Smart meters have been much in the news as of late, and for those of you unfamiliar with this term, a smart meter is usually an electrical meter that records consumption of electric energy in intervals of an hour or less and communicates that information at least daily back to the utility for monitoring and billing purposes. Smart meters enable two-way communication between the meter and the central system. Unlike home energy monitors, smart meters can gather data for remote reporting. Such an advanced metering infrastructure (AMI) differs from traditional automatic meter reading (AMR) in that it enables two-way communications with the meter.
These meters communicate in a variety of ways
Modulation over power lines WiFi/WiMax (IP based) Cell phone network Short range point to point wireless Private wireless network (RF mesh)
Each of these methods of phoning home produce some interesting and unwanted exposures to personal privacy as well as allowing the potential for these devices to be hacked.
Since I live in Florida, FP&L received a very large government grant to install these devices throughout its service area. Now FP&L uses an IP (Internet Protocol) based RF mesh to communicate with their meters.
Each meter is equipped with a full two-way 900 MHz radio transmitter that sends and receives information to an access point that is also radio-equipped. The access point is the collection point for the meter information that is sent back into an FPL system.
Each access point, which is typically mounted on a power pole, is the size of a shoe box and can handle communications to thousands of meters. New RF mesh technology expands the ability of a meter to communicate to an access point by allowing the signal to be relayed off of other meters to find a path and maintain the connection required for communications.
Gosh I wonder just how easy it might be to penetrate one of these devices.
Wireless headphones can be a wonderful way to help clear up the clutter inherent in most desktop PC systems. However, after plugging a wall wart in, and the headphone jack into the computer, and using an old set of JVC 900 MHz wireless headphones (and a generic 900MHz transmitter), Realizing that the transmitter used a 12V DC source, powered with a USB port this provides +12V, +5V, and two ground lines). Now simply wire the audio-in line directly onto the sound card headers rather than feeding out a headphone jack to the back. Then wrapped the whole thing in plastic to prevent unwanted shorting and placed it back in the PC, leaving you with a very functional 900 MHz wireless system.
This simple setup in theory could be used as a DOS (Denial of Service) to a single access point for thousands of these devices, but what if you wanted to take it a step further and actually access individual meters and shut down power to those devices or to change them.
Now if you have been working in IT as long as I have you may be familiar with the Arlan APs and bridges that used 10baseT Ethernet that operated at 900 MHz, and have a data rate of 215 Kbps or 860 Kbps.
They also made a number of complementary PCMCIA radio cards (the 655-900, 690-900, and PC1000, for example). These devices put out up to a whopping 1 Watt at 900 MHz NCR had the WaveLAN 900 MHz line that included an ISA and PCMCIA card that would push 2 Mbps at 250mW.
While the data rate can’t compare to modern wireless networking gear, the higher power and lower frequency of this equipment offers significant advantages.
A number of manufacturers offer serial or Ethernet to 900 MHz bridges. While Ethernet is generally preferable, the serial devices are perfectly capable of supporting a PPP connection between two sites. If you need to create a long distance point-to-point link (particularly where clean line of sight just isn’t possible) and can cope with limited data rates, then this equipment might be right for your project. Expect the hardware to be difficult to locate and a bit more expensive than the typical consumer grade 802.11b equivalent.
Using this type of technology you can actually see the APs and the nodes (Smart meters) just like devices on any Ethernet network, right from your desktop and now a whole world of hacks and spoofs, DOS attacks and syn floods become available.
This covers a very basic introduction into how insecure these devices could be; now let’s deal with privacy issues.
First it is a blatant invasion of privacy; here are just some of the data mining Electric Companies can do with a Smart meter, or anyone who can access the information they gather.
· They can see when you turn appliances on and off. · They can measure the power consumption of individual appliances. · They record your personal living patterns. · Data about occupant’s daily habits and activities are collected, recorded and stored. · “Smart Meters” are, by definition, surveillance devices which violate Federal and State wiretapping laws
In a nutshell with this type of technology you are under surveillance 24 hours a day in your own home. Your living patterns can be clearly identified and then numbers mashed together in a database to reduce a person or a household to an IP address that gives this company the ability to read your lifestyle, habits and behavior.
This sounds like Orwell’s 1984.