Smart meters have the facility to remotely disconnect and reconnect both the electricity and gas supply.
Your [in-home display] will be updated by your electricity meter about every 10 seconds and by your gas meter about every 30 minutes
Using Zigbee, so maybe sniffable.
Interestingly, the technical page refers to the fact that collected data is sent to the “Data Communications
Company” (read: mobile data network provider, which if the database training I was asked to provide a while back is any indication, is a certain Spanish telecoms company), but the specification they link to is the older, deprecated SMETS1 standard. If the timeline in that document is to believed, they’d actually ditched SMETS1 before it even got rolled out. Although there is a “version 2” available, it’s SMETS1v2 rather than SMETS2 - a quick search doesn’t seem to provide any docs for SMETS2 at all.
https://www.ncsc.gov.uk/information/the-smart-security-behind-the-gb-smart-metering-system has some much better details about the technical security aspects - they make all the right noises about ECDSA and asymmetic keys, but the bit that worries me is:
The smart bit is that each [certificate authority certificate] authorises a fixed number of meters, and is then destroyed. It’s not needed once the keys are in the meters, and if it’s destroyed it can’t be compromised.
Which I don’t think is true - a CA certificate not only issues certificates (signs certificate requests), but it also involved in the chain-of-trust in order to validate certificates. Destroying the issuer CA certificate completely breaks that chain of trust - the key installed in the meter can’t be checked, because the issuer CA certificate no longer exists. I’m hoping what they mean is that the private part of the CA certificate is destroyed (thus making it unable to issue new keys) but the public part is retained in order to validate the existing keys. Unfortunately, it’s subtle nuances like these in security that are like a brown M&M clause for the entire thing. Or maybe I’m just being paranoid/oversensitive…