Vulnerable components

• Meters offered by Enbra using AT-WMBUS-16-2 radio module (produced by Apator).
• We tested ENBRA ER-AM DN 15/SV with radiomodule and ENBRA ER-AM DN 15/TV with radiomodule (we are not aware of any revision number).
• We tested Enbra EWM 1.7.29 build 03.11.2019.
• If you have information on other products of Enbra or Apator, please, share with us.

Detailed technical description

Although the Wireless M-Bus Security mode 5 employs shared AES key, Enbra EWM software does not have any option to provide encryption key. We do not know the employed encryption key. Still, the Enbra EWM software can decrypt and parse the messages. Not only were we able to read messages produced by meters bought with the software but we were also able to read messages produces by meters with AT-WMBUS-16-2 modules deployed at a residential building. We do not know about any way to change the Hard-coded Cryptographic Key.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base score 6.5 (Medium severity)

Attack vector

An adversary needs to be in a vicinity of the meters (tens of meters, with a good antenna probably more).

Attack complexity

An adversary needs publicly available reading set, e.g. Odečtová wM-Bus sada ENBRA EWM s USB modemem EWMR-INT s vestavěnou interní anténou containing Enbra EWM software.

Privileges and user interaction required

None. An adversary can correlate the position of the meters with the signal strength.

The meter identifier is sent in each message and it is readable on the front of the meter. A cooperating users can make the task for the adversary easier when they let the adversary see the meter or tell the meter number. Such cooperation is not necessary to carry an attack.

Effects on confidentiality, integrity and availability

The adversary can learn all information that is available in Enbra EWM.

CWE

CWE-798: Use of Hard-coded Credentials

Claim summary

• The meters are distributed without the encryption key.
• Enbra offers a reading device (a set of a Wireless M-Bus USB dongle and Enbra EWM software).
• The device is able to read not only the meters that we purchased but also other meters deployed in flats.
• It seems likely that the encryption depends on a common key, set of keys, or the keys are derived from the number of the meter and other parameters sent in the plain text part of each message.
• An adversary only needs a compatible reader to read the consumption.

Risks

• An adversary can learn about home activities.
• An adversary can distinguish patterns of water consumption and fingerprint a device.
• An adversary can detect zero consumption and learn that no one is home.
• If the key leaks, the adversary could leverage the knowledge to reconfigure the meter like change the key, tamper with security event detection, tamper with the stored data etc.

Advisory

The encryption key of the meters should be configurable. If you have the meters deployed, force Enbra to change the keys in conformance with EN 13757-1. Alternatively, Enbra can release the encryption key and information how to change the keys.

Further reading

• POLČÁK Libor. Wireless M-Bus: Kdo ví, že perete? DSM Data Security Management, roč. 2019, č. 4, s. 13-17. ISSN 1211-8737. (in Czech)
• POLČÁK Libor and MATOUŠEK Petr. Metering Homes: Do Energy Efficiency and Privacy Need to be in Conflict?. In: Proceedings of the 19th International Conference on Security and Cryptography. Lisabon: SciTePress - Science and Technology Publications, 2022, pp. 47-58. ISBN 978-989-758-590-6.