Some Smart Meters Broadcast Readings in the Clear

← Back to Stories (view on slashdot.org)

Some Smart Meters Broadcast Readings in the Clear

Posted by Unknown on Monday November 5, 2012 @12:08PM from the find-out-who-hates-the-planet dept.

alphadogg writes "University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you're at home. The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received." Perhaps more distressing, given trends in 4th amendment interpretation, I bet the transmissions are open game for law enforcement.

101 of 138 comments (clear)

Min score:

Reason:

Sort:

Not home? by nurb432 · 2012-11-05 12:11 · Score: 4, Interesting

Or just asleep.. Or they have a low power foot print most of the time.
Cars in the driveway and no one answering the door is a more accuarate and low-tech way to do this.

--
---- Booth was a patriot ----
1. Re:Not home? by Spy+Handler · 2012-11-05 12:31 · Score: 2, Informative
  
  The tools were simple: a $1,000 Universal Software Radio Peripheral software-defined radio, an amplifier, and the freeware GNU Radio software, plus of course, the team's knowledge of wireless protocols and data processing.
  Yeah really, it's not like home burglars are gonna buy this equipment, enroll in CS/EE courses at the local university, and learn wireless protocols so they can figure out if the owner is home before they rob it.
  The submitter's distress over 4th amendment rights is equally stupid. If the spooks and cops wanna know your power usage, they can just pick up the phone and call the power company.
2. Re:Not home? by Enry · 2012-11-05 14:05 · Score: 2
  
  Because computers always cost $5000 and cracking utilities required you to know how to code.
  Technology gets cheaper, code gets written, and people who aren't as experienced have more ability to use things.
  Given my power meter is located in the corner of my house and using something a lot cheaper, like an IR camera or just the Mark I eyeball will tell you:
  If there are cars in the driveway
  If lights are on and activity in the house
  If there's anyone generating heat (someone on vacation or out will set the thermostat lower than 68 in the winter)
  There's a lot easier ways to tell if I'm home or not.
3. Re:Not home? by Dahamma · 2012-11-05 16:05 · Score: 2
  
  Thieves are stealing BMWs by cloning the key fobs after hacking the on-board computer. If there is something valuable to be had in your home, someone will be creative enough to find a way to steal it.
4. Re:Not home? by reve_etrange · 2012-11-05 16:28 · Score: 2
  
  Obviously the import is with regard to indoor cultivation of flowering plants.
  
  --
  .: Semper Absurda :.
5. Re:Not home? by TheCarp · 2012-11-05 17:50 · Score: 1
  
  Its not exactly unheard of for some geek looking for startup capital to build devices and sell them:
  http://www.cultofmac.com/82875/before-there-was-apple-we-made-blue-boxes-rare-video/
  It may be of limited usefulness, but, I wouldn't want to bet on it. You never know what someone is going to come up with, and it wouldn't be hard or even conspicuous to drive through and collect data on whole neighorhoods. I Would bet you can see who is running a lot of electronic equipment and who is growing pot in their basement....
  Just mining that data for leads could be very lucrative for a criminal.
  
  --
  "I opened my eyes, and everything went dark again"
6. Re:Not home? by BlueStrat · 2012-11-05 18:28 · Score: 1
  
  It may be of limited usefulness, but, I wouldn't want to bet on it. You never know what someone is going to come up with, and it wouldn't be hard or even conspicuous to drive through and collect data on whole neighorhoods. I Would bet you can see who is running a lot of electronic equipment and who is growing pot in their basement....
  Just mining that data for leads could be very lucrative for LEAs and TLAs in drumming up convictions to justify ever-more taxpayer money and powers to violate ever-more civil rights.
  
  FTFY
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
7. Re:Not home? by UltraZelda64 · 2012-11-05 20:00 · Score: 1
  
  Or even a quick look to see if there are any flashes on the walls of TVs that are on. You might even see that without cars in the driveway... or knocking, actually. Some people might just not answer the door after a certain time, or after it gets dark.
  Once it gets to a certain time that I expect absolutely no one to come knocking on the door, usually a cutoff time of somewhere between 10 and midnight depending on expectations, I do just that. If someone wants to come up later than that, they better have either let me know ahead of time, or call before they try knocking. There are some exceptions; I'll try sneaking to a window with a decent view and peeking outside, and if a car I recognize is parked outside then I'll grant entry. Then again, I tend to not restrain from using lights at those times, so a burgler wouldn't exactly need to sniff some meter's signal... they'd just have to take one quick glance at the house and realize that half of the windows are lit up. :)
8. Re:Not home? by Neil+Boekend · 2012-11-05 22:50 · Score: 1
  
  Yes, but that doesn't mean we have to make it easy or safe.
  
  --
  Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
9. Re:Not home? by nurb432 · 2012-11-05 23:52 · Score: 1
  
  I would do that with an X10 controller in the old days.
  
  --
  ---- Booth was a patriot ----
10. Re:Not home? by TheCarp · 2012-11-06 00:13 · Score: 1
  
  Yes but.... as the grandparent pointed out, and I agree.... they will have the data anyway, all they have to do is ask (or pay) the electric utility for the info, and it is theirs. No amount of protection at the box is going to stop that
  
  --
  "I opened my eyes, and everything went dark again"
11. Re:Not home? by AmiMoJo · 2012-11-06 00:41 · Score: 3, Informative
  
  I develop similar products for the water industry, and we actually looked at interoperability with meter reading equipment, so I know of what I speak.
  You don't really need a $1000 SDR. In fact a cheap $20 one off eBay will work, but actually all of this kit uses a small number of widely available radio chipsets (e.g. Texas 11xx range), usually on 868MHz or sometimes on one of the reserved meter reading bands. Often the protocol is wireless MBUS, sometimes it is a simple proprietary one.
  You can buy modules with amplifiers built in for $20, and then you just need a good antenna and some programming knowledge. It wouldn't be hard to develop a little device that reads the data, just like the ones the power company uses, and sell it for say $200. No skill required to use it. The only plus side is that they don't usually transmit the property address with the power consumption data, only a customer ID or something like that, so it could be hard to tell which reading belongs to which house.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
12. Re:Not home? by cl0secall · 2012-11-06 04:05 · Score: 1
  
  In the article, they describe using a directional antenna to scan an entire neighborhood from one location. In other words, this isn't novel in general as much as it is novel in that it scales to dozens or even hundreds of homes.
  
