Smart Meters Too Easy To Hack, Research Suggests
Homes that have been outfitted with wireless utility meters may be unintentionally giving away information about the comings and goings of the people who live inside. Researchers at the University of South Carolina have completed a study on the new meters, which are used by water, gas, and hydro companies throughout North America. They have concluded that while the appropriate steps have been taken to protect the meters against physical tampering, they are woefully unprotected against hacking and should be considered a privacy concern.
Smart Meters are designed to be time-saving devices. Instead of having to go door-to-door to record consumption levels, a utility company employee can drive through a neighbourhood and use a wireless receiver to collect meter readings from hundreds of homes at once.
As a matter of principle, all technologies that can transmit or collect information from consumers must meet a standard level of data protection, regardless if that information may seem unimportant or not.
During their study, Ishtiaq Rouf and his colleagues were surprised to find that the electronic and gas meters used an unsecure channel for their wireless signals and found that by using $1,000 worth of radio equipment and instructions that are easily found online, they could intercept and monitor the broadcasts of houses from as far away as 300 metres. By positioning themselves in the right spot, they were able to monitor an entire neighbourhood of 485 homes at once and by watching the energy levels rise and fall throughout the day, could accurately identify which homes were empty.
An aerial map showing the success of the team's attempt (laptop) to intercept meters within a neighbourhood (triangles and circles).
Although there is no evidence of meter hacking at the moment, the potential misuse by criminals, who are known to watch homes for signs of activity, is certainly there. Again, the meter study wasn’t focused on extreme tampering, just the basic measures that all communications systems should be protected against. The meters that the team discovered in use in the United States used “a basic frequency hopping wireless communication protocol and show no evidence of attempting to ensure confidentiality, integrity, and authenticity of the data”.
The findings of the research team did not name any specific utility companies or meter models. Their work was presented at the Conference For Computer Communications And Security and has been published as a paper for review.