Some Smart Meters Broadcast Readings in the Clear 138
alphadogg writes "University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you're at home. The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received."
Perhaps more distressing, given trends in 4th amendment interpretation, I bet the transmissions are open game for law enforcement.
Re:Reaching for paranoia (Score:5, Informative)
Or a thief could just go jogging around the block for a while in the morning.
Reconnaissance on a big public target like a house is trivially easy, even without exploiting new technology, but let's all go ahead and panic now that it's been brought to our attention.
Re:Not home? (Score:3, Informative)
The tools were simple: a $1,000 Universal Software Radio Peripheral software-defined radio, an amplifier, and the freeware GNU Radio software, plus of course, the team's knowledge of wireless protocols and data processing.
Yeah really, it's not like home burglars are gonna buy this equipment, enroll in CS/EE courses at the local university, and learn wireless protocols so they can figure out if the owner is home before they rob it.
The submitter's distress over 4th amendment rights is equally stupid. If the spooks and cops wanna know your power usage, they can just pick up the phone and call the power company.
These are not smart meters. They are remote read. (Score:4, Informative)
I know something about these meters. First of all, they give you the current meter reading in KWH, not how much current is currently in use; you would have to take multiple samples to get that.
Second of all, they are very omnidirectional and have a reasonable range, so someone can read them from the street on most houses. Which means they get several houses with any reader. The unique identifier is easily determinable, in our case it's stamped on the back side of the meter, all you have to do is pull it off the base and check it. The meters are programmed with a route and subroute number, and respond to an unencrypted transmission asking for their info by broadcasting it.
As far as the 4th amendment is concerned, the police would need a warrant to get all the bits and pieces together to connect a particular meter with a particular house in the first place.
Finally, the readers cost us roughly $8k each. While I'm sure it's doable cheaper, I don't see people putting that kind of effort into this. Especially as the same info can be gotten by walking up and looking at the meter. While I certainly have my concerns of security for real 'smart meters' these are not what we should focus on.
Re:Best implication I can think of... (Score:3, Informative)
Pot farms usually bypass their meter so their high usage doesn't show up. Utilities already report irregular usage to Law Enforcement based on their normal readings. There's no need for LE to go war driving. The utilities furnish that information already.
Re:Someone will make a tool. (Score:3, Informative)
There is already a cheap way to do that for digital SLR camera using photographic film to block visible light. My hobbyist friend does it to take infrared photography. It is so amazing how the world looks in infrared: http://en.wikipedia.org/wiki/Infrared_photography
Re:Someone will make a tool. (Score:4, Informative)
That is not the wavelength you're looking for. Cheap cameras can see into the near infrared, not the mid/long infrared of thermal imaging.
Re:Not home? (Score:4, Informative)
I develop similar products for the water industry, and we actually looked at interoperability with meter reading equipment, so I know of what I speak.
You don't really need a $1000 SDR. In fact a cheap $20 one off eBay will work, but actually all of this kit uses a small number of widely available radio chipsets (e.g. Texas 11xx range), usually on 868MHz or sometimes on one of the reserved meter reading bands. Often the protocol is wireless MBUS, sometimes it is a simple proprietary one.
You can buy modules with amplifiers built in for $20, and then you just need a good antenna and some programming knowledge. It wouldn't be hard to develop a little device that reads the data, just like the ones the power company uses, and sell it for say $200. No skill required to use it. The only plus side is that they don't usually transmit the property address with the power consumption data, only a customer ID or something like that, so it could be hard to tell which reading belongs to which house.