  --
  Model 551, Chambered in 6mm
13. Re:Not home? by Dahamma · 2012-11-06 08:16 · Score: 1
  
  Read the post I replied to, that was my point...
Reaching for paranoia by Sarten-X · 2012-11-05 12:16 · Score: 2, Insightful

So let me get this straight... if somebody wants to know when you're home, they're going to run out and buy a radio and learn to use it, then sniff your meter's transmissions, then analyse them for periodic components, then correlate that with known patterns... rather than just waiting to watch you leave?

--
You do not have a moral or legal right to do absolutely anything you want.
1. Re:Reaching for paranoia by Anonymous Coward · 2012-11-05 12:19 · Score: 1
  
  Or install one of these somewhere and monitor you from afar, particularly if you are a very interesting target (ie, have a lot of rich stuff that needs to be reappropriated).
2. Re:Reaching for paranoia by ThatsMyNick · 2012-11-05 12:21 · Score: 5, Insightful
  
  If someone wants to know who all houses in the neighborhood that are currently empty, yes this is the best way to do it. You can also identify which houses have no neighbors at home. I could also be very useful, if you are trying to improve your efficiency and are targeting more than one house at the same time.
3. Re:Reaching for paranoia by girlinatrainingbra · 2012-11-05 12:27 · Score: 5, Interesting
  
  In our neighborhood in La Jolla, a couple of neighbors got burgled while they were away for a month or so, even though they had stopped mail delivery, stopped newspaper delivery, had people coming by to check on the house, had put the exterior and interior lights and even the television on electrical timers so it would appear that someone was still at home... What they'd forgotten about was water usage. When they caught the crooks two months later when they tried to pawn a particularly unique piece of silver jewelry and the cops traced and jailed them was that they had a notebook of water meter readings.
  .
  One of them had put on an orange vest like a construction worker or traffic worker guy and walked the choice neighborhoods and recorded the meter readings. They came back two weeks later, and la voila, anyone whose water had not budged too much was obviously not at home flushing or showering or cooking. (I guess water sprinklers could screw it up in some places, but here we've got two meters: the sprinkler meter only gets you billed for water usage, the house water meter gets you billed for water usage and for sewer usage.)
  .
  The meter reading trick does not require wireless access. Most meters are located in a position where the meter-reader does not have to enter a backyard or gated restricted portion of the property. And seriously, has anyone ever stopped or challenged a meter-reader and said "Hey, let me see you badge, and then call someone and verify it!". I don't think so. So after all this rambling, yes I agree with you, they are reaching pretty hard and being paranoid.
4. Re:Reaching for paranoia by Sarten-X · 2012-11-05 12:29 · Score: 4, Informative
  
  Or a thief could just go jogging around the block for a while in the morning.
  Reconnaissance on a big public target like a house is trivially easy, even without exploiting new technology, but let's all go ahead and panic now that it's been brought to our attention.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
5. Re:Reaching for paranoia by tomhath · 2012-11-05 12:32 · Score: 3, Insightful
  
  More likely they would knock on the door. If someone answers they ask for somebody you never heard of. "Oh, sorry, must have the wrong address".
6. Re:Reaching for paranoia by ThatsMyNick · 2012-11-05 12:38 · Score: 3, Interesting
  
  As I said, efficiency is the key. This is way more efficient that jogging around the neighborhood. I can map an entire neighborhood with this by driving around, in a few minutes and be pretty sure that no one is at home. It would take a lot of skill to do the same, by just jogging around. I can also pick better targets using these.
  
  Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.
7. Re:Reaching for paranoia by Darinbob · 2012-11-05 12:38 · Score: 2
  
  Also note these are "first generation" devices. These are not what I would call smart, they're just smarter than the really dumb meters that used to exist. Current smart meter technology is a generator or two beyond this, and they do have security (at least as a feature if the utility decides to use it).
  For these meters you still need to be able to correlate which device you're hearing with which house it's from. The range is not so short as to make this easy. The address of the house is not included in the data but usually the device serial number is. It may not be the same serial number that's printed on the label either (if you managed to sneak into all the neighbor's yards to write them down).
  In many neighborhoods you can figure out who's home by seeing which houses have wifi acitvity and at what times. Or snoop in on the baby monitor and overhear the parents talking. Or listen in on cordless phones. Etc.
  Yes it's a bad idea to not have security, not arguing against that. Just that this is not so obvious as some people think, and very clearly is not an indictment against modern meters that have security.
8. Re:Reaching for paranoia by Anonymous Coward · 2012-11-05 12:40 · Score: 2, Funny
  
  Or they can walk around pretending to be cops, and offering tips on how to keep your house safe while you're on vacation, and oh yeah, would you like to tell us when you're out so we can keep an eye on your house?
  This works very well around Christmas, or so I'm told.
  Just be careful, you might get the one house with the Kid who has apparently gotten a master's in engineering.
9. Re:Reaching for paranoia by timeOday · 2012-11-05 12:41 · Score: 1
  
  "Pretty sure"? Is this any more reliable than just looking to see if the home is dark? (If so, how?)
10. Re:Reaching for paranoia by Darinbob · 2012-11-05 12:43 · Score: 2
  
  Smart crooks. Most just snatch and grab. Wait till they see someone drive away (especially if an elderly person) then break the back window, grab whatever they can, and run off. Those dumb ones are probably the vast majority of all burglaries.
11. Re:Reaching for paranoia by AK+Marc · 2012-11-05 12:45 · Score: 3, Interesting
  
  That'll be seen as suspicious and get them reported. Better is to carry a clipboard and offer to sell them insurance or try to save them. Though, around here, carying a box of chocolates and trying to sell chocolates for his son's school fundraiser would probably be best. Nobody would remember you, but the "Hi, uh, is Bob here?" guy will get remembered, and may warrant a "suspicious person"'s call to the police.
  
