Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Australia' Smart meter leaders lag in securing devices

Centre for Internet Safety calls for consumer safeguards

Default passwords, unpatched firmware, unencrypted traffic: according to a report from a Canberra University research organisation, Australia's smart electricity meter rollouts are characterised by n00b-level security gaffes.

The warning comes from the University's Centre for Internet Safety, which published its Smart Meters: What does a connected house really mean? report earlier this week (PDF).

In particular, the report highlights two-way communication as a risk for consumers: meters that only send upstream metering data to the retailer have a much smaller useful attack surface, the report says.

The Register spoke to Nigel Phair of the Centre for Internet Safety at Canberra University about the findings.

Phair's biggest complaint is about the lack of information available about the progress of smart metering in the Australian electricity sector, a problem he attributes to fragmented retail markets.

Only Victoria documents the smart meter rollout at the state level, he explained, because that state mandated their installation (the program was the subject of a critical auditor-general's report in 2015 and available here (PDF).

In other states, a plethora of competing retailers made it hard to collate figures for smart meter rollouts. Phair also said with multiple retailers between distributors and customers, smart meters are more likely to be exposed to the Internet, simply because those different players need a ubiquitous communications platform.

The next step from installing smart meters, he said, will be smart home integration, and “that's when we'll get into really spooky stuff – ultra-targeted information based on your family make-up, what you do, and when you do it.”

That makes better security even more of an imperative, Phair said, and in the report, he called for “robust” consumer protection frameworks to be put in place.

He warns that the combination of unencrypted communications from smart meters and weak password protection raises the risk that attackers could fingerprint households' electricity use – for example, exposing them to the risk of burglary when a home's occupants are absent.

The only possible bright spot is that a meter using electricity infrastructure as its communications channel might not be exposed to the Internet, thereby reducing the risk of intrusion.

Phair told The Register he'd like utilities to clean up their act before widespread deployments spread to water and gas utilities.

In Australia, electricity metering comfortably the pack in terms of adopting smarter technology, simply because those meters are easiest to power.

Water and household gas utilities are a long way behind (the report only cites one Australian case study in these sectors, that of Mackay Regional Council's low-power WAN from Taggle Systems, designed to cut demand and avoid building a new AU$100 million water treatment plant).

Both the water and gas sectors tend to stick with one-way smart meters, to preserve the devices' 15-year battery life. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like