“I consider it an embarrassment that this kind of technology is deployed with no protection whatsoever,” says Klaus Kursawe, a security researcher at Radboud University Nijmegen in the Netherlands, who was not involved in the work. “It is well known by now how to properly and economically secure communication for such a device.”
The security flaws could be a gift to technically adept criminals. Broadcasts can be read 300 metres away and the research team was able to monitor almost 500 meters simultaneously. Because energy usage often drops to near zero when a house is empty, the readings could be used to identify which owners are at work or on holiday.
There are easier ways to determine whether a house is empty, says team member Marco Gruteser at Rutgers University in North Brunswick, New Jersey. “But it’s bad practice for meters to shout out that a house is vacant while police departments recommend keeping the lights on and the mailbox empty to make your house look occupied.”
The team’s work was presented this week at the Conference on Computer and Communications Security in Raleigh, North Carolina.
Categories: Control, Inhibiting Self Determination,