About the SA Blog Network

Solar at Home

Solar at Home

The trials, tribulations and rewards of going solar
Solar at Home Home

Could Hackers Break into Your Electric Meter?

The views expressed are those of the author and are not necessarily those of Scientific American.

Email   PrintPrint

Net meterWhen I was getting my solar panels installed, I couldn’t wait to see my electric meter literally spin backwards. Alas, as part of the process, the utility swapped out the old analog meter. That spinning metal disk had been a reminder of the raw mechanical power—giant turbines, mighty waterfalls, searing furnaces—that stood at the other end of the dainty wires running into my house. Now, instead of a disk, I have flashing digits, which seem more ethereal. In return, the new meter is more capable, which is why power companies are installing smart meters by the millions. But a lot of people worry they are a little too capable.

If someone in a utility control room can read your meter remotely, shut off power to your house, and modulate individual appliances to shed load during peak hours, then so could hackers. As the number of smart meters grows, so does the incentive for criminals and terrorists to misuse them. Concern has been mounting for several years. In early 2009, IOActive, a security firm, demonstrated how little it takes is to break into smart-meter networks. Last year, computer security expert Nate Lawson of Root Labs hacked a smart meter radio module he’d bought on eBay for $30. Many people who’ve gotten the meters complain about incorrect readings, often with good cause. After all this, I begin to wish I had my old spinning wheel back.

I spoke yesterday with Ben Jun, vice-president of the security firm Cryptography Research, about the risks. The good news is that homeowners don’t need to worry too much about hackers taking over our lights. “I don’t think I’d be too scared about switching over to a smart meter,” he said. At least, not yet. If utilities bungle the transition, Jun says some of the scare stories could come true.

One concern is that homeowners could jimmy their meters. Power theft already saps a percent or two of U.S. electricity production, and much more in other countries; there are pages all over the web showing how to fool a mechanical meter. But at least physical tampering is easy to spot. An unsecured smart meter could be reprogrammed without any visible trace.

Another problem is privacy. By monitoring your power use, utilities get to know rather more about your household routines than you’d like them to. It never ceases to amaze me how much you can learn from simple wattage measurements. Each appliance in your house causes a telltale fluctuation in power, and websites such as PlotWatt and EnerSave can analyze the output of a home power monitor to see how often you run what appliance—useful self-knowledge for those of us looking for ways to conserve energy. Imagine what marketers (let alone burglars) would pay for that information.

Then there are the systemic threats. As electrical engineer David Nicol warns in our July issue, the “smart grid”—the networking of control systems of generators and substations—is a veritable playground for mischief-makers. A government cyberwar exercise in 2007, shown vividly in footage obtained by CNN, caused a generator to self-destruct. In effect the generator was forced to fight the raw mechanical power of the rest of the grid, and lost.

Nicol’s article didn’t mention smart meters, but they, too, are part of the smart grid and pose similar risks. One goal of the meters is to let utilities vary electricity rates by time of day to encourage conservation; you could program electron-guzzlers such as air-conditioners and electric car chargers to take advantage of off-peak rates. But if hackers could manipulate the rates, they might cause vast number of appliances to turn on or off at inopportune moments and bring the whole grid crashing down.

So what can be done? Jun said utilities have traditionally focused on resilience against random threats such as lightning strikes; unlike, say, banks, they didn’t have to worry much about systematic attacks. They need to learn, and quick. The main thing, Jun said, is to take the same basic countermeasures other industries do, beginning with hardening meters to thwart code-crackers. Lawson got into his module through the USB-like port provided for reprogramming and testing. The module did have some built-in cryptographic security, but it hadn’t been enabled.

Although utilities have plenty of incentive already to secure their systems and many are doing so, others are in the habit of doing the minimum it takes to comply with regulation. So regulators may need to lean on them. A smart meter installed today will probably still be there in 20 years, so the time to act is now. “We may only have one chance to do it right,” Jun said.

Smart meter, photo by George Musser

George Musser About the Author: is a contributing editor at Scientific American. He focuses on space science and fundamental physics, ranging from particles to planets to parallel universes. He is the author of The Complete Idiot's Guide to String Theory. Musser has won numerous awards in his career, including the 2011 American Institute of Physics's Science Writing Award. Follow on Twitter @gmusser.

The views expressed are those of the author and are not necessarily those of Scientific American.

Rights & Permissions

Comments 4 Comments

Add Comment
  1. 1. JamesDavis 7:49 am 08/12/2011

    Since the homeowner is the one who pays for those smart meters, we should have a choice of the one we want and be able to buy it at Lowe’s when we buy the rest of our electrical supplies. The power company should have no say in it just like they have no say in the type of wire you use to wire your house.

    If you install solar panels, like the author of this article did, is the power company going to have the ability to regulate or turn off your solar panels?

    Link to this
  2. 2. veronaa 4:14 pm 08/12/2011

    The power company does have a say in what kind of wire you use in your house, it’s called the NEC – National Electrical Code. If you don’t wire your home to the standards, unless you’re off the grid, your local inspector will not certify your house to be hooked up to the electric grid. Foolish people will entertain the event of a house fire to save a few dollars.

    Your electric distribution provider will not permit just an meter to be connected to their grid. Most local codes permit only the electric distributor to provide the meter.

    Smart metering has a long way to go before it is accepted. Back in the early ’80′s I was part of a team that maintained the “mimic board” computers (old 1970 GE process control systems) for New York’s Con Ed and New Jersey’s PSE&G. At that time purchase of electricity was based on lowest cost. If Con Ed’s power was cheaper to deliver to Northern New Jersey (rarely!) the systems would co-ordinate flow from New York to NJ. By the late 80′s everything was reversed, with the highest cost electricity becoming the sought for item. THis of course was part of the deal that led to most companies like Con Ed selling their generating systems to other companies and buying generation capacity in far flung locations, and culminating in the ENRON scandel. Unfortunately this highest cost theorem still controls the market and beats the drums for “smart metering” but does nothing beneficial for the consumer.

    Hey, I’m all for technology but this is one that doesn’t yet seem to be part of that promised “promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity,”

    Link to this
  3. 3. rwstutler 6:34 pm 08/12/2011

    I can’t say that the concept of rates changing with the time of day is palatable, nor is a device which controls the electricity to my home that is operated by remore control. Welcome to the new age, when big brother is empowered by technological advances. Maybe the time is ripe to give up electricity. Live free, or die.

    Link to this
  4. 4. HubertB 5:50 pm 08/18/2011

    Someone with a crooked brother in law at the power company could know when people in my neighborhood are there or not there without even casing the joint. Let’s hope some safeguards exist.

    Link to this

Add a Comment
You must sign in or register as a member to submit a comment.

More from Scientific American

Email this Article