[Cryptography] Smart electricity meters can be dangerously insecure, warns expert

Wed Jan 4 19:16:06 EST 2017

On Wed, Jan 04, 2017 at 05:43:57AM +0000, Peter Gutmann wrote:
> >But how often are meters replaced? I suspect a ten year timeframe for widely
> >fielding a new product is actually perfectly realistic, if not actually
> >optimistic. I wouldn't be the least bit surprised if the average electricity
> >meter sees 10-20 years of service life in the field before being replaced.
> 
> That's way too optimistic.  Induction-disc meters essentially have an
> indefinite life, there are 1960s and 1970s houses around here that have their
> original junction boxes (with plugin circuit breakers replacing the original
> ceramic fuses for houses that are old enough) containing meters that are
> around the half-century mark, and a friend of mine lives in a house in an
> older suburb than this one that's old enough that the garage was originally a
> coach house, which had the electrics done some time after WWI, maybe the
> 1920s, with fabric-insulated wiring run through walls stuffed with unknown
> organic combustibles (a.k.a. "insulation"), and an induction-disc meter
> that'll be close to the century mark.

I'll second that.  In my experience in California, meters never get
replaced unless the homewner is upgrading their services.  I've never
known anyone to say that their meter died and they had to get a new one.
The only time I have ever seen the power company unilaterally replace
meters is the switch to smart meters.

> I don't know what the trend will be with smart meters (ask me again in 50
> years' time), but I'm assuming the providers won't want to be replacing them
> any more often than their predecessors.

Correct. Cost aside, it's a major disruption that customers don't like.

Tho I have to say, Southern California Gas cleverly swapped out my gas
meter (using a smart meter) without disrupting my service.

> 
> >(We can argue all day about various vulnerabilities, but from the utility's
> >point of view, that _is_ a pretty nice feature to have.)
> 
> Yep, that's the killer app for smart meters, that remote reading is possible
> so you can ditch the meter readers.  Once you've got that capability in place,
> there's no reason to upgrade/replace any more.

Unless they start giving out false readings and you start losing revenue.