Skip to Content

Another Reason for "Smart" Electric Meters

New research finds some existing meters have security holes that the next generation does not.
October 19, 2012

For all the concern that next-generation “smart” electric meters are vulnerable to hacks or snooping, some older meters that have been widely used for years could be even less secure, researchers have found.

The meters scrutinized were equipped with “automatic meter reading” or AMR technology, which wirelessly send a utility information about a customer’s electric usage. This is meant to save time: utility workers can drive by and get customers’ data quickly, rather than having to walk into every alley or backyard to read meters one at a time.

However, researchers from the University of South Carolina discovered that they could read meter signals at a 400-unit housing complex in such detail they could determine that 27 units were unoccupied. And because the meters send out data every 30 seconds, the researchers could infer some residents’ daily habits by spotting sudden jumps in electricity usage. In their paper, the researchers wrote that in one unit in the complex, “the owners got up at 7 a.m., left for work at 9 a.m., and returned home around 6 p.m. on Friday.”

This isn’t necessarily an easy vulnerability for a burglar to exploit; spying on specific individuals would require looking at actual meters at least once to write down an ID number to correlate with the wireless data. Nonetheless, the research shows that these meters are “worse than smart meters” in terms of overall security protections, says Wenyuan Xu, a computer scientist who led the study. It was released this week at a computer and communications security conference.

In contrast to AMR meters, new smart meters allow two-way communication between the customer and the utility, making possible a series of innovations often called the “smart grid.” For example, with the more advanced meters, utilities could shut down high-load appliances during peak periods, if customers agree.

Because these next-generation meters are more powerful, hacking them could cause many kinds of damage or privacy violations (see “Meters for the Smart Grid” and “Rage Against the Smart Meter”). However, smart-meter data is encrypted, while data from today’s AMR systems is not. Also, while security holes in smart meters can be fixed wirelessly with a software patch, making AMR systems more secure would require hardware replacement.

Earlier research has shown it’s possible to infer how many people are occupying a home by snooping on electricity usage data. “It’s not good engineering practice to have these devices shout out occupancy information from houses, when police are telling you to leave lights on when you go on vacation,” says Marco Gruteser, a wireless security researcher at Rutgers University, who participated in the study.

Sidhant Gupta, a researcher at the University of Washington who studies privacy and security issues surrounding utility meters, adds: “If an AMR meter is relaying data every 30 seconds, then it is a very real threat.” The researchers did their work with expensive hardware, but Gupta says $50 systems could work just as well.

Some 47 million AMR systems are installed in the United States. But they do not all work the same way, and not all would be vulnerable to the exploit used in the South Carolina research. Some versions of AMRs—mostly battery-operated ones on gas meters—work only when “woken up” by a meter reader’s device. And some systems may wirelessly send an ID number different from the one printed on the meter, making it harder to correlate meters with individual people.

Xu said privacy could be improved, if desired, by using jamming devices that send out noise along with the real signal. The meter reader could have a device that filters out the extra signal.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.