Automated meter reading systems make life easy for intruders

Oct 20, 2012 by Nancy Owano report
An aerial view of the neighborhood where the researchers performed their eavesdropping experiments. Each blue triangle or red star represents a group of four or five meters mounted in a cluster on an exterior wall. Using an LNA and a 5 dBi omnidirectional antenna, they were able to monitor all meters in the neighborhood. Some sniffed meters may be out of the scope of this view. Credit: Ishtiaq Rouf et al.

(Phys.org)—Intruders of the break-in and snooping variety have their work cut out for them by just picking up wireless signals that are broadcast by utility meters, say researchers from the University of South Carolina at Columbia, IEEE and Rutgers. As with many other technological advances that bring new pathways for criminals, advances in meters have created concerns about intrusions. Millions of analogue meters to measure water, gas and electricity consumption have been replaced by automated meter reading (AMR) in the U.S. The newer method enables devices to broadcast readings by radio every 30 seconds for utility company employees to read as they walk or drive around with a receiver.

Intruders can tune into the same information, however, according to Ishtiaq Rouf and his colleagues, authors of a paper that delivers a security analysis of AMR systems.

More than 40 million meters in the United States have been equipped with AMR technology over the past years. The collect energy consumption data which could reveal sensitive personal information from homes, they said. Because often drops to near zero when a house is empty, the readings could be used to identify which owners are at work or traveling. Their work shows that currently deployed AMR systems are vulnerable to spoofing attacks and privacy breaches. The research was presented earlier this week at the 19th ACM Conference on Computer and , which ran from October 16 to 18 in Raleigh, North Carolina.

The AMR meters that they studied make data publicly available over unsecured wireless transmissions. "They use a basic frequency hopping wireless communication protocol and show no evidence of attempting to ensure confidentiality, integrity, and authenticity of the data," added the research team.

They picked up transmissions from AMR meters operated by companies. They said that the communication protocol can be reverse-engineered with only a few days of effort. They made use of radio equipment and information available through online tutorials. They used software radio equipment publicly available for about $1,000 (GNU Radio with the Universal Software Radio Peripheral). "We were able to both eavesdrop on messages as well as spoof messages to falsify the reading captured by a commonly used 'walk-by' reader," they said. Through wireless monitoring, they harvested consumption data from 485 meters within a 300m radius region.

As remedies, the authors suggested alternative schemes based on defensive jamming, which they said may be easier to deploy than upgrading meters themselves. Jamming could protect against the leakage of legacy devices and requires no modification of the deployed meters.

Explore further: Coping with floods—of water and data

More information: Research paper: www.winlab.rutgers.edu/~grutes… ers/fp023-roufPS.pdf

via Newscientist

Related Stories

Report: 'Smart' meters have security holes

Mar 26, 2010

(AP) -- Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously ...

Smart meters raise suspicions

Mar 12, 2011

Coast to coast, from Maine to Marin County, Calif., the number of homes being outfitted with smart meters that keep a close eye on homeowner electricity use is on the rise. And so is the number of folks who think smart meters ...

Recommended for you

Coping with floods—of water and data

Dec 19, 2014

Halloween 2013 brought real terror to an Austin, Texas, neighborhood, when a flash flood killed four residents and damaged roughly 1,200 homes. Following torrential rains, Onion Creek swept over its banks and inundated the ...

Cloud computing helps make sense of cloud forests

Dec 17, 2014

The forests that surround Campos do Jordao are among the foggiest places on Earth. With a canopy shrouded in mist much of time, these are the renowned cloud forests of the Brazilian state of São Paulo. It is here that researchers ...

User comments : 17

Adjust slider to filter visible comments by rank

Display comments: newest first

Osiris1
2.3 / 5 (12) Oct 20, 2012
Owh, you mean some Dilbert with this stuff can give me a ten thousand buck utility bill? And the Electric companies do not care. Why should they care, they laugh all the way to the bank. They are a monopoly...where ya gonna go?
IronhorseA
3.3 / 5 (7) Oct 20, 2012
Owh, you mean some Dilbert with this stuff can give me a ten thousand buck utility bill? And the Electric companies do not care. Why should they care, they laugh all the way to the bank. They are a monopoly...where ya gonna go?


Or with the same stuff you can minimize your bill ;P
Doug_Huffman
2.6 / 5 (9) Oct 20, 2012
Associated with your electric co. account is descriptive consumption statistics, variation and deviation, if the variation exceeds the standard then the account will be examined.
Anonym
3.4 / 5 (21) Oct 20, 2012
Note to article writer: to "have one's work cut out for him" means to have a difficult job to do, not to have a job facilitated by something.
TheKnowItAll
1.9 / 5 (9) Oct 20, 2012
I find it quite irrelevant. Enhancing the security only makes it harder and will give a false sense of security. Besides how is it worse than before when all you needed was a pair of eyes and a scope for distance reading? Someone give that guy his paranoia pill before I receive another useless bill for upgrading my meter! lol
DavidW
1 / 5 (12) Oct 20, 2012
The reason for privacy:

