October 18, 2012 | Jim Giles
CRIMINALS no longer need to stake out a home or a business to monitor the inhabitants’ comings and goings. Now they can simply pick up wireless signals broadcast by the building’s utility meters.
In the US, analogue meters that measure water, gas and electricity consumption are being replaced by automated meter reading (AMR) technology. Nearly a third of the country’s meters – more than 40 million – have already been changed. The new time-saving devices broadcast readings by radio every 30 seconds for utility company employees to read as they walk or drive around with a receiver. But they are not the only ones who can tune in, says Ishtiaq Rouf at the University of South Carolina in Columbia, and his colleagues.
The team picked up transmissions from AMR meters – operated by companies that they did not name in their paper – and reverse-engineered the broadcasts to monitor the readings. To do this they needed about $1000 worth of open-source radio equipment and information available through online tutorials.
“I consider it an embarrassment that this kind of technology is deployed with no protection whatsoever,” says Klaus Kursawe, a security researcher at Radboud University Nijmegen in the Netherlands, who was not involved in the work. “It is well known by now how to properly and economically secure communication for such a device.”
The security flaws could be a gift to technically adept criminals. Broadcasts can be read 300 metres away and the research team was able to monitor almost 500 meters simultaneously. Because energy usage often drops to near zero when a house is empty, the readings could be used to identify which owners are at work or on holiday.
There are easier ways to determine whether a house is empty, says team member Marco Gruteser at Rutgers University in North Brunswick, New Jersey. “But it’s bad practice for meters to shout out that a house is vacant while police departments recommend keeping the lights on and the mailbox empty to make your house look occupied.”
The team’s work was presented this week at the Conference on Computer and Communications Security in Raleigh, North Carolina.