Security Concerns Regarding Smart Energy Meters

In the UK there is a government initiative to have smart electricity and gas supply meters fitted to all homes by the end of 2020. At this point this is not mandatory and you can decline. However, a trick the energy companies are employing (as was recently brought o my attention by my energy supplier, so I speak from knowledge) is that they are providing an energy saving tariff that requires the fitting of a smart meter.

These meters will monitor your energy usage 24×7 and send this usage to your energy company. The energy companies are claiming that these meters will reduce your costs, but this is untrue unless you actively monitor your usage and then take steps to reduce your consumption. The main cost saving for the energy companies is that they don’t need to employ as many meter readers to visit your property to read meters.

There are a number of concerns that people have about smart meters:

  • Security concerns in the data communications back to base of your energy usage
  • Remote management of the meter
  • The energy company can terminate your supply
  • Bad actors can hack the service
  • Changing suppliers disables the smart meter
  • Can the smart meter be used to track when I am at home?
  • Ionizing radiation from the smart meter.

Lets deal with these.

Communication of Meter Readings

Smart Meters are part of the Internet of Things (IoT) category of devices. As such they will typically use IoT protocols and the cellular network to communicate.

The Gas supply meter is typically battery operated so that there isn’t the energy required to cause the ignition of leaking gas. This typically uses an IoT Protocol called ZigBee to communicate its readings to the electricity meter which has a much higher energy supply and can communicate through the usual cellular network (e.g. 4G and eventually 5G).

These readings are also communicated to whats call an ‘In Home Display’ (IHD) that allows you to monitor your energy usage in real time. I think you can also take meter readings directly from the smart meter display as you would a typical analogue meter.

The ZigBee protocol is open source and can be implemented free of any royalties. An alternative approach is through the Z-Wave protocol that is proprietary and anyone using this has to pay royalties. As a result the ZigBee protocol is the most used.

As ZigBee is less regulated, it is possible that some security issues can occur through incomplete or shoddy implementation of the security protocols. However it uses a 128bit encryption key which if implemented correctly should be secure. As the smart meter initiative is being run by the UK government, I would hope that this has been correctly supervised as I have no evidence to the contrary (doesn’t mean there isn’t any though).

Remote Management

Smart meters are basically a micro-controller, which is at its basic level is a computer. It has software installed on it which can be remotely updated.

This is important as the software may have bugs in it that need to be fixed, and if these are security vulnerabilities then these definitely need to be patched. This will all happen over the cellular network. However, I have not uncovered how patching would occur as I am guessing different suppliers are being used in different regions.

It could also be used to change how your energy supply is metered which could be good if you have some form of off-peak supply tariff.

The energy company can terminate supply remotely

There are features within Smart Meters that allow the energy company to remotely terminate supply.

However, in the UK (may not be the same in your country) the termination of supply is highly regulated. The energy company cannot just switch you off without going through a legal procedure. The number of actual disconnections within the UK over the past several years in infinitesimal. Energy companies experiencing under payment and mounting bills from consumers are forced to find alternatives to disconnection by providing repayment plans, assessing your current tariff and putting you on a cheaper tariff before they are forced to disconnect supply.

If you want to find out more about your rights in the UK regarding Smart Meters take a look at this OfGem webpage.

Changing suppliers disables the smart meter

In the generation 1 smart meters, these were pretty much tied to your energy provider. If you changed energy providers the smart meter stopped working. In the generation 2 smart meters these are cross energy provider and they are communicating their readings to a centralized hub run by the Data and Communications Company (DCC). All meters in the UK will also be enrolled into a dedicated wireless smart meter network. All your readings will be centrally gathered and sent to your energy provider. Generation 1 smart meters will need to be replaced by generation 2 smart meters nation wide by the end of 2020.

As the DCC is a central hub for the smart meter network, it is a single point of failure regarding data breaches and hacking. However I am assured that the whole system has been designed with security in mind so should be as secure as we can make it. However, as readers of my Twitter feed will testify, some very high profile services are regularly hacked and I am guessing that the DCC will be a prime target.

Bad actors can hack the service

We are talking about a secure protocol communicating meter readings between the meters in your home, and the external communication is via the secure cellular network.

OK, that being said we are talking about wireless communications and these have been proven to be vulnerable to various forms of attack. However these are no less vulnerable than your cellphone since the smart meter uses the same technology for its external communications.

If correctly implemented the ZigBee protocol should also be secure for the communications between your smart meters and the IHD. As I mentioned above, as this is a government backed initiative I would hope that this is correctly implemented.

The biggest risk is with the DCC and how much security they have in place to deter would be hackers. Again, as a government sponsored agency, this should be secure but it only takes one unpatched vulnerability to make the network wide open to attack. As consumers (whether you are a private citizen or a multi-national company) you have no more control over this than you do over the security of any other service. The DCC will only be accessible by energy companies and regulators and will not have open access for consumers. You get your access via the normal billing process through your energy supplier.

Can the smart meter be used to track when I am at home?

You can set the smart meter to broadcast data back to your energy company hourly, daily, weekly, monthly, etc.

If you set it to send data back on an hourly basis, someone could profile your account and determine when you were at home based on the electricity usage. However, you can set this to monthly which I believe would negate this.

However, the only way someone could get your energy readings is either by direct connection to the meter, doing a man-in-the-middle attack on the cellular/ZigBee communications or by hacking the energy company or the DCC. None of these are impossible. If there was a major data breach at the DCC or your energy company, and address based information was disclosed as part of the breach, then it might be possible for someone to do this profiling. However, your regular burglar is either opportunistic in nature or has dedicated himself to ‘casing’ your property and probably doesn’t have the hacking skills to pull this off.

Ionizing radiation from the smart meter is dangerous

Yes, smart meters do use wireless communications, but they use the same wireless technologies as your regular smart phone or other IoT devices. There have been many studies into whether this radiation is harmful, and in all cases the conclusion is backed by science to say it isn’t.

An interesting video I found on YouTube from ‘The Hook Up’ channel goes into this in a bit of detail.

Obviously it is all about dose and the more IoT devices you have in your home/office the greater the amount of RF radiation there will be. You make you own mind up on this one.

Conclusion

The UK government is committed to deploying smart energy meters nation wide by the end of 2020. Your energy company will be actively trying to deploy these meters and will employ several tactics to do this. Installation of a smart meter is not mandatory yet and you can decline installation. However, one of the tactics being used by energy companies is tying you into installing one with a cheaper tariff. By declining to install a smart meter you may end up paying more for your energy.

Whether a smart meter will improve your energy consumption, and therefore reduce costs, will depend on your habits and whether or not you actively monitor usage using the IDH.

Assuming the wireless communications have been implemented securely, these meters ‘should‘ be secure. They will have maintenance access, but from what I see in the video below, there are various tamper proof sensors that will at least alert the DCC if this happens.

I found a video where someone dismantled a smart meter, which is shown below and may be interesting for you to view.


Headline image provided by Gerd Altmann from Pixabay

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: