Decoding Public Utility Meters with an RTL-SDR

Over on YouTube a talk about decoding water and electricity usage meters with an RTL-SDR has been uploaded from the 2015 Camp++ conference in Hungary. The presenter, Stef writes:

Budapest public utilities started to roll out some new metering devices for water and heating (at least in my block). The plumbers who should install these could not tell me about the privacy protections considered, as I was a bit worried about the things leaking information over radio-waves, so I built a radio and reversed the messages.

The talk shows how the presenter was able to reverse engineer the FSK wireless protocol of his heating meter with help from some patent information that he found on the web. Using a GNU Radio flow graph that he created he was able to extract information such as total energy consumption and temperature readings.

Being a security themed conference, the presenter also discusses some of the security risks associated with wireless meters such as whether or not the meter can be used to detect if someone is currently at home.

The code he wrote and used can be found at https://github.com/stef/smeter and https://github.com/jmichelp/gr-wmbus.

Camp++ 0x7df // stef: Dumbmeters in Public Utilities
An example water meter that could be monitored with an RTL-SDR dongle
An example water meter that could be monitored with an RTL-SDR dongle

3 comments

  1. Martin Sivak

    The full protocol description for Techem devices can be found here http://oms-group.org/en/download4all/ as the devices follow the Open Metering Standard. The interesting point here is that the devices actually support AES128 encryption, but the utility/service company probably decided to not enable it.

  2. Dale Kohli

    what an interesting article. I hope we will never have a time when the government has to know where in the house we are and what our activities we are engaged in. Lol lol but not really funny!

Leave a Reply to Anonymous Cancel reply

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.