  --
  Learn to love Alaska
12. Re:Reaching for paranoia by ThatsMyNick · 2012-11-05 12:46 · Score: 1
  
  This can be done during the day, when most neighbors are at work. Also this is more efficient, it allows robbers to target more houses that it was possible before.
13. Re:Reaching for paranoia by Jah-Wren+Ryel · 2012-11-05 12:59 · Score: 2
  
  Or a thief could just go jogging around the block for a while in the morning.
  That doesn't tell you who is on vacation. Nor does it tell you anything if the people have their garage doors closed. Drop a sniffer somewhere unobtrusive for a week and you'll know about every house on the block without risk of people noticing a stranger casing the neighborhood either.
  
  --
  When information is power, privacy is freedom.
14. Re:Reaching for paranoia by CastrTroy · 2012-11-05 12:59 · Score: 1
  
  Water meters in my area only have the actual numerical reading on the inside of the house. The person reading the meters comes around with a specialized reader and hooks it up to a port at the front of your house. I guess it makes it a little harder for people to read the meters with specialized equipment. They recently switched to an IR system for reading the meters so that they can read them just driving down the street. I wonder if they are encrypted. I would guess not. Crooks will always find a way though. Most of the smart ones will case out the houses to ensure they have a better chance of the owners not being home.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
15. Re:Reaching for paranoia by Sarten-X · 2012-11-05 13:01 · Score: 4, Insightful
  
  Efficiency doesn't matter much in a robbery - reliability does. Sure, you can get an expectation that a dozen houses are empty from sniffing, but an expectation doesn't keep you out of jail. Last time I was out sick from work, I spent the day in my living room reading a book, with no TV or additional lights on. You'll still need to do some plain old watching to pick targets. All you'd gain with the meters' transmissions is knowing that most folks will use less electricity during the day.
  I can't recall ever hearing about a string of thefts in more than two houses at a time. If you're getting away with one robbery free and clear, why risk getting caught at the second one with all the loot from the first? That's just asking for more jail time.
  
  Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.
  I'm going to guess you don't do any IT management. There's always a cost. In this case, the decryption keys for each device must be managed properly to maintain any actual security.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
16. Re:Reaching for paranoia by ThatsMyNick · 2012-11-05 13:12 · Score: 1
  
  Efficiency doesn't matter much in a robbery - reliability does. Sure, you can get an expectation that a dozen houses are empty from sniffing, but an expectation doesn't keep you out of jail. Last time I was out sick from work, I spent the day in my living room reading a book, with no TV or additional lights on. You'll still need to do some plain old watching to pick targets.
  You still need to do pain old watching, but this narrows down the number of house, down very very significantly. Now you get to concentrate on a small set of houses, and your efficiency improves
  
  All you'd gain with the meters' transmissions is knowing that most folks will use less electricity during the day.
  I can't recall ever hearing about a string of thefts in more than two houses at a time. If you're getting away with one robbery free and clear, why risk getting caught at the second one with all the loot from the first? That's just asking for more jail time.
  May it is because it was tough to monitor more number of house and that will be less difficult using these smart meters?
  
  Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.
  I'm going to guess you don't do any IT management. There's always a cost. In this case, the decryption keys for each device must be managed properly to maintain any actual security.
  No I dont. But I would have the private key in only one computer (may be someone may have a physical backup(s), but no one else will have access it). This is not a cost at all, in the scheme of things. And I dont see a reason why every reader needs to have access to keys, but, may be I am just naive.
17. Re:Reaching for paranoia by mrbester · 2012-11-05 13:14 · Score: 1
  
  They're called Jehovah's Witnesses and are (mostly) harmless.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
18. Re:Reaching for paranoia by Sarten-X · 2012-11-05 13:38 · Score: 1
  
  The ones that don't move a stick from their front porch or a flyer stuck in their door? They're probably not home.
  Don't expect people to notice a stranger. A salesman sticking flyers in people's door handles is annoying, but not very suspicious. A jogger who looks similar to the salesman from the day before will be unnoticed. If, by some fluke, a police officer asks, they can show off the flyer promoting their services selling old junk (which they suspect these old houses are full of) on Craigslist for a 10% cut. It's often not a crime to advertise one's own business, and it's plausible to deny knowledge if it is.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
19. Re:Reaching for paranoia by pkinetics · 2012-11-05 13:43 · Score: 1
  
  That and the security alarm companies.
20. Re:Reaching for paranoia by Jah-Wren+Ryel · 2012-11-05 13:47 · Score: 1
  
  A salesman sticking flyers in people's door handles is annoying, but not very suspicious.
  Until it happens to a couple of neighborhoods and people start to put two and two together.
  
  --
  When information is power, privacy is freedom.
21. Re:Reaching for paranoia by timeOday · 2012-11-05 14:13 · Score: 1
  
  During the day it's not all that unlikely to be home without using any extra electricity. Nor is likely to not be using electricity when you're not there - it could be anything from a water heater, a fridge, a pot farm, a PVR, or cordless weedwacker recharging.
  I'm sure there are clues about whether people are home from electricity usage, but if they're not all that reliable, then they're not that useful for analyzing a large number of homes in a short period of time to find a particularly vulnerable one.
  For that matter I doubt that homes with relatively obvious signs of absence (like a trash can left at the curb for 2 days) are in short supply.
22. Re:Reaching for paranoia by ThatsMyNick · 2012-11-05 14:18 · Score: 1
  
  I meant taking snapshots during the day. You can remember the last reading pretty easily. Just drive at the speed limit, capture all the reading. You could cover entire cities using these.
23. Re:Reaching for paranoia by pitchpipe · 2012-11-05 14:56 · Score: 1
  
  You know, my bullshit meter is sitting at about half scale reading what you just wrote. Do you have a citation for this? I googled it and couldn't find anything. In fact, the only thing I found was your post.
  
  --
  Look where all this talking got us, baby.
24. Re:Reaching for paranoia by rossdee · 2012-11-05 15:22 · Score: 1
  
  You can buy infrared detectors to see if there is heat on in the house, maybe even see if there are a pile of free newspapers by the door, the driveway and sidewalk covered with snow ryc.
25. Re:Reaching for paranoia by girlinatrainingbra · 2012-11-05 15:28 · Score: 1
  
  You don't need a citation. Walk up to most houses. You should be able to find the power meter on the side of the house. You should be able to read the numbers on the meter, no problem, even if it's also wireless, they tend to have LCD displays. If's it's got the little black-and-silver striped wheels on it, it's not too hard to figure out how to read the numbers: alternate clockwise and counter-clockwise and go down to the next lowest number: concatenate the numbers and you have a reading. Water meters are similar but situated close to the curb, probably on the right of way, with a little metal or concrete cover over it. Read meter the same way.
  ;>)
  Here's a pointer to a crime blog for La Jolla: http://www.lajollalight.com/2011/07/19/la-jolla-crime-log/ : the details are usually known by the police and the victims and the neighbors, but otherwise the publicly cited crime-logs tend to be as terse as "Residential burglary." Get on your journalism hat, fly out, and investigate the truth!! Anyway, the point of the story was that there's no need to be paranoid about broadcasting your meter readings: they already exist in the clear and can be read with little effort by anyone interested in doing so. Just like the back of your car (and the front of your car in many states) also broadcasts optically/reflectively from the ambient light an identifying series of letters and numbers and symbols (CA allows symbols, check it out) that can also be seen by anyone caring to look. And it's against the law to block them out, though quite a few people put those weird supposedly IR-blocking filters over them as if that'll stop the traffic cameras from reading their plate.
26. Re:Reaching for paranoia by ThatsMyNick · 2012-11-05 15:29 · Score: 1
  
  None of these can be automated. I can cover entire cities using this setup, and driving at regular speed limit. I can pick targets better. I can find cluster of people not at home, and rob them at the same. I can use Operations Research to calculate the best loot possible.
27. Re:Reaching for paranoia by Sarten-X · 2012-11-05 16:11 · Score: 1
  
  Then it's a good time to change tactics. Instead of flyers, carry a Bible and become a proselytizer. Actually run the Craigslist business for a while, putting flyers in several neighborhoods with antiques that you won't rob. As mentioned below, sell candy bars for a charity fundraiser. Volunteer to canvass to encourage voting. Invite people to a public event. Wander around "lost" at dusk, asking other pedestrians for directions to some landmark in the direction you're already headed.
  The excuses to walk down a sidewalk are endless, and in modern society the chances of being recognized are infinitesimal. Just beware the old guy in a rocking chair. If I had to pick favorites, I'd start with the voluntary canvass or proselytizing, to identify the riskiest houses with nosiest people. Then switch to jogging, with the ready excuse that you like the neighborhood's scenery. Jog for a few months before starting the robberies, then continue afterward.
  If the police ever ask for your name, give it readily, then find a new line of work (or at least be prepared to move out of the country). Be content with the robberies you got away with, and stay out of the public eye for the rest of your life. This assumes, of course, that the robbery was for thrill rather than financial necessity, but that's really necessary for the perfect heist.
  Disclaimer: This is starting to get creepy, so I may as well mention that I'm professionally paranoid. Part of my job is evaluating security at a financial institution, so I get to sit at my desk and think up interesting ways to avoid suspicion (and triggers for our employees to be more suspicious). Mostly I'm concerned with information security, but there's some physical aspects as well.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
28. Re:Reaching for paranoia by ThatsMyNick · 2012-11-05 17:38 · Score: 1
  
  The reliable methods are used after wardriving then, in a targetted way. The reliable methods are very often time consuming.
29. Re:Reaching for paranoia by tftp · 2012-11-05 18:48 · Score: 4, Insightful
  
  Also this is more efficient, it allows robbers to target more houses that it was possible before.
  That's exactly how a PhD would approach robbing a house - by collecting scientific data, analyzing it, and then offering a hypothesis (you are at home or not.)
  However real life thieves do it in a better way. They throw a brick through the rear door and disappear. If nothing happens within 15-20 minutes then they know that all of the following is true: nobody is at home; there is no alarm; there are no dogs; the neighbors heard nothing. Then the house is safe to approach.
  You see, there is no need to know if neighbors are at home or not. This is useless information. What is not useless, however, is whether they hear the commotion or not. Similarly, it is pointless to know if you are at home or not. An alarm may be at home in your place, guarding better than you would. The method that thieves use checks for the end condition directly - and it requires minimum IQ.
30. Re:Reaching for paranoia by ThatsMyNick · 2012-11-05 18:59 · Score: 1
  
