Smart meters not so clever about privacy, researchers find
A University of South Carolina study found smart meters transmitting plain text information that could be used against home owners
IDG News Service - Researchers at the University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you're at home.
The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received.
While many gas and water AMR meters continuously listen for a query signal from a meter reading terminal and only transmit a reading when requested, the researchers found at least one type of electricity meter works on the opposite principle. It continuously sends a meter reading every 30 seconds around the clock.
"We had heard a lot about smart meters, about how great and how efficient they were," said Wenyuan Xu, an assistant professor at the University of South Carolina, speaking to IDG News Service. "We thought about privacy and wondered how secure are they meters currently in use."
It turns out, not very.
The tools were simple: a $1,000 Universal Software Radio Peripheral software-defined radio, an amplifier, and the freeware GNU Radio software, plus of course, the team's knowledge of wireless protocols and data processing.
The first job was capturing the data. The team found that the meters transmit every 30 seconds by hopping through a number of frequencies, but the cycle of frequencies chosen isn't random so the pattern can be predicted.
Then, with just a few days work, Xu and her team were able to deconstruct the proprietary protocol used by the meters thanks to documentation they found on the Internet and information freely disclosed by meter makers.
"Once we got the raw signal, we processed it, and reverse engineered it," she said.
Using an off-the-shelf antenna and amplifier, the researchers were able to capture packets from electricity meters at a distance of up to 300 meters. In the neighborhood where they tested, they were able to receive packets from 106 electric meters.
The data sent was in plain text and carried the identification number of the meter and its reading. The name of the home owner or the address aren't included, but anyone motivated enough could quickly figure out the source.
"The meter ID was printed on the front of the meter we looked at, so theoretically you could read the ID [off a target meter] and try to sniff packets," Xu said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts