26-08-2022 | By Robin Mitchell
As energy prices continue to surge, energy suppliers continue to push the narrative that smart meters will help customers save energy, and this may be the case if National Grid continues to push out real-time energy prices. However, the installation of smart meters could present criminals with a new opportunity to find ideal times to break into a home. What challenges do smart meters present, what concerns do industry experts have on smart meters and home safety and do smart meters really present such an issue?
What challenges do smart meters currently present?
The installation of smart meters has been justified by energy companies and governments that smart meters will help customers save energy. The ability for energy companies to take real-time energy readings allows for more accurate billing and helps grid operators better understand energy usage. However, whether smart meters help customers save energy is an entirely other question.
While smart meters have the term "Smart" (as they usually connect to the internet), their inability to interact with electrical devices in a home makes them anything but smart. If an unusual amount of power is being drawn, the smart meter will present the homeowner with no warning, nor can it interfere with the operation of devices in the home (i.e. automatically turn off suspect devices).
At the same time, energy prices change in real time, but the amount charged to customers remains somewhat constant, and this means that customers rarely get to take full advantage of real-time energy prices. In fact, the National Grid has been running trials on real-time pricing for customers so that times when energy usage is at its minimum, customers can be notified to consume more energy, while times of high energy usage will reward customers who switch off.
Another issue faced with smart meters is that by being internet-enabled, they provide cybercriminals with another point of attack. Any flaw in a smart meter will likely see the majority of households vulnerable to an attack, and it is also possible that smart meters which connect to a user's local network will also leave home devices vulnerable.
Finally, the use of complex technology in a simple device (i.e. energy readings) can be confusing for those who are not as adept at modern technology. This can potentially lead to issues with system utilisation whereby customers struggle to read energy figures or understand what they mean.
Industry experts concerned over smart meters and burglaries
One fact that has often remained true is that criminals involved with robbery, burglary, and theft are typically the more stupid members of society. Despite this, criminals increasingly turn to more advanced technologies and techniques for committing crimes. One such example is the use of signal repeaters to extend the range of car keys locked inside a house to grant access to vehicles parked far away. Another example is the use of magnetic strip readers that can be mounted onto an ATM or pay point while still allowing the customer to make a transaction.
But recently, industry experts have started to raise concerns regarding the safety of smart meters and how burglars may be able to exploit vulnerabilities for numerous activities. One such potential attack comes from deciphering encrypted traffic between the smart meter and a terminal and/or remote server and using this data to determine if anyone is present. If little energy consumption is detected, criminals can identify the best times to break in without anyone knowing.
Another concern of weak security in smart meters is that large amounts of personal data can be obtained, including name, cost of bills, suppliers, and the number of occupants. This data can supposedly be sold on the dark web, providing criminals with a new revenue stream.
The concern surrounding smart meters has been raised due to two specific factors; Ofgem is introducing new regulations that allow energy companies to take more frequent meter readings, and encryption methods being used between smart meters and the display screen are the weakest link. As such, criminals now have more opportunities than ever to hack into home networks and gather intel.
Do smart meters really present a threat?
It can be said that if smart meters cannot provide homeowners with smart functionality, then they provide little benefit. In fact, opening up a home network to another attack vector introduces security risks that are outside the homeowner's control. If a criminal hacks a smart meter and steals data, does the smart meter manufacturer compensate the homeowner? How often do customers get compensated for cyberattacks caused by poorly designed systems?
However, the concerns being raised by industry experts might be somewhat dramatic if the technology and tools needed to break into smart meters are too advanced for the average burglar. Cybercriminals looking to access a system will undoubtedly take advantage, but they have the capability to do so and are likely already motivated to attack. Off-the-shelf criminals who commit petty crimes and burglary are less likely to have the skill set or the patients needed to attack a home from a technological point of view. And even if such a criminal has the capability, it is likely that it is high-valued targets that will be chosen (such as mansions and expensive homes) who are already looking to attack with or without the help of a smart meter.
If there is one fact that needs to be addressed, it's that devices generally use Wi-Fi for communication. One of the best ways to secure IoT devices on a network is to use hardline connections such as Ethernet, which cannot be attacked without having physical access. Additionally, LAN systems can also use password protection and profiles so that even having access to an Ethernet port doesn't grant network access. Just as water and electrical cables are installed in homes, maybe Ethernet sockets should also come as standard in all rooms in various locations for this very purpose.