  Er, my point is that the old school robbing methods are still useful. Only that you have a better list of houses. The wardriving will really narrow down the list of houses. Now you can throws bricks into each of houses, and do whatever you would have done before. This just makes the old process, more efficient.
31. Re:Reaching for paranoia by tftp · 2012-11-05 19:16 · Score: 1
  
  Only that you have a better list of houses. The wardriving will really narrow down the list of houses.
  I don't think thieves would pay much attention to that. It requires a lot of samples to determine what levels of activity coincide with occupancy. At night, for example, power consumption is the same regardless of whether you are asleep at home or awake at work. As others mentioned, you also need to know the meter ID, and for that you need to collect all this information directly from meters, making yourself very visible. Some people will talk to a "meter reader" and ask why he is here at a wrong time for a reading; people will remember that!
32. Re:Reaching for paranoia by flyingfsck · 2012-11-05 20:48 · Score: 1
  
  One nice evening, a young Egyptian lady knocked on our door and begged for money for food for her little runt in training behind her. A few minutes later, we went out, got in the car and drove off. A few minutes after that, her boyfriend climbed through a window and encoutered my personal trainer son on the inside. The boyfriend exited rather more swiftly through said window than they could possibly have anticipated. So, the mark one eyeball target scouting method is not all that reliable, but a power meter scanner would not have helped their little family enterprise either...
  
  --
  Excuse me, but please get off my Pennisetum Clandestinum, eh!
33. Re:Reaching for paranoia by antdude · 2012-11-06 01:00 · Score: 1
  
  No security alarms? :P
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
34. Re:Reaching for paranoia by dkf · 2012-11-06 01:46 · Score: 1
  
  I guess water sprinklers could screw it up in some places
  The crooks won't care too much if they miss a property or two; someone else on the next block over who isn't as careful/paranoid will do just as well...
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
35. Re:Reaching for paranoia by Jah-Wren+Ryel · 2012-11-06 10:57 · Score: 1
  
  Fundamentally my problem with your position is that it is the ostrich version of security. Just because you can't think of a way to exploit the system does not mean we shouldn't build it robustly. It is kind of like three legged chairs - they ought to be just fine in theory, but it in practice they are lot less stable than four legged chairs.
  I expect you to say that we should not incur costs that are unnecessary but my position is that baseline securitiy is always necessary, particularly in a system that is very expensive to retrofit.
  
  --
  When information is power, privacy is freedom.
36. Re:Reaching for paranoia by detritus. · 2012-11-06 11:17 · Score: 1
  
  Sounds like a great way to find and rob marijuana grow houses. 12 hour light cycles with major usage only require you to drive by twice a day for a period to figure out, or simply spy on your neighbor. Easy to figure out, and the monetary incentives would make it worthwhile to a criminal.
C'mon Kids by Baobabs · 2012-11-05 12:21 · Score: 2

While it does seem a little paranoid to think burglars and the like are going to sit in your bushes monitoring your power usage, it wouldn't be hard to simply encrypt the transmissions. In today's society this seems like a no-brainer.
1. Re:C'mon Kids by jc42 · 2012-11-05 12:31 · Score: 1
  
  it wouldn't be hard to simply encrypt the transmissions. In today's society this seems like a no-brainer.
  Yeah; I'd say that "no-brainer" is a pretty good description of most current management attitudes towards data privacy.
  And, to try to avert the usual political stuff, we might observe that it's a good description for both corporate and government management of privacy issues. We don't need privacy (unless we have something to hide ;-), but they try hard to keep their behind-the-scenes activities secret from their customers or citizens or whatever they call us.
  But I know this won't be much good; we'll inevitably be reading lots of assertions that this is a problem specific to government agencies or private corporations. Or churches or the Boy Scouts or ... ;-)
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
2. Re:C'mon Kids by Sarten-X · 2012-11-05 12:44 · Score: 1
  
  Encrypting the transmission is certainly pretty simple, but decrypting it is hard. More specifically, managing the decryption is hard. Who gets the decryption keys? Do they go to every meter-reading vehicle, which is the easiest to deploy (and easiest to have stolen by a disgruntled meter reader)? Do they stay in a central location that each vehicle reports back to, delaying rechecks of errors? Are the vehicles expected to remain in constant communication with the central location, which may be impossible in some areas?
  The hassle of managing encryption far outweighs the risk posed by unencrypted transmission.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
3. Re:C'mon Kids by fast+turtle · 2012-11-05 13:06 · Score: 1
  
  what's even worse though is the damn idiots that think it's cute to have those smart meters shut down. That's right, most of them include the ability to turn the fucking power off. Now how much fun would it be for some god damn script kiddie to turn ouf the lights to an entire neighborhood during thanksgiving dinner or turkey day football/sports what ever
  
  --
  Mod me up/Mod me down: I wont frown as I've no crown
4. Re:C'mon Kids by Sarten-X · 2012-11-05 13:28 · Score: 1
  
  So the keys stay in a central location, meaning that any recheck for verification (like when a meter says someone used a million kilowatt-hours in a month) requires another vehicle being sent out, and the reading technician/driver has no indication that there might be something wrong. Everybody loves needlessly increased expenses, right?
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
5. Re:C'mon Kids by ThatsMyNick · 2012-11-05 13:57 · Score: 1
  
  Service techs must have some means to communicate with their headquarters. Just use the existing infrastructure. It might be walkie talkie or CB radio or a cell phone or some sort of data device connected to a purpose build device or a laptop.
6. Re:C'mon Kids by damm0 · 2012-11-05 19:25 · Score: 1
  
  > The hassle of managing encryption far outweighs the risk posed by unencrypted transmission.
  Now that is absolutely not the case. PKI scales, and these days with a SIM card in most phones it is almost free as long as you set it up right. That part is hard, but it's a basically constant cost which gets less expensive over time.
7. Re:C'mon Kids by Sarten-X · 2012-11-06 00:23 · Score: 1
  
  See my first comment in this thread:
  
  Are the vehicles expected to remain in constant communication with the central location, which may be impossible in some areas?
  In the river valley in my city, where cellular coverage is spotty and the twists cut walkie-talkie range to less than shouting distance, what then? Heck, I know of residential places in my city where police radios don't even cover.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
Lights Also Transmit Signals by MacroSlopp · 2012-11-05 12:24 · Score: 5, Funny

You can also tell if someone is home through unencrypted lightbulb signals through windows.
1. Re:Lights Also Transmit Signals by thePowerOfGrayskull · 2012-11-05 12:31 · Score: 3, Funny
  
  You can also tell if someone is home through unencrypted lightbulb signals through windows.
  Maybe at your house.
  At my house we always encrypt our light bulb emissions. Always.
2. Re:Lights Also Transmit Signals by Anonymous Coward · 2012-11-05 12:33 · Score: 2, Funny
  
  I encrypt my emissions using CUR-tain protocol it uses a 100 threadcount gravity hung distribution system based on the R-0-D infrastructure.
3. Re:Lights Also Transmit Signals by Anonymous Coward · 2012-11-05 12:52 · Score: 1
  
  You can also tell if someone is home through unencrypted lightbulb signals through windows.
  Maybe at your house.
  At my house we always encrypt our light bulb emissions. Always.
  Likewise. Instead of putting out white-light white-light white-light, I'll run that through the Photonic Twistor algorithm and maybe it'll come out gamma-ray X-ray radio-wave. Sometimes I'll throw some beta radiation and fast neutrons in there too just to salt it a bit.
4. Re:Lights Also Transmit Signals by Sarten-X · 2012-11-05 13:08 · Score: 4, Funny
  
  I, too, encrypt my lightbulb emissions using the CUR-tain algorithm. There is some shadow analysis that can break it, but repeated application of the algorithm (often referred to as Triple CUR or 3CUR) will often foil that.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
5. Re:Lights Also Transmit Signals by SeaFox · 2012-11-05 15:28 · Score: 2
  
  Encrypted light bulb transmissions cause new problems.
  Namely kids on 'shrooms standing in front of you house staring at the windows all the time.
We also need shock isolation basements. by 140Mandak262Jamuna · 2012-11-05 12:36 · Score: 4, Funny

If you place some seismometers on the street quite close to the house, people can detect if there are people moving about in the house. Add to it laser beams reflecting off the window panes, they can detect minute changes in the structure as it flexes when you move from your bedroom to the bathroom. Sensitive microphones can be used to detect the sounds of toilet flushes too.
So, next time, in addition to getting tin foil for the hats, you should get non reflective paint for the whole structure, shock isolating floating foundation for the entire home and special noise cancelling speakers attached to the plumbing. Else, gasp! thieves will know when you are in and when you are not in your own home.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:We also need shock isolation basements. by Anonymous Coward · 2012-11-05 12:53 · Score: 2, Funny
  
  Yo momma so fat, burglars use gravitometers to case your house.
This information has never been secret... by samorris · 2012-11-05 12:48 · Score: 2

This information has never been secret. Most electricity meters are mounted on the outside of the structure in an easily accessible location with dials that are easy to read at a distance with a pair of binoculars. This is by design, allowing the utility companies to do meter readings as efficiently as possible.
1. Re:This information has never been secret... by nurb432 · 2012-11-05 12:56 · Score: 1
  
  Except in many cases you would have to stand in someone elses yard. If someone did that in my yard id be asking WTF they were doing.
  And if i wasnt home to see it, well, there is another reason why this is silly.
  
  --
  ---- Booth was a patriot ----
2. Re:This information has never been secret... by cvtan · 2012-11-05 13:03 · Score: 1
  
  Good point. Meter is required to be outside where I live (or maybe this is National Electrical Code requirement).
  
  --
  Sorry, but gray text on gray background is making my eyes bleed.
Evil usage? by Anonymous Coward · 2012-11-05 12:49 · Score: 1

Am I the only one wondering how easy it would be to spoof your or others readings for nefarious purposes?
Not All Vendors Are Alike by damm0 · 2012-11-05 12:54 · Score: 1

There's the implicit statement that all smart meters are deployed the same way. Since this experiment shows that one smart meter vendor is producing sniffable traffic. It does not show that all vendors are in the same situation.
Some vendors are better than others in this regard.
Burglary: No--Spoofing: More likely by ThundrNeon · 2012-11-05 13:01 · Score: 5, Interesting

As a meter reader who actually reads some of these AMR meters, I'd say using the information for burglaries is a stretch. Even if you get the info it only includes meter number and reading. Since the address is not listed I can only see it being useful in rural areas where houses are far enough apart to be able to tell which house it is without physically checking the meter. For reference, I can pick up AMR meters in rural areas from about 1/2 to 3/4 a mile away while driving 50 mph. I see the greater nefarious use would be to send out a slightly stronger signal to send a different reading and hence lower your utility bill. Since this process would be wireless and most likely involve doing nothing to the physical meter itself it would be near impossible to catch it as tampering. Also since in my area AMR meters are almost never physically checked, even a physical modification would likely go unnoticed for years.

--
Inherited Will. The Destiny of the Age, and the Dreams of the People. These are things that will not be stopped. As l
1. Re:Burglary: No--Spoofing: More likely by mveloso · 2012-11-05 16:10 · Score: 2
  
  You don't spoof to get lower bills. You spoof so your neighbors get higher bills.
2. Re:Burglary: No--Spoofing: More likely by FirstOne · 2012-11-06 04:47 · Score: 1
  
  "You don't spoof to get lower bills. You spoof so your neighbors get higher bills."
  Or just shutoff the electricity to the neighbors you don't like.
  If they don't catch fire and burn your house down first..
  Add to misery. these smart meters have a much shorter lifespan(5-7 years)
  and you are likely to get thr short end of stick(over billing) when it fails..
  Just think more Chinese made components(bad caps?) that you can't unplug!!
transmissions are open game for law enforcement. by fustakrakich · 2012-11-05 13:14 · Score: 1

Yes, they are. You don't 'own' the meter. If you want to block the transmission, just jam the signal.

