Some smart electricity meters are stupid about privacy

Researchers at the University of South Carolina have discovered that some types of electricity meters broadcast unencrypted information that eavesdroppers with the right software could use to determine whether you're at home or not.

The automatic meter reading devices are installed in about one-third of U.S. homes and businesses. They make it possible for utility employees to get accurate meter readings by simply walking by a building with a handheld device, instead of physically accessing the premises and recording readings manually.

But at least one type of meter sends out a signal every 30 seconds regardless of whether a meter reader requested it, and that creates privacy risks.

Wenyuan Xu, an assistant professor at the University of South Carolina, said her team was able to capture data from electricity meters at a distance of up to 300 meters (about 984 feet). The data was in plain text and included the meter ID number; the name and address of the building's owner were not included, but it was possible to figure out that information.

Xu said she was able to pull data from target meters once every two to 10 minutes. With such frequent readings, it's possible to calculate the rate of power consumption in a house and determine whether someone's at home or not.

A new generation of meters is supposed to include encryption. But it's unclear whether the meters already installed will be replaced and, if so, when that might happen.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about mobile/wireless in Computerworld's Mobile/Wireless Topic Center.

Tags: University of South Carolina, Mobile/Wireless, security, Networking, wireless, mobile security, mobile

The risks of sticking with Windows XP

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Web Gateway

Balancing the requirement for strong network security with the need to harness collaborative web technologies is essential for business growth.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.