October 20, 2012 report
Automated meter reading systems make life easy for intruders
Intruders can tune into the same information, however, according to Ishtiaq Rouf and his colleagues, authors of a paper that delivers a security analysis of AMR systems.
More than 40 million meters in the United States have been equipped with AMR technology over the past years. The smart meters collect energy consumption data which could reveal sensitive personal information from homes, they said. Because energy usage often drops to near zero when a house is empty, the readings could be used to identify which owners are at work or traveling. Their work shows that currently deployed AMR systems are vulnerable to spoofing attacks and privacy breaches. The research was presented earlier this week at the 19th ACM Conference on Computer and Communications Security, which ran from October 16 to 18 in Raleigh, North Carolina.
The AMR meters that they studied make data publicly available over unsecured wireless transmissions. "They use a basic frequency hopping wireless communication protocol and show no evidence of attempting to ensure conﬁdentiality, integrity, and authenticity of the data," added the research team.
They picked up transmissions from AMR meters operated by companies. They said that the communication protocol can be reverse-engineered with only a few days of eﬀort. They made use of radio equipment and information available through online tutorials. They used software radio equipment publicly available for about $1,000 (GNU Radio with the Universal Software Radio Peripheral). "We were able to both eavesdrop on messages as well as spoof messages to falsify the reading captured by a commonly used 'walk-by' reader," they said. Through wireless monitoring, they harvested consumption data from 485 meters within a 300m radius region.
As remedies, the authors suggested alternative schemes based on defensive jamming, which they said may be easier to deploy than upgrading meters themselves. Jamming could protect against the leakage of legacy devices and requires no modiﬁcation of the deployed meters.
© 2012 Phys.org