None of us can change the past. –self-evident truth
We are all equal. –self-evident truth based on the self-evident truth above
We are all important. –self-evident truth based on the self-evident truth that the most important thing in life is life
Self-evident truths are the word of god. None of this, "…down the rabbit hole", stuff. No matter what anyone says, the word of god, the truth, says, "Life is important".
We all have unknown vulnerabilities that can be exploited by privacy breaches.
Privacy breaches cannot be undone.
Any thought, mentality, decision, or action taken that reduces privacy without necessity is not accepting the self-evident truths above, and therefore is not a choice/action taken based on truthful reality. Given the importance of life… Decisions to reduce privacy should not be accepted as based on anything truthful, unless such privacy reductions are required by life.
DavidW
1 / 5 (10) Oct 20, 2012
Companies that make choices to remove or impede the privacy of others are actually asking others to believe in, "…down the rabbit hole", stuff. Clearly the decision makers at such companies are not currently accepting truthful reality and as such, these companies should be avoided whenever there is a choice to do so.
Examples of companies making choices that are not based on truthful reality:
Requiring users to opt-out / removing the privacy of others without their direct consent
Hiding the "Save Settings" button for privacy settings where the user must scroll the screen to get to it
Navigating a user away from their previous page so that the user must go back in to adjust other privacy settings
Using icons that a novice user may not understand
Newbeak
1 / 5 (2) Oct 20, 2012
Whats wrong with simply knocking at the front door to see if someone is home?
Argiod
2.3 / 5 (12) Oct 20, 2012
Whats wrong with simply knocking at the front door to see if someone is home?


...a crook who wants to know when you're on vacation would not knock on your door if he can simply note that you haven't used any electricity for a few days..

...a jealous or jilted lover could cause all sorts of harm, and also would not knock on your door...
Argiod
2.2 / 5 (10) Oct 20, 2012
Associated with your electric co. account is descriptive consumption statistics, variation and deviation, if the variation exceeds the standard then the account will be examined.


Easy way around this is to lower your apparent consumption gradually over time.

Drug dealers could also mask the use of high power halogen lamps used for growing pot, and not trigger an examination of the account.
antialias_physorg
3.7 / 5 (9) Oct 20, 2012
Whats wrong with simply knocking at the front door to see if someone is home?

Because if someone opens you can never rob the place without the owner saying to the cops: "But now that you mention it: a couple days ago this stranger knocked at my door...I'll give you his description"

The simplest way to circumvent the meter problem (and one that should have been implemented as a matter of course) is encryption. Load each meter up with a few megabytes of ROM on installation of which only the utilities company holds a copy and you can read that meter safely basically forever (one-time-pads are unbreakable unless you have access to the ROM).

The guy reading it doesn't even have to have the codes. He just collects. No one can change it. No one can spoof it. and no one can read it (except the utilities company)
alaskascientist
4 / 5 (8) Oct 20, 2012
To the author of this article: You've incorrectly used the term "to have one's work cut out for them". That phrase means it's going to be hard work. You should edit your piece. This is a grossly incorrect statement. It makes wonder about the validity of the article when the writer can't use correct English. What else is incorrect about this article?
IronhorseA
1 / 5 (1) Oct 20, 2012
I find it quite irrelevant. Enhancing the security only makes it harder and will give a false sense of security. Besides how is it worse than before when all you needed was a pair of eyes and a scope for distance reading? Someone give that guy his paranoia pill before I receive another useless bill for upgrading my meter! lol


Actually, the water meter is in the house, in the old days they had to knock on the door and come in to read it.
Silverhill
3 / 5 (4) Oct 20, 2012
Anonym and alaskascientist:
"To have one's work cut out for one" did not originally mean "it's going to be hard work". According to the World English Dictionary's entry on "cut out" (def. 13) (http://dictionary...owse/cut out?s=t), it means "to have as much work as one can manage".
This does not implicitly mean that the work will be especially difficult.

The original sense of it, it seems to me, was tailor's work: if the needed pieces of cloth are already cut out and waiting for you when you start work, you can get more done in a day because you don't have to spend time making preparations. This probably means "a lot of work is waiting for you", but it does not have to mean that the work itself will be difficult.

So, before you accuse the writers of using "a grossly incorrect statement", do some research and thinking. You *might* be wrong.
Bowler_4007
2 / 5 (4) Oct 21, 2012
The simplest way to circumvent the meter problem (and one that should have been implemented as a matter of course) is encryption. Load each meter up with a few megabytes of ROM on installation of which only the utilities company holds a copy and you can read that meter safely basically forever (one-time-pads are unbreakable unless you have access to the ROM).

I dunno about the proof of OTPs being unbreakable but if someone has a rough idea of what the data should be it will be cracked eventually although the person trying to get the data will almost certainly be dead as it will be like billions of years later... Even if nothing is known about the data it will still be accidentally cracked even if no one knows which is the correct one... I don't believe in unbreakable ciphers, I do believe in implementations where it is impractical to even bother trying
Meyer
1 / 5 (1) Oct 21, 2012
The original sense of it, ...

Interesting, but the article was written in 2012. The idiom now means "to face a difficult task" to pretty much everyone.
antialias_physorg
3.7 / 5 (3) Oct 21, 2012
I dunno about the proof of OTPs being unbreakable but if someone has a rough idea of what the data should be it will be cracked eventually

That's the beauty of an OPT. There is no way to do a statistical analysis on it - provided you generated the key with a true random number generator like a radioactive decay as can be gotten here:
http://www.fourmi...hotbits/
As long as the hacker has no access to the key itself (which would require physically breaking into the house to get at the meter or physically breaking into the utilities company vault) you can listen for infinity and never decode a word of it.

For a brief overview why it is secure see here:
http://en.wikiped...time_pad

The downside of OPTs is: you need as much key as you need data. That's why it isn't used for general encryption. But a meter puts out only a few kB per reading. So with a 100MB of key installed you're set for life.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.