Inside Smart Meters Hack Chat

Join us on Wednesday, April 14 at noon Pacific for the Inside Smart Meters Hack Chat with [Hash]!

That electrical meter on the side of your house might not look like it, but it’s pretty packed with technology. What was once a simple electromechanical device that a human would have to read in person is now a node on a far-flung network. Not only does your meter total up the amount of electricity you use, but it also talks to other meters in the neighborhood, sending data skipping across town to routers that you might never have noticed as it makes its way back to the utility. And the smartest of smart meters not only know how much electricity you’re using, but they can also tease information about which appliances are being used simply by monitoring patterns of usage.

While all this sounds great for utility companies, what does it mean for the customers? What are the implications of having a network of smart meters all talking to each other wirelessly? Are these devices vulnerable to attack? Have they been engineered to be as difficult to exploit as something should be when it’s designed to be in service for 15 years or more?

These questions and more burn within [Hash], a hardware hacker and security researcher who runs the RECESSIM reverse-engineering wiki. He’s been inside a smart meter or two and has shared a lot of what he has learned on the wiki and with some in-depth YouTube videos. He’ll stop by the Hack Chat to discuss what he’s learned about the internals of smart meters, how they work, and where they may be vulnerable to attack.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, April 14 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

39 thoughts on “Inside Smart Meters Hack Chat

  1. “Not only does your meter total up the amount of electricity you use, but it also talks to other meters in the neighborhood, sending data skipping across town to routers that you might never have noticed as it makes its way back to the utility. And the smartest of smart meters not only know how much electricity you’re using, but they can also tease information about which appliances are being used simply by monitoring patterns of usage.”

    Are customers paying for the electricity to run these smart meters?

    1. You pay for it with your dumb meter, as well. It is built into the rates. In any case, the power used is small compared to, say, even a small AC unit, or an electric heater, or even your iphone charger.

        1. there’s a difference in the kind of information they collect but having a technician come visit your house every month in the flesh was definitely a hazard to your privacy as well (and a significant expense).

    2. These meters are typically only read a few times per day and the network is usually less than a dozen nodes deep. So the energy in question for even the node at mesh level 1 is on the order of a fraction of a penny per year. Probably far less than you spent to power your computer to write that comment.

      1. My last smart meter would broadcast a usage value about every 10 seconds. Once you signed up with the power utility, you could purchase third-party hardware to receive the messages and log them however you would want. You could also query the meter for other interesting values.

        1. Yes, but that is internal “Home Area Network” only, and only if you have other endpoints in the network. You are not paying for the energy of the internal network broadcast of your neighbors.

          1. My meter transmits once a minute on the mesh network side and reports power back on the mesh side every 15 minutes.

            Configurable by region, but there’s a lot more going on under the hood.

    3. The energy the meter consumes for its own operation is sourced from the utility side of the meter’s connection and is thus not metered. So, the cost is borne by the utility company and passed indirectly to consumers in the form of fixed fees or energy rates. Both analog and smart meters have a burden power (termed “watts loss” by meter manufacturers) of about 1 watt, which amounts to about $1 in energy cost per year. Smart meters of course save money over analog ones by not having to pay people to go around reading analog meters.

  2. My “smart meter” was marketed to me as being able to help manage my power consumption, but instead it logs peak currents and I get charged a “demand fee” based on the ratio of the peak vs normal consumption. I typically pay 2-3X more for the demand fee than for actual power consumed because there’s hardly any power consumption normally, but my mill or welder causes a peak. We can pick our power provider, but sadly the demand fee goes to our service provider, Centerpoint, who is a monopoly in our area.

  3. Ever since they installed a smart meter my electric bill is 50% higher. My neighbors have noticed the same thing. The fact that they can redefine energy usage in any way they want with an over the air firmware update just reeks of potential corruption.

    1. Your old meter was probably faulty. As the get old they can get stiffer and run slower. When I got a smart meter my bill went down by about 20% because it opened us up to peak/off peak pricing.