--
“He’s not deformed, he’s just drunk!”
These are not smart meters. They are remote read. by Copperhamster · 2012-11-05 13:14 · Score: 4, Informative

I know something about these meters. First of all, they give you the current meter reading in KWH, not how much current is currently in use; you would have to take multiple samples to get that.
Second of all, they are very omnidirectional and have a reasonable range, so someone can read them from the street on most houses. Which means they get several houses with any reader. The unique identifier is easily determinable, in our case it's stamped on the back side of the meter, all you have to do is pull it off the base and check it. The meters are programmed with a route and subroute number, and respond to an unencrypted transmission asking for their info by broadcasting it.
As far as the 4th amendment is concerned, the police would need a warrant to get all the bits and pieces together to connect a particular meter with a particular house in the first place.
Finally, the readers cost us roughly $8k each. While I'm sure it's doable cheaper, I don't see people putting that kind of effort into this. Especially as the same info can be gotten by walking up and looking at the meter. While I certainly have my concerns of security for real 'smart meters' these are not what we should focus on.
Imaginary Cancer! by rueger · 2012-11-05 13:28 · Score: 3, Interesting

The absolute worst thing about the installation of smart meters in these parts is the endless string of "news stories" by our local community "newspaper"* about the significant health risks posed by smart meters.

It finally reached the point where, lacking any scientific evidence, they're now resorting to trying to outlaw Smart Meters, WIFI, and cel towers because of "electromagnetic hypersensitivity (EHS). Patients with EHS suffer a variety of symptoms from heart palpitations to migraines they claim are caused by radio frequency radiation.

"You know that western medicine doctors don't know anything about EHS and my naturopath actually tested me. On the sole of the foot on the inside there is a point where he tests the sensitivity to electromagnetic fields. It was very painful and he found out that I am very sensitive," Nemetzade says.

* scare quotes used because, well, the rag is actually pretty scary.

--
Three Squirrels
1. Re:Imaginary Cancer! by dkf · 2012-11-06 01:50 · Score: 1
  
  "electromagnetic hypersensitivity (EHS)
  Is that the disease that people get even when the devices they blame for it have no power at all?
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
Re:No Expectation of Privacy by SylvesterTheCat · 2012-11-05 14:04 · Score: 1

Really? What kind of logic is that?
Just because it has to be displayed does not mean it has to be visible from public property or that people who want to know may trespass without consequence.
Meter readers are obviously an exception to the above as this would be a condition of service.
not a big deal by __aaltlg1547 · 2012-11-05 14:10 · Score: 1

With even cheaper equipment, cops can detect your grow lights from IR emissions.
1. Re:not a big deal by the+eric+conspiracy · 2012-11-06 03:02 · Score: 1
  
  Yes, but they can't use that information in court because it's been ruled to be protected by the 4th Amendment.
Re:Best implication I can think of... by EmagGeek · 2012-11-05 14:11 · Score: 3, Informative

Pot farms usually bypass their meter so their high usage doesn't show up. Utilities already report irregular usage to Law Enforcement based on their normal readings. There's no need for LE to go war driving. The utilities furnish that information already.
encrypting will not be easy by manu0601 · 2012-11-05 15:04 · Score: 1

Using cryptography will be nightmare here: who gets the keys to decrypt? Too many people. Keys will be compromised and will have to be updated. How? Should the smart meter be remotely controlled by the utility? That is smelling bad.
Re:transmissions are open game for law enforcement by SeaFox · 2012-11-05 15:07 · Score: 1

Yes, they are. You don't 'own' the meter. If you want to block the transmission, just jam the signal.
Yeah, that will show those cops! It's not like the reading can be read with the naked eye from outside my house, after all.
Re:Someone will make a tool. by __aaltlg1547 · 2012-11-05 15:12 · Score: 2

What the hell for? They can buy a thermal imager for $1200. You could probably modify a cell phone's camera to make a cheap-ass IR camera for a lot less. You might need no more than a filter to block visible light.
Re:Someone will make a tool. by Anonymous Coward · 2012-11-05 15:20 · Score: 3, Informative

There is already a cheap way to do that for digital SLR camera using photographic film to block visible light. My hobbyist friend does it to take infrared photography. It is so amazing how the world looks in infrared: http://en.wikipedia.org/wiki/Infrared_photography
Re:transmissions are open game for law enforcement by fustakrakich · 2012-11-05 15:23 · Score: 1

The summary is about concern over broadcasting the signal and the police tapping into it. So was my comment, which seemed to offend a moderator. If they actually have to come and read the meter, it kinda blows their cover. More likely they would simply ask the electric company to cough up a copy of the bill, and the electric company has no interest in your 4th amendments rights, which aren't being violated in this instance anyway. Hope that clears things up a bit, in case you weren't just being silly.

