Some Smart Meters Broadcast Readings in the Clear

alphadogg writes "University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you're at home. The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received." Perhaps more distressing, given trends in 4th amendment interpretation, I bet the transmissions are open game for law enforcement.

Not home?

[nurb432]

Or just asleep.. Or they have a low power foot print most of the time.

Cars in the driveway and no one answering the door is a more accuarate and low-tech way to do this.

Re:Not home?

[Spy+Handler]

The tools were simple: a $1,000 Universal Software Radio Peripheral software-defined radio, an amplifier, and the freeware GNU Radio software, plus of course, the team's knowledge of wireless protocols and data processing.

Yeah really, it's not like home burglars are gonna buy this equipment, enroll in CS/EE courses at the local university, and learn wireless protocols so they can figure out if the owner is home before they rob it.

The submitter's distress over 4th amendment rights is equally stupid. If the spooks and cops wanna know your power usage, they can just pick up the phone and call the power company.

Re:Not home?

[Enry]

Because computers always cost $5000 and cracking utilities required you to know how to code.

Technology gets cheaper, code gets written, and people who aren't as experienced have more ability to use things.

Given my power meter is located in the corner of my house and using something a lot cheaper, like an IR camera or just the Mark I eyeball will tell you:

If there are cars in the driveway
If lights are on and activity in the house
If there's anyone generating heat (someone on vacation or out will set the thermostat lower than 68 in the winter)

There's a lot easier ways to tell if I'm home or not.

Re:Not home?

[Dahamma]

Thieves are stealing BMWs by cloning the key fobs after hacking the on-board computer. If there is something valuable to be had in your home, someone will be creative enough to find a way to steal it.

Re:Not home?

[reve_etrange]

Obviously the import is with regard to indoor cultivation of flowering plants.

Re:Not home?

[AmiMoJo]

I develop similar products for the water industry, and we actually looked at interoperability with meter reading equipment, so I know of what I speak.

You don't really need a $1000 SDR. In fact a cheap $20 one off eBay will work, but actually all of this kit uses a small number of widely available radio chipsets (e.g. Texas 11xx range), usually on 868MHz or sometimes on one of the reserved meter reading bands. Often the protocol is wireless MBUS, sometimes it is a simple proprietary one.

You can buy modules with amplifiers built in for $20, and then you just need a good antenna and some programming knowledge. It wouldn't be hard to develop a little device that reads the data, just like the ones the power company uses, and sell it for say $200. No skill required to use it. The only plus side is that they don't usually transmit the property address with the power consumption data, only a customer ID or something like that, so it could be hard to tell which reading belongs to which house.

Reaching for paranoia

[Sarten-X]

So let me get this straight... if somebody wants to know when you're home, they're going to run out and buy a radio and learn to use it, then sniff your meter's transmissions, then analyse them for periodic components, then correlate that with known patterns... rather than just waiting to watch you leave?

Re:Reaching for paranoia

[ThatsMyNick]

If someone wants to know who all houses in the neighborhood that are currently empty, yes this is the best way to do it. You can also identify which houses have no neighbors at home. I could also be very useful, if you are trying to improve your efficiency and are targeting more than one house at the same time.

Re:Reaching for paranoia

[girlinatrainingbra]

In our neighborhood in La Jolla, a couple of neighbors got burgled while they were away for a month or so, even though they had stopped mail delivery, stopped newspaper delivery, had people coming by to check on the house, had put the exterior and interior lights and even the television on electrical timers so it would appear that someone was still at home... What they'd forgotten about was water usage. When they caught the crooks two months later when they tried to pawn a particularly unique piece of silver jewelry and the cops traced and jailed them was that they had a notebook of water meter readings.

.

One of them had put on an orange vest like a construction worker or traffic worker guy and walked the choice neighborhoods and recorded the meter readings. They came back two weeks later, and la voila, anyone whose water had not budged too much was obviously not at home flushing or showering or cooking. (I guess water sprinklers could screw it up in some places, but here we've got two meters: the sprinkler meter only gets you billed for water usage, the house water meter gets you billed for water usage and for sewer usage.)

.

The meter reading trick does not require wireless access. Most meters are located in a position where the meter-reader does not have to enter a backyard or gated restricted portion of the property. And seriously, has anyone ever stopped or challenged a meter-reader and said "Hey, let me see you badge, and then call someone and verify it!". I don't think so. So after all this rambling, yes I agree with you, they are reaching pretty hard and being paranoid.

Re:Reaching for paranoia

[Sarten-X]

Or a thief could just go jogging around the block for a while in the morning.

Reconnaissance on a big public target like a house is trivially easy, even without exploiting new technology, but let's all go ahead and panic now that it's been brought to our attention.

Re:Reaching for paranoia

[tomhath]

More likely they would knock on the door. If someone answers they ask for somebody you never heard of. "Oh, sorry, must have the wrong address".

Re:Reaching for paranoia

[ThatsMyNick]

As I said, efficiency is the key. This is way more efficient that jogging around the neighborhood. I can map an entire neighborhood with this by driving around, in a few minutes and be pretty sure that no one is at home. It would take a lot of skill to do the same, by just jogging around. I can also pick better targets using these.
 
Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.

Re:Reaching for paranoia

[Darinbob]

Also note these are "first generation" devices. These are not what I would call smart, they're just smarter than the really dumb meters that used to exist. Current smart meter technology is a generator or two beyond this, and they do have security (at least as a feature if the utility decides to use it).

For these meters you still need to be able to correlate which device you're hearing with which house it's from. The range is not so short as to make this easy. The address of the house is not included in the data but usually the device serial number is. It may not be the same serial number that's printed on the label either (if you managed to sneak into all the neighbor's yards to write them down).

In many neighborhoods you can figure out who's home by seeing which houses have wifi acitvity and at what times. Or snoop in on the baby monitor and overhear the parents talking. Or listen in on cordless phones. Etc.

Yes it's a bad idea to not have security, not arguing against that. Just that this is not so obvious as some people think, and very clearly is not an indictment against modern meters that have security.

Re:Reaching for paranoia

Or they can walk around pretending to be cops, and offering tips on how to keep your house safe while you're on vacation, and oh yeah, would you like to tell us when you're out so we can keep an eye on your house?

This works very well around Christmas, or so I'm told.

Just be careful, you might get the one house with the Kid who has apparently gotten a master's in engineering.

Re:Reaching for paranoia

[Darinbob]

Smart crooks. Most just snatch and grab. Wait till they see someone drive away (especially if an elderly person) then break the back window, grab whatever they can, and run off. Those dumb ones are probably the vast majority of all burglaries.

Re:Reaching for paranoia

[AK+Marc]

That'll be seen as suspicious and get them reported. Better is to carry a clipboard and offer to sell them insurance or try to save them. Though, around here, carying a box of chocolates and trying to sell chocolates for his son's school fundraiser would probably be best. Nobody would remember you, but the "Hi, uh, is Bob here?" guy will get remembered, and may warrant a "suspicious person"'s call to the police.

Re:Reaching for paranoia

[Jah-Wren+Ryel]

Or a thief could just go jogging around the block for a while in the morning.

That doesn't tell you who is on vacation. Nor does it tell you anything if the people have their garage doors closed. Drop a sniffer somewhere unobtrusive for a week and you'll know about every house on the block without risk of people noticing a stranger casing the neighborhood either.

Re:Reaching for paranoia

[Sarten-X]

Efficiency doesn't matter much in a robbery - reliability does. Sure, you can get an expectation that a dozen houses are empty from sniffing, but an expectation doesn't keep you out of jail. Last time I was out sick from work, I spent the day in my living room reading a book, with no TV or additional lights on. You'll still need to do some plain old watching to pick targets. All you'd gain with the meters' transmissions is knowing that most folks will use less electricity during the day.

I can't recall ever hearing about a string of thefts in more than two houses at a time. If you're getting away with one robbery free and clear, why risk getting caught at the second one with all the loot from the first? That's just asking for more jail time.

Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.

I'm going to guess you don't do any IT management. There's always a cost. In this case, the decryption keys for each device must be managed properly to maintain any actual security.

Re:Reaching for paranoia

[tftp]

Also this is more efficient, it allows robbers to target more houses that it was possible before.

That's exactly how a PhD would approach robbing a house - by collecting scientific data, analyzing it, and then offering a hypothesis (you are at home or not.)

However real life thieves do it in a better way. They throw a brick through the rear door and disappear. If nothing happens within 15-20 minutes then they know that all of the following is true: nobody is at home; there is no alarm; there are no dogs; the neighbors heard nothing. Then the house is safe to approach.

You see, there is no need to know if neighbors are at home or not. This is useless information. What is not useless, however, is whether they hear the commotion or not. Similarly, it is pointless to know if you are at home or not. An alarm may be at home in your place, guarding better than you would. The method that thieves use checks for the end condition directly - and it requires minimum IQ.

C'mon Kids

[Baobabs]

While it does seem a little paranoid to think burglars and the like are going to sit in your bushes monitoring your power usage, it wouldn't be hard to simply encrypt the transmissions. In today's society this seems like a no-brainer.

Lights Also Transmit Signals

[MacroSlopp]

You can also tell if someone is home through unencrypted lightbulb signals through windows.

Re:Lights Also Transmit Signals

[thePowerOfGrayskull]

You can also tell if someone is home through unencrypted lightbulb signals through windows.

Maybe at your house.

At my house we always encrypt our light bulb emissions. Always.

Re:Lights Also Transmit Signals

I encrypt my emissions using CUR-tain protocol it uses a 100 threadcount gravity hung distribution system based on the R-0-D infrastructure.

Re:Lights Also Transmit Signals

[Sarten-X]

I, too, encrypt my lightbulb emissions using the CUR-tain algorithm. There is some shadow analysis that can break it, but repeated application of the algorithm (often referred to as Triple CUR or 3CUR) will often foil that.

Re:Lights Also Transmit Signals

[SeaFox]

Encrypted light bulb transmissions cause new problems.
Namely kids on 'shrooms standing in front of you house staring at the windows all the time.