    2. (in Europe) Higher usage readings is a problem here also and made the news a few times. The reason would be that the “smart meter” is dependent on a nice sinus to calculate the correct usage. Because we use led-lightning, computers, laptops, powerline com’s (and whatnot) the normal sinuswave is getting distorted. Its not a nice sinus anymore and the meter can not measure the correct usage value. All the distorted “peaks” superimposed on the sinus mess up the calculation giving you a higher bill to pay. Probable solution? I placed RFI filter on every group in my house seperatly. Basicaly on “the home side” of the meter. These filters are fairly cheap, like 8 – 10 US$ each. (the 64Amp version is more expensive but still less than 100 US$, you need only 1 for the welder). There is a slight downside; powerline communications (babyphones, network and so on) is now limited to the 1 group the equipment is in, it does not “leak” / cross to the other groups (or phases R/S/T) anymore.

      1. Modern e-meters don’t “assume” a sine-wave. They measure the consumed energy up to the 10th harmonic of the fundamental sine wave, i.e. in the US that’s up to 660Hz. That would catch most of the spikes and distortions.

  4. Our area uses Trilliant meters based on ZigBee IEEE 802.15.4. The meter id is not tied to any address for privacy reasons and is sent to third party datacenter. The utility collects it from the datacenter and marries the meter id with the address.

    Neither does the meter LCD show anything other than the accumulated kWhr. Apparently, the utility thought that displaying instantaneous demand could be a privacy issue for prying eyes. A lost opportunity for the homeowner to view and react to their usage.

    Be nice to figure out how to see one’s own meter data directly off-air. But haven’t seen anyone figure out the encryption. The newest units use encryption in multiple layers of the OSI stack.

  5. One of the big anti-environmental aspects of smart meters is how long they last (not long), and how hard they are to recycle (hard).

    Some of the analog meters here were 70+ years old, and still working.
    The replacement meters have a design life of something like 10 to 20 years.

    So now we will have to pay for a new set of meters to be manufactured every decade or
    so, and deal with the e-waste generated by retiring the old ones.
    (A lot more varied material in a smart meter than in an analog meter.)

    I have seen no place where these costs (financial and environmental) have been
    factored in to the smart meter discussion.

    In the REA electric coop that served our family farm, we used to read our own
    meters. (They could of course come and double-check the reading whenever
    they wanted to.) As with checking your own groceries – most people are honest
    about it, and technology can help reduce the chance of cheating.
    Would be an alternative to help reduce costs of manual reading, without
    incurring costs of short-lifetime modern meters.

    1. In my country (Europe) somebody came to check the readings only twice (once?) a year or sth, in the meantime you had the choice between reading the meter yourself each month and transmit the information *manually* (phone, web, maybe even postal services in the early days) or get billed on some forcast-based values with a regularisation once a year. I don’t think this was so expensive, but every “argument” was right here for pushing these stupid spy-devices. *sigh*

      1. I refuse to take a smart meter. I send in my reading using my providers mobile phone app instead. Also, ‘Europe’ is not a country despite what the EU council and EU Commission would like to believe!

    2. A 70 year old Ferraris disc meter (the old electro-mechanical type) would have been astoundingly inaccurate! Just because it still “worked” (i.e. still rotated) doesn’t mean it was accurate. The bearings and magnetics would have degraded beyond any approved level of accuracy within that time-frame. Ferraris meters are normally rated for 20 years, the same as solid-state meters, but can sometimes be refurbished for 40 years life within approval limits.

  6. Smart meters open up some interesting electricity tariffs, here in the UK we have at least one that gives different pricing for every 30 minute slot of the day and notifies you the day before of these prices. The prices are based on wholesale costs so power in the peak 4-7pm period is expensive, about 2x a normal fixed price tariff but outside that it’s 0.5x or less depending on solar and wind production. On a good day it goes down below 0.2x and even negative.

    If it ever became 2x as expensive all the time that’d be painful but if you’re willing to shift your power consumption (run the dryer at peak solar time, charge the car overnight) for now it’s interesting.