--
“He’s not deformed, he’s just drunk!”
Who writes this crap. by Anonymous Coward · 2012-11-05 15:30 · Score: 1

This article or study is "not so clever." If someone wants to identify whether or not someone is home it'd be much easier to monitor activity at the house than it would be to try and track equipment cycling on or off via a smart meter. Sure we could install all kinds of encryption on a meter, but for what purpose? -- drive up costs of a utility meter! This is one of the dumbest articles I've ever seen.
Other ways to tell if someone is home
1. Sniff internet packets
2. check facebook
2. knock on the door
3. look for cars in the driveway
4. look if lights are on in the house
5. looking for movement in the house
6. check for strong cell phone signal coming out of the house
7. listen for voices
8. use infrared technology
9. call the neighbors and ask them
10. check the actual electric or water meter (this is probably the least reliable of all methods above)
Typically people looking to get into other peoples houses aren't trying to phreak weak data from a wireless electric meter. Please stop writing crap like this so I don't have to pay an extra $1,000 dollars a year to have a triple encrypted electric meter with firewalled dedicated internet connection.
People act like hackers aren't hacking though encryption and other security measures. Nothing in the digital age is 100% safe or secure. Get over it. It's still the best solution with the least risk. Electric meters are the least of our worries.
1. Re:Who writes this crap. by tftp · 2012-11-05 19:07 · Score: 2, Funny
  
  11. Call the house (using White Pages) and if anyone answers say "This is Rachel from Cardholder Services..."
Re:Someone will make a tool. by icebraining · 2012-11-05 22:16 · Score: 3, Informative

That is not the wavelength you're looking for. Cheap cameras can see into the near infrared, not the mid/long infrared of thermal imaging.

--
Dilbert RSS feed
Re:Best implication I can think of... by xenobyte · 2012-11-05 23:30 · Score: 2

Pot farms usually bypass their meter so their high usage doesn't show up.
Exactly! - Or use generators for the additional power needed.
Heard of a case where a pot farm was hidden in an apartment, complete with a generator in a soundproofed box and its exhaust fed into the main sewer. The grow rooms were waterproofed as well, making sure the people on the floor below didn't get nasty stains on their ceiling. It was found only by accident. The pot apartment had average water usage, normal power usage and an untampered meter.

--
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Deja vu by ThatsNotPudding · 2012-11-06 00:27 · Score: 1

Boy, this story is so familiar... just can't quite recall where I saw it before.
Re:These are not smart meters. They are remote rea by ThatsNotPudding · 2012-11-06 00:31 · Score: 1

Finally, the readers cost us roughly $8k each.
Which means the BOM cost is probably around $400. The massive markup is passed along to the suck^H^H^H^H customers, so MomCorp doesn't give a crap about being soaked.
Re:Someone will make a tool. by EvilSS · 2012-11-06 01:24 · Score: 1

This requires a warrant (Kyllo v. United States)

--
I browse on +1 so AC's need not respond, I won't see it.
AMR's are not smart meters by angel'o'sphere · 2012-11-06 01:43 · Score: 1

AMR (automatic meter reading) just send metering data via mobile phone or other means.
That is not a smart meter.
However I agree traffic should be encrypted.

--
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Re:Someone will make a tool. by __aaltlg1547 · 2012-11-06 01:55 · Score: 1

This requires a warrant (Kyllo v. United States)
Thieves get warrants? Who knew?
Duke Energy by poofmeisterp · 2012-11-06 02:17 · Score: 1

This is interesting but has existed for years - DON'T just mod me down - finish reading, please.
What's new is the Duke Energy "New Awesome Smart Meter That Makes Your Home More Power-Friendly" meter (that's literally how they present it and it's suggested to be just that on the meter itself).
This meter is a replacement that all customers (at least in the Greater Cincinnati Tri-State area) are required to let Duke come out and swap. Oh, they charge you for the swap, too.
If you'll look at the poles with transformers installed on them, there's a new little grey box that's installed with an attachment to the 240v low side as well as the high voltage side (bypassing the transformer).
This new setup allows Duke to remotely signal (by wire) your meter to read it, AND (this is what they're not telling people), shut it of remotely if your bills aren't current (no pun intended). No more dogs protecting your power meter from a pull, less Humans needed hired for this manual labor, faster disconnect and reconnect, etc.
This is something other power companies will follow suit with soon, so I'm sure people needn't worry too much about this wireless power meter issue that's existed for years and hasn't been knowingly exploited before now.
1. Re:Duke Energy by poofmeisterp · 2012-11-06 05:27 · Score: 1
  
  Beats me. I will mention, IMHO, that if someone is gutsy enough to connect to the high voltage line with the proper communication equipment to accomplish disconnects of service equipment, they would need to know the IDs of the meters to activate, the protocol to initiate a disconnect, and a lot of time to monitor the line to find the above (unless you want to just iterate starting at the lowest number and kick off all meters one-by-one). Who has the equipment and interface knowledge other than an employee?
  If you're that brave with high voltage and and that have much time on your hands....... Why not just go do a physical cut on the low voltage side to a specific house you're targeting. Do a double-cut so the lines have to be completely rerun. If not rerun, hours of time out plus splice time, plus the customer's going to have to pay for the repair cost. Yes, Duke makes you pay unless the one who performed the cut is a known party and can be targeted via a police report.
  It's just a non-issue... Unless you're a terrorist party, then hey... Game. On.
  The wireless stuff is for bored kids or pissed adults with way too much money and time on their hands.
  If it's an employee that's wanting to screw around with third-party equipment for the connect and mayhem activity, I'd say they have a damn good chance of accomplishing most anything they know how to. Would Duke take the risk? Would they encrypt it to prevent pissed (or ex) employees from doing this?
  Interesting one, indeed.
Remote control by LeadSongDog · 2012-11-06 04:27 · Score: 1

So we have meters that can remotely command thermostat set-back, and others that can romotely disconnect power entirely. If any of these have security problems on the command side, they've essentially opened the door to crooks (or cops) cutting off your power, likely with no evidence trail created. If they shut it off and nobody opens a curtain it's a pretty safe bet that there's nobody home.

--
Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
Re:Add noise to the signal by Cyko_01 · 2012-11-06 04:31 · Score: 1

you mean like those little light timers?