Some Smart Meters Broadcast Readings in the Clear 138
alphadogg writes "University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you're at home. The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received."
Perhaps more distressing, given trends in 4th amendment interpretation, I bet the transmissions are open game for law enforcement.
Reaching for paranoia (Score:3, Insightful)
So let me get this straight... if somebody wants to know when you're home, they're going to run out and buy a radio and learn to use it, then sniff your meter's transmissions, then analyse them for periodic components, then correlate that with known patterns... rather than just waiting to watch you leave?
Re:Reaching for paranoia (Score:5, Insightful)
If someone wants to know who all houses in the neighborhood that are currently empty, yes this is the best way to do it. You can also identify which houses have no neighbors at home. I could also be very useful, if you are trying to improve your efficiency and are targeting more than one house at the same time.
Re:Reaching for paranoia (Score:4, Insightful)
Re:Reaching for paranoia (Score:5, Insightful)
Efficiency doesn't matter much in a robbery - reliability does. Sure, you can get an expectation that a dozen houses are empty from sniffing, but an expectation doesn't keep you out of jail. Last time I was out sick from work, I spent the day in my living room reading a book, with no TV or additional lights on. You'll still need to do some plain old watching to pick targets. All you'd gain with the meters' transmissions is knowing that most folks will use less electricity during the day.
I can't recall ever hearing about a string of thefts in more than two houses at a time. If you're getting away with one robbery free and clear, why risk getting caught at the second one with all the loot from the first? That's just asking for more jail time.
Besides it costs nothing to use public key encryption on these. There is no reason why these should not be encrypted.
I'm going to guess you don't do any IT management. There's always a cost. In this case, the decryption keys for each device must be managed [slashdot.org] properly to maintain any actual security.
Re:Reaching for paranoia (Score:5, Insightful)
Also this is more efficient, it allows robbers to target more houses that it was possible before.
That's exactly how a PhD would approach robbing a house - by collecting scientific data, analyzing it, and then offering a hypothesis (you are at home or not.)
However real life thieves do it in a better way. They throw a brick through the rear door and disappear. If nothing happens within 15-20 minutes then they know that all of the following is true: nobody is at home; there is no alarm; there are no dogs; the neighbors heard nothing. Then the house is safe to approach.
You see, there is no need to know if neighbors are at home or not. This is useless information. What is not useless, however, is whether they hear the commotion or not. Similarly, it is pointless to know if you are at home or not. An alarm may be at home in your place, guarding better than you would. The method that thieves use checks for the end condition directly - and it requires minimum IQ.