  7. Is nobody going to comment who actually was involved in the engineering of smart meters? Well, I was and am. I used to work for a competitor of the electric meter pictured. Nowadays, I work for a manufacturer of ‘smart’ water meters. I worked on the wireless end of the meter, though I was required to learn how the whole thing worked, including the metrology.

    There’s not a lot there you’re going to “hack”. As mentioned, some meters transmit readings intended for the customers to see, via Zigbee or other wireless protocols. Most ‘smart’ meters use some sort of encryption in the transmission of meter readings, particularly in mesh networks, though some older proprietary protocols aren’t encrypted.

    Some have asked in the comments above whether you’re charged for the current to operate the meter. In the electric meter designs I worked on, the AC voltage that fed the electronics power supply was tapped ahead of the current transformers, so no, you aren’t directly charged for that current. Still, as others have said, it is figured into the rates, and in some places, a monthly “meter charge”.

    Some have complained that they have higher bills after getting a smart meter. Yes, I guess if you had an old, creaky electromechanical, with gummy bearings that cause it to run slow, I guess you might. I guess you’d prefer than you’d pay less than you ought to for electricity, and let the utility get cheated. That works right up until the utility goes out of business.

    My old company used to refurbish electromechanical meters, and I knew a couple of the techs that did it. Some of those old meters were really “slow” (inaccurate to the customers’ benefit).

    1. Overly dramatic on the whole going out of business. Our utility regularly replaced the meter after a certain number of years. Also electronic meters go bad as well (ask me how I know). The utility estimated their “loss” and sent me a bill for it.

    2. ” That works right up until the utility goes out of business.”
      That will not happen. My Utility company is a monopoly across 4 states. They have been posting profits that only continue to grow! And that was with the old analog meters.
      You can get setup with RTL-SDR, setup a “honeypot” then modify the data stream they receive. There are ways to penetrate the encryption they use. :)

  8. In South Australia, our home PV solar systems feeding was disabled to stabilise the grid. I think it was the first time they’ve used the order since bringing it in a couple of years ago.

  9. Here in the Netherlands our smart meters have a so called P1 port which allows you to read out the data. It’s a (inverted logic) serial port with an RJ11 connector, so very easy to read out with everything that can do 9600 7E1. Since the natural gas meter is also digitally connected to the smart meter, that. data is also available over the P1 port.
    The reason behind the P1 port is that if people can monitor their energy consumption, they will be more inclined to reduce unnecessary usage. The P1 datagrams are also sent over GPRS to the network provider, but you can opt out of that and report the yearly usage yourself.

  10. As an electrician I despise the smart meters we now have. They will trip the GFI’s in my temp poles. After I discovered what was “randomly” tripping them I contacted the utility company and they didn’t believe me. I took video of one tripping with nothing plugged into it and took one of a GFI not mounted but wired to power and it would trip within 3 foot of the meter when the meter transmitted. I finally took one of my temp poles to the metering department and said, here hook this up in your shop and prove me wrong. If you don’t I’m EMI shielding them with aluminum self stick tape that you will be peeling off for days. They discovered I was telling the truth and started putting “legacy” meters in the temp poles. About 6 months later they had been in discussion with the manufacturer and came up with a way to turn the 1W UHF transmitter down. Occasionally they forget and I have to call them to turn one down. Never got reimbursed for the several thousand dollars replacing GFI’s and time spent tracking down what wasn’t my fault.

    1. That’s very interesting, I am not familiar with what a temp pole is. Can you provide a link? A quick Google search turned up “temporary power distribution boxes” like what might be used at a construction site.

      1. Yes, temporary power pole for construction. In particular the Midwest M038C010 power box will constantly have the left GFI trip even if nothing is plugged in to it. I also tried numerous brands of GFI in that spot with the same results. I have others that will have problems also, but that one must have some resonance at the frequency they work at like a tuned cavity.

  11. The smart meter is only as smart as the utility. I had someone relieve a property of mine of it’s copper, both plumbing and electric. The utility never notified me that the meter went dark (they literally cut the wires coming in from the pole) and my last bill from them was about normal for that property with no one there.

    About the only plus side is it got rid of the meter readers who tended to snoop around and were not good at closing things back up.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.