We have extensive experience with penetration testing of various devices. Devices like smart meters, being rolled out in high quantities, but also other measuring instruments or even applications, like an app running on a smart phone. But how can this type of testing be a help to improve your product?
Penetration testing is all about checking the vulnerability of instruments to external attacks. It checks the presence of secure data exchange, applied crypto mechanisms and access being limited to defined entities only. It also tests the storage of security events, the possibility of security upgrades, secure access to stored data and so on. During this examination process it might be that some penetration aspects reveal unexpected behaviour of the instrument or application, identifying weaknesses. This can include possible access to internal data to unwanted users. Or, it may reveal that metering applications can be stopped with their internal data processing tasks resulting in unregistered transfer of energy/flow volumes.
Revealing possible weaknesses help to improve the product. It will lead to a more robust design, interoperable in network environments. Another great benefit of penetration testing result is that end users can be convinced by the maturity of the product they are investing in. We are noticing an increase requirement of penetration testing as a prerequisite of the procurement process within companies nowadays.
We have the capabilities of performing dedicated penetration testing. Not limited to actual devices, like smart meters, but it can also be applied to all kinds of applications.
Customer Case Enemalta
For Enemalta, the sole electricity service provider on the island of Malta we conducted penetration testing. This testing focused on an application “EMma” running on a smart phone, being used for installing and maintaining Enemalta’s smart electricity meters. The objective of the penetration testing was to determine whether unauthorised users would be able to penetrate the application and use its functions.
Karl Cilia, Divisional Manager Systems at Enemalta, comments: “The seriousness and level of detail by which NMi experts dealt with the evaluation, analysis and penetration testing of our EMma Smart Metering application, was truly impressive. NMi’s expertise and in-depth knowledge of energy distribution systems and metrology, together with their flexibility and ability to adapt to customer’s needs make them a market leader in our ever-changing industry.”