We also need shock isolation basements.

[140Mandak262Jamuna]

If you place some seismometers on the street quite close to the house, people can detect if there are people moving about in the house. Add to it laser beams reflecting off the window panes, they can detect minute changes in the structure as it flexes when you move from your bedroom to the bathroom. Sensitive microphones can be used to detect the sounds of toilet flushes too.

So, next time, in addition to getting tin foil for the hats, you should get non reflective paint for the whole structure, shock isolating floating foundation for the entire home and special noise cancelling speakers attached to the plumbing. Else, gasp! thieves will know when you are in and when you are not in your own home.

Re:We also need shock isolation basements.

Yo momma so fat, burglars use gravitometers to case your house.

This information has never been secret...

[samorris]

This information has never been secret. Most electricity meters are mounted on the outside of the structure in an easily accessible location with dials that are easy to read at a distance with a pair of binoculars. This is by design, allowing the utility companies to do meter readings as efficiently as possible.

Burglary: No--Spoofing: More likely

[ThundrNeon]

As a meter reader who actually reads some of these AMR meters, I'd say using the information for burglaries is a stretch. Even if you get the info it only includes meter number and reading. Since the address is not listed I can only see it being useful in rural areas where houses are far enough apart to be able to tell which house it is without physically checking the meter. For reference, I can pick up AMR meters in rural areas from about 1/2 to 3/4 a mile away while driving 50 mph. I see the greater nefarious use would be to send out a slightly stronger signal to send a different reading and hence lower your utility bill. Since this process would be wireless and most likely involve doing nothing to the physical meter itself it would be near impossible to catch it as tampering. Also since in my area AMR meters are almost never physically checked, even a physical modification would likely go unnoticed for years.

Re:Burglary: No--Spoofing: More likely

[mveloso]

You don't spoof to get lower bills. You spoof so your neighbors get higher bills.

These are not smart meters. They are remote read.

[Copperhamster]

I know something about these meters. First of all, they give you the current meter reading in KWH, not how much current is currently in use; you would have to take multiple samples to get that.
Second of all, they are very omnidirectional and have a reasonable range, so someone can read them from the street on most houses. Which means they get several houses with any reader. The unique identifier is easily determinable, in our case it's stamped on the back side of the meter, all you have to do is pull it off the base and check it. The meters are programmed with a route and subroute number, and respond to an unencrypted transmission asking for their info by broadcasting it.
As far as the 4th amendment is concerned, the police would need a warrant to get all the bits and pieces together to connect a particular meter with a particular house in the first place.
Finally, the readers cost us roughly $8k each. While I'm sure it's doable cheaper, I don't see people putting that kind of effort into this. Especially as the same info can be gotten by walking up and looking at the meter. While I certainly have my concerns of security for real 'smart meters' these are not what we should focus on.

Imaginary Cancer!

[rueger]

The absolute worst thing about the installation of smart meters in these parts is the endless string of "news stories" by our local community "newspaper"* about the significant health risks posed by smart meters.

It finally reached the point where, lacking any scientific evidence, they're now resorting to trying to outlaw Smart Meters, WIFI, and cel towers because of "electromagnetic hypersensitivity (EHS). Patients with EHS suffer a variety of symptoms from heart palpitations to migraines they claim are caused by radio frequency radiation.

"You know that western medicine doctors don't know anything about EHS and my naturopath actually tested me. On the sole of the foot on the inside there is a point where he tests the sensitivity to electromagnetic fields. It was very painful and he found out that I am very sensitive," Nemetzade says.

* scare quotes used because, well, the rag is actually pretty scary.

Re:Best implication I can think of...

[EmagGeek]

Pot farms usually bypass their meter so their high usage doesn't show up. Utilities already report irregular usage to Law Enforcement based on their normal readings. There's no need for LE to go war driving. The utilities furnish that information already.

Re:Someone will make a tool.

[__aaltlg1547]

What the hell for? They can buy a thermal imager for $1200. You could probably modify a cell phone's camera to make a cheap-ass IR camera for a lot less. You might need no more than a filter to block visible light.

Re:Someone will make a tool.

There is already a cheap way to do that for digital SLR camera using photographic film to block visible light. My hobbyist friend does it to take infrared photography. It is so amazing how the world looks in infrared: http://en.wikipedia.org/wiki/Infrared_photography

Re:Who writes this crap.

[tftp]

11. Call the house (using White Pages) and if anyone answers say "This is Rachel from Cardholder Services..."

Re:Someone will make a tool.

[icebraining]

That is not the wavelength you're looking for. Cheap cameras can see into the near infrared, not the mid/long infrared of thermal imaging.

Re:Best implication I can think of...

[xenobyte]

Pot farms usually bypass their meter so their high usage doesn't show up.

Exactly! - Or use generators for the additional power needed.

Heard of a case where a pot farm was hidden in an apartment, complete with a generator in a soundproofed box and its exhaust fed into the main sewer. The grow rooms were waterproofed as well, making sure the people on the floor below didn't get nasty stains on their ceiling. It was found only by accident. The pot apartment had average water usage, normal power usage and an untampered meter.