Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Smart Meters Broadcast Readings in the Clear

Posted by Unknown on from the find-out-who-hates-the-planet dept.

alphadogg writes "University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you're at home. The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received." Perhaps more distressing, given trends in 4th amendment interpretation, I bet the transmissions are open game for law enforcement.

11 of 138 comments (clear)

  1. Not home? by nurb432 · · Score: 4, Interesting

    Or just asleep.. Or they have a low power foot print most of the time.

    Cars in the driveway and no one answering the door is a more accuarate and low-tech way to do this.

    --
    ---- Booth was a patriot ----
  2. Re:Reaching for paranoia by ThatsMyNick · · Score: 5, Insightful

    If someone wants to know who all houses in the neighborhood that are currently empty, yes this is the best way to do it. You can also identify which houses have no neighbors at home. I could also be very useful, if you are trying to improve your efficiency and are targeting more than one house at the same time.

  3. Lights Also Transmit Signals by MacroSlopp · · Score: 5, Funny

    You can also tell if someone is home through unencrypted lightbulb signals through windows.

    1. Re:Lights Also Transmit Signals by Sarten-X · · Score: 4, Funny

      I, too, encrypt my lightbulb emissions using the CUR-tain algorithm. There is some shadow analysis that can break it, but repeated application of the algorithm (often referred to as Triple CUR or 3CUR) will often foil that.

      --
      You do not have a moral or legal right to do absolutely anything you want.
  4. Re:Reaching for paranoia by girlinatrainingbra · · Score: 5, Interesting
    In our neighborhood in La Jolla, a couple of neighbors got burgled while they were away for a month or so, even though they had stopped mail delivery, stopped newspaper delivery, had people coming by to check on the house, had put the exterior and interior lights and even the television on electrical timers so it would appear that someone was still at home... What they'd forgotten about was water usage. When they caught the crooks two months later when they tried to pawn a particularly unique piece of silver jewelry and the cops traced and jailed them was that they had a notebook of water meter readings.

    .

    One of them had put on an orange vest like a construction worker or traffic worker guy and walked the choice neighborhoods and recorded the meter readings. They came back two weeks later, and la voila, anyone whose water had not budged too much was obviously not at home flushing or showering or cooking. (I guess water sprinklers could screw it up in some places, but here we've got two meters: the sprinkler meter only gets you billed for water usage, the house water meter gets you billed for water usage and for sewer usage.)

    .

    The meter reading trick does not require wireless access. Most meters are located in a position where the meter-reader does not have to enter a backyard or gated restricted portion of the property. And seriously, has anyone ever stopped or challenged a meter-reader and said "Hey, let me see you badge, and then call someone and verify it!". I don't think so. So after all this rambling, yes I agree with you, they are reaching pretty hard and being paranoid.

  5. Re:Reaching for paranoia by Sarten-X · · Score: 4, Informative

    Or a thief could just go jogging around the block for a while in the morning.

    Reconnaissance on a big public target like a house is trivially easy, even without exploiting new technology, but let's all go ahead and panic now that it's been brought to our attention.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  6. We also need shock isolation basements. by 140Mandak262Jamuna · · Score: 4, Funny
    If you place some seismometers on the street quite close to the house, people can detect if there are people moving about in the house. Add to it laser beams reflecting off the window panes, they can detect minute changes in the structure as it flexes when you move from your bedroom to the bathroom. Sensitive microphones can be used to detect the sounds of toilet flushes too.

    So, next time, in addition to getting tin foil for the hats, you should get non reflective paint for the whole structure, shock isolating floating foundation for the entire home and special noise cancelling speakers attached to the plumbing. Else, gasp! thieves will know when you are in and when you are not in your own home.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  7. Re:Reaching for paranoia by Sarten-X · · Score: 4, Insightful

    Efficiency doesn't matter much in a robbery - reliability does. Sure, you can get an expectation that a dozen houses are empty from sniffing, but an expectation doesn't keep you out of jail. Last time I was out sick from work, I spent the day in my living room reading a book, with no TV or additional lights on. You'll still need to do some plain old watching to pick targets. All you'd gain with the meters' transmissions is knowing that most folks will use less electricity during the day.

    I can't recall ever hearing about a string of thefts in more than two houses at a time. If you're getting away with one robbery free and clear, why risk getting caught at the second one with all the loot from the first? That's just asking for more jail time.

    Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.

    I'm going to guess you don't do any IT management. There's always a cost. In this case, the decryption keys for each device must be managed properly to maintain any actual security.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  8. Burglary: No--Spoofing: More likely by ThundrNeon · · Score: 5, Interesting

    As a meter reader who actually reads some of these AMR meters, I'd say using the information for burglaries is a stretch. Even if you get the info it only includes meter number and reading. Since the address is not listed I can only see it being useful in rural areas where houses are far enough apart to be able to tell which house it is without physically checking the meter. For reference, I can pick up AMR meters in rural areas from about 1/2 to 3/4 a mile away while driving 50 mph. I see the greater nefarious use would be to send out a slightly stronger signal to send a different reading and hence lower your utility bill. Since this process would be wireless and most likely involve doing nothing to the physical meter itself it would be near impossible to catch it as tampering. Also since in my area AMR meters are almost never physically checked, even a physical modification would likely go unnoticed for years.

    --
    Inherited Will. The Destiny of the Age, and the Dreams of the People. These are things that will not be stopped. As l
  9. These are not smart meters. They are remote read. by Copperhamster · · Score: 4, Informative

    I know something about these meters. First of all, they give you the current meter reading in KWH, not how much current is currently in use; you would have to take multiple samples to get that.
    Second of all, they are very omnidirectional and have a reasonable range, so someone can read them from the street on most houses. Which means they get several houses with any reader. The unique identifier is easily determinable, in our case it's stamped on the back side of the meter, all you have to do is pull it off the base and check it. The meters are programmed with a route and subroute number, and respond to an unencrypted transmission asking for their info by broadcasting it.
    As far as the 4th amendment is concerned, the police would need a warrant to get all the bits and pieces together to connect a particular meter with a particular house in the first place.
    Finally, the readers cost us roughly $8k each. While I'm sure it's doable cheaper, I don't see people putting that kind of effort into this. Especially as the same info can be gotten by walking up and looking at the meter. While I certainly have my concerns of security for real 'smart meters' these are not what we should focus on.

  10. Re:Reaching for paranoia by tftp · · Score: 4, Insightful

    Also this is more efficient, it allows robbers to target more houses that it was possible before.

    That's exactly how a PhD would approach robbing a house - by collecting scientific data, analyzing it, and then offering a hypothesis (you are at home or not.)

    However real life thieves do it in a better way. They throw a brick through the rear door and disappear. If nothing happens within 15-20 minutes then they know that all of the following is true: nobody is at home; there is no alarm; there are no dogs; the neighbors heard nothing. Then the house is safe to approach.

    You see, there is no need to know if neighbors are at home or not. This is useless information. What is not useless, however, is whether they hear the commotion or not. Similarly, it is pointless to know if you are at home or not. An alarm may be at home in your place, guarding better than you would. The method that thieves use checks for the end condition directly - and it requires minimum IQ.