The smarter water meters become, the easier they're getting to hack. Similar many things in electronics, water meters go easier for hackers to break into and misuse when they are upgraded to include wireless and figurer technology.

John McNabb, a security practiced who has focused on protecting drinking h2o, told the audition at the Defcon hacker briefing in Las Vegas today that, despite a $40 billion-dollar h2o economic system, it's however far also easy to hack into h2o meters used by utilities around the country. He ended that nation'south 150,000 water utilities have a number of well-known vulnerabilities to cyber attacks and they should fix them on behalf of the 250 million consumers they serve.

"The energy theft when information technology comes to water theft is billions of dollars a year," McNabb (pictured) said. "Electric utilites presume they utilise nigh 10 percent losses to theft each yr. Water could exist similar, and it winds upwards increasing the rates for others."

Lots of water meters are however mechanical devices. H2o companies lose acquirement when those meters become quondam and sediment builds up in them so that they mensurate lower water usage. Utilities have started to put in wireless water meters that are easier to read and less costly. For instance, some meters circulate a wireless signal then that a meter reader can just bulldoze by, detect the point, and tape information technology electronically. That reduces the cost of reading meters. Here'south McNabb's white newspaper on the topic.

Adding computer technology throughout the infrastructure helps bring down costs. It's easier for utilities to monitor usage on any given day and send bills more often. They can likewise notice h2o leaks more precisely, based on water usage patterns throughout the population. Water meters with wireless attachements can go sensors for the utility and two-mode communications systems. Utilities can also resolve billing disputes better, provide more customer service, enforce water conservation, and identify illegal water connections.

Smart water meters are the new thing. The smart water meter market is expected to total $4.two billion betwixt 2010 and 2016, according to market researcher Superhighway Enquiry. And Pike predicts that the worldwide installed base of smart water meters will increase from 5.two million in 2009 to 31.8 million by 2016. The marketplace researcher defines a smart meter as a component of a smart grid, with two-way communications between the meter and the water utility that allows the utility to get readings on an hourly (or more oft) basis and issue commands to the meter. California in particular is racing ahead in deployment, and 25 manufacturers are making the smart meters at present.

"It'south like an electronic cash register for the utility," McNabb said. "Simply it could also be a tool for Big Blood brother," a reference to the totalitarian figurehead of George Orwell's novel, 1984.

The problem with the wireless water meters is that they are vulnerable because of the wireless medium they utilize. Communications are not encrypted (largely due to higher costs) and then they are hands intercepted, faked or even jammed. The sensors are unattended and hang on the meter, outside the business firm, and so they are easily tampered with. The cyber attacks against them can be active, where commands are issued to them, or passive, where the data is taken.

If people want to reduce their h2o bills, they could hack the sensors. They could too increment the bill paid by a neighbor they don't like, or evade restrictions on the amount of water used. And since the usage of water indicates the presence or absence of the homeowner, the hacked water meters can be used for surveillance purposes.

Final year, Greek hacker Thanassis Giannetsos demonstrated how information technology was possible to introduce a worm to the smart electrical grid (similar to water grids) on a simulated network. Ioactive, a security penetration testing firm, besides did something similar. But McNabb said that the business concern about Big Blood brother is too a big ane. He said that the water department'due south staff could larn what time of day you take a shower, when you are at home, and when yous're on vacation.

"Are we being paranoid?" McNabb asked. "It'south already established that law enforcement is using electricity use and thermal imaging," where the heat generated past indoor marijuana-growing farms has been measured.

McNabb also noted that the Hydrosense device created by researchers at the University of Washington in Seattle can be attached to water faucets to determine the usage coming out of a particular fixture in the domicile.

McNabb said his research showed that vendors don't use frequency hopping spread spectrum (FHSS), which could stop eavesdropping on wireless signals, or encryption with their smart meters. One utility used a default countersign system which used a generic countersign on its spider web site (where users would log in and view their h2o usage) that was hands hacked. Transceivers for sending commands to the water meters tin be purchased on eBay.

But some manufacturers are starting to build 128-bit encryption and spread spectrum security into their meters. McNabb, who was an elected h2o commission and managed a pocket-sized water system for xiii years, described the vulnerabilities in some particular, including how to inexpensively "sniff" the wireless water meter readings, and has described them in a white paper. He said he will put it online in the near time to come.

Sniffing wireless h2o meters should't be too difficult, he said, only there are some technical hurdles. Most U.S. meters broadcast in the 900 megahertz band of the wireless spectrum. That is the same frequency equally cell phones, and there aren't any off-the-shelf devices to sniff packets from them. Also, most of them scramble the point by using spread spectrum, which sends out part of the bulletin on i frequency, the next role on another, and and so forth. Even so, other researchers have shown how to unscramble the spread spectrum lawmaking, and so McNabb plans to build a device to sniff the 900 megahertz spread spectrum signals to show how it can be done and why it needs to be more secure.

VentureBeat's mission is to be a digital town square for technical conclusion-makers to gain knowledge about transformative enterprise technology and transact. Notice our Briefings.