Cracking a smart meter

Smart electricity meters are clever meters that are connected to the Internet so they can send data back to the power company about your minute by minute electricity usage for billing purposes. If burglars could get hold of data from a smart electricity meter they can tell whether you are in or not (See Smart meter snooping).

How could anyone other than the power company get the data though? A German research team led by Dario Carluccio decided to see if it was possible. They have shown that the data from at least one kind of smart meter can be intercepted by anyone with the right software. Data needs to be encrypted - transmitted using an uncrackable code - to be safe from prying eyes. For the smart meter they examined that wasn't done securely. They could not only intercept the data, they could even tamper with what was sent back to the company, which could be used, for example to lower their bills. All you needed was what is known as the 'MAC address' of the smart meter. A MAC address is just the unique network name that a computer uses to identify itself- all computers connecting to the Internet have one. Unless special security is used any computer can pretend it is some other computer just by using the target computer's MAC address when asked to identify itself. With the smart meter to send bogus data you essentially just need to get another computer to use the smart meter's MAC address before sending data. The researchers demonstrated this by change the electricity usage data in a way that made the graph of peaks and troughs of usage read the message "U have been hacked"!