For all the concern that next-generation “smart” electric meters are vulnerable to hacks or snooping, some older meters that have been widely used for years could be even less secure, researchers have found.
The meters scrutinized were equipped with “automatic meter reading” or AMR technology, which wirelessly send a utility information about a customer’s electric usage. This is meant to save time: utility workers can drive by and get customers’ data quickly, rather than having to walk into every alley or backyard to read meters one at a time.
However, researchers from the University of South Carolina discovered that they could read meter signals at a 400-unit housing complex in such detail they could determine that 27 units were unoccupied. And because the meters send out data every 30 seconds, the researchers could infer some residents’ daily habits by spotting sudden jumps in electricity usage. In their paper, the researchers wrote that in one unit in the complex, “the owners got up at 7 a.m., left for work at 9 a.m., and returned home around 6 p.m. on Friday.”
This isn’t necessarily an easy vulnerability for a burglar to exploit; spying on specific individuals would require looking at actual meters at least once to write down an ID number to correlate with the wireless data. Nonetheless, the research shows that these meters are “worse than smart meters” in terms of overall security protections, says Wenyuan Xu, a computer scientist who led the study. It was released this week at a computer and communications security conference.
In contrast to AMR meters, new smart meters allow two-way communication between the customer and the utility, making possible a series of innovations often called the “smart grid.” For example, with the more advanced meters, utilities could shut down high-load appliances during peak periods, if customers agree.
Because these next-generation meters are more powerful, hacking them could cause many kinds of damage or privacy violations (see “Meters for the Smart Grid” and “Rage Against the Smart Meter”). However, smart-meter data is encrypted, while data from today’s AMR systems is not. Also, while security holes in smart meters can be fixed wirelessly with a software patch, making AMR systems more secure would require hardware replacement.
Earlier research has shown it’s possible to infer how many people are occupying a home by snooping on electricity usage data. “It’s not good engineering practice to have these devices shout out occupancy information from houses, when police are telling you to leave lights on when you go on vacation,” says Marco Gruteser, a wireless security researcher at Rutgers University, who participated in the study.
Sidhant Gupta, a researcher at the University of Washington who studies privacy and security issues surrounding utility meters, adds: “If an AMR meter is relaying data every 30 seconds, then it is a very real threat.” The researchers did their work with expensive hardware, but Gupta says $50 systems could work just as well.
Some 47 million AMR systems are installed in the United States. But they do not all work the same way, and not all would be vulnerable to the exploit used in the South Carolina research. Some versions of AMRs—mostly battery-operated ones on gas meters—work only when “woken up” by a meter reader’s device. And some systems may wirelessly send an ID number different from the one printed on the meter, making it harder to correlate meters with individual people.
Xu said privacy could be improved, if desired, by using jamming devices that send out noise along with the real signal. The meter reader could have a device that filters out the extra signal.
The gene-edited pig heart given to a dying patient was infected with a pig virus
The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.
Meta has built a massive new language AI—and it’s giving it away for free
Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3
Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging
The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.
The dark secret behind those cute AI-generated animal images
Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.