Smart meters not so clever about privacy, researchers find

A University of South Carolina study found smart meters transmitting plain text information that could be used against home owners

Researchers at the University of South Carolina have discovered that some types of electricity meter are broadcasting unencrypted information that, with the right software, would enable eavesdroppers to determine whether you're at home.

The meters, called AMR (automatic meter reading) in the utility industry, are a first-generation smart meter technology and they are installed in one third of American homes and businesses. They are intended to make it easy for utilities to collect meter readings. Instead of requiring access to your home, workers need simply drive or walk by a house with a handheld terminal and the current meter reading can be received.

While many gas and water AMR meters continuously listen for a query signal from a meter reading terminal and only transmit a reading when requested, the researchers found at least one type of electricity meter works on the opposite principle. It continuously sends a meter reading every 30 seconds around the clock.

"We had heard a lot about smart meters, about how great and how efficient they were," said Wenyuan Xu, an assistant professor at the University of South Carolina, speaking to IDG News Service. "We thought about privacy and wondered how secure are they meters currently in use."

It turns out, not very.

The tools were simple: a $1,000 Universal Software Radio Peripheral software-defined radio, an amplifier, and the freeware GNU Radio software, plus of course, the team's knowledge of wireless protocols and data processing.

The first job was capturing the data. The team found that the meters transmit every 30 seconds by hopping through a number of frequencies, but the cycle of frequencies chosen isn't random so the pattern can be predicted.

Then, with just a few days work, Xu and her team were able to deconstruct the proprietary protocol used by the meters thanks to documentation they found on the Internet and information freely disclosed by meter makers.

"Once we got the raw signal, we processed it, and reverse engineered it," she said.

Using an off-the-shelf antenna and amplifier, the researchers were able to capture packets from electricity meters at a distance of up to 300 meters. In the neighborhood where they tested, they were able to receive packets from 106 electric meters.

The data sent was in plain text and carried the identification number of the meter and its reading. The name of the home owner or the address aren't included, but anyone motivated enough could quickly figure out the source.

"The meter ID was printed on the front of the meter we looked at, so theoretically you could read the ID [off a target meter] and try to sniff packets," Xu said.

In her tests, Xu found she was able to pull packets out of the air from target meters between once every 2 to 10 minutes. That's fast enough to be able to work out the average power consumption of a house and notice start to deduce when someone is at home.

"Smart meters should be encrypted," said Xu.

The good news is a new generation of meters based on a more advanced technology, called AMI (advanced metering infrastructure), are supposed to employ encryption. Guidelines from the National Institute of Standards and Technology's Smart Grid Interoperability Panel made such a recommendation in a 2010 report.

"Should designers and manufacturers of smart meters or secondary devices decide to incorporate wireless technology for the purpose of communicating energy usage information, then that data must be securely transmitted and have privacy protection," the report said.

But that's too late for the AMR meters already installed across the U.S.

There are 46 million AMR meters in use in 2011, according to a U.S. Department of Energy report. That represents about one in three houses and businesses. While they are likely to be replaced with AMI meters, the slow upgrade cycle of utility companies could mean they remain in use for years to come.

It's unclear if all AMR meters behave the same way. Xu didn't want to reveal the maker of the meter her team targeted in case it spurs others to try the same thing.

There's also no evidence to suggest that burglars have ever used AMR meters as a way of predicting when a home owner will be present or away, but the research does highlight the potential nefarious uses of electricity consumption data and the need to ensure next-generation platforms are more secure.

A paper describing Xu's research can be found on her website.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags University of South Carolinasecuritydata protection

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Martyn Williams

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place