly inconvenient depending on the network that has been compromised. However as the attackers ability to launch the DoS highlights the fact that the LAN has been compromised it should probably be considered as little more than a regrettable side effect. There may exist other vulnerabilities in the embedded software, in fact the principles of software testing state that there almost probably will be. However without access to the software it is reasonably difficult to find any new vulnerabilities. Where security is considered important, whether due to commercial sensitivity, or due to untrustworthy neighbours it is probably best to try and avoid use of these devices. Where security is at a lower level, the devices do not appear to be critically insecure. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
This page is licensed
under a Creative
Commons Attribution-NonCommercial-ShareAlike2.5
License, and are copyright to me, Ben Tasker, or their respective
owners. Unless otherwise stated. All Images
operate under a seperate license 
![[Valid RSS]](/Images/valid-rss.png "Validate my RSS feed")
