2013.01.04 - electronic water meters

as with most of the stuff, times of analog meters are going to an end. few days ago i was informed that my housing cooperative is planning to exchange analog water meters to digital ones. the interesting part is that they are supposed to be remotely readable. i can't wait to see how this device will work, since we were not informed about the exact type, that will be used in our case.

electronic water meters my friend was supposed to have was much bigger than the analog one. in his case there wasn't enough room to fit it behind the wall, so he choose to stay with the old one, rather than moving the wall in the bathroom. just wondering will it be the same at my place?

as it is often with new technologies, usually there are quite a lot of security pitfalls at the beginning. most probably the device will listen for an incoming message, and respond with a current reading. since the device is expected to operate on a battery, probably only dead-simple, binary protocol, with no encryption, will be used. if so, this opens gates for the following issues:

1. falsifying the readings, by sending/broadcasting different value, while shielding the real device. this in turn can be dangerous in two ways:
   1. faking own readings, to pay less.
   2. faking others' reading to make them pay more.
2. flooding device with junk data to decode, so that battery is used off in a short time.
3. buffer overflow on protocol to p0wn/jam the device.

first points can be overcame just by adding cryptography. it will also make last attack hard/impossible. battery life time is still at risk.

even assuming that the device is not able to receive any data (it broadcasts readings, say ever minute), it still gives out information on water usage to others. this is “nice” side channel – everyone is able to check when you're home and when on a leave, by sole observing water usage. what does “flat X/Y haven't used water since friday morning” message tell a thief on the saturday evening?

this attack can be overcome with cryptographic challenge-response ping-pong, so that device can authenticate authorized person to read the state. this requires unique per-device keys. it will work only if each data package will be different, even if the information being sent is the same.

all of the above are just random thoughts on possible device solutions and their security implications. i suspect that in a few months time i will have the device and be able to check which of the above concerns are of any threat.