WIS Investigation: students test security of utility's Automatic Meter Reading
COLUMBIA, SC (WIS) - It seems innocent enough. It makes no noise.
Your utility meter just churns away at the side of your home, but the information it's cranking out has computer science graduate students at USC talking.
"At least they're not widely deployed so we wanted to study what type of utility meters are deployed now," said Wenyuan Xu with the USC Department of Computer Science. "Are they secure?"
Most are AMR or Automatic Meter Reading.
SCE&G uses more than 570,000. Their web site claims it's simple. Wirelessly they send usage data to a truck riding through neighborhoods, using what they claim are secure radio frequencies. How much data?
"They actually send out a consumption reading once every 30 seconds," said Xu. "So that's kind of a lot of data. If someone is peeking on you once every 30 seconds, I wouldn't feel comfortable about that."
Wanting to know more, students went to Google. They didn't get far.
"How do they communicate? Is there any standard?" asked Xu. "It turns out they all use proprietary communications, protocol."
Meaning the details are hidden. The students didn't stop, eventually getting a meter and creating their own receiver.
"Let's just go out, use our device and capture some packets and try to figure out what they mean," said Xu.
That's exactly what they did, hiding in bushes outside midlands homes.
"One of my student's neighbors was not happy about that," said Xu. "Always came and said, 'What are you guys doing? I have kids that live here.'"
She should be concerned. In a short time students captured "secure" information and moved on to West Columbia.
"So we actually did set up an eavesdropper, or a sniffer, tried to find out how many meters we can receive," said Xu. "So at one single spot we were able to receive almost 500 meter readings."
They gathered information from several homes over a week, randomly picked one house, and easily had the owners lifestyle.
"We found out that the owner has a job because he left home at 9:00 a.m. every day, came back home at 6:30 p.m. and weekday consumption pattern is totally different from weekend consumption pattern," said Xu.
Different enough to give any cunning thief a good idea of when to break in. They also could manipulate the numbers, inflating a neighbor's bill.
"Maybe you can even tell utility company, 'Oh you owe me money, actually I supplied utility electricity to the power grid,'" said Xu.
Using a louder signal, they drowned out the signal coming from the meter.
"Our hand held meter was fooled by our system," said Xu.
"That was a little bit surprising to us, how easy it is. Okay, I take that back, that's for us, I don't want people to think it's easy," said Xu.
It's easy if you've got a little bit of knowledge in computer science. Easy because we discovered the utility companies aren't protecting your personal information.
"The meters should have been designed that all the transmissions should have been encrypted," said Xu. "No personal information should be sent out in plain text."
It's scary at the same time I really hope that any person that designs wireless systems just keep in mind, encrypt everything," said Xu.
USC shared what they found with the utilities.
"We talked with utility companies," said Xu. "They're aware of the issue. We hope they can fix the problems soon."
WIS News 10 asked for an on-camera interview. Instead they called us back with information and this statement:
"We realize that information security is top of mind with a lot of folks here in South Carolina these days. I can assure you there is no risk whatsoever of the personal information of our customers - names, addresses, social security numbers, etc. - being compromised through our use of automated meter reading technology."
When we raised questions about gaining access and being able to tell no one was home they had this to say:
"It might also suggest that someone simply turned off the TV and the computer and is quietly nestled up reading a book or a magazine."
Students know it could be costly for utility companies to fix systems already installed either with new meters or by changing the system's software or firmware, they but worry without encryption that information could be compromised.
In the US alone, 1,000 private and public utility companies have or are implementing AMR systems. They say it improves the quality of work, making them more efficient.
Copyright 2012 WIS. All rights reserved.