Field Survey of Wireless M-Bus Encryption for Energy Metering Applications in Residential Buildings

Friedrich Hiller v. Gaertringen (Karlsruhe Institute of Technology); Johannes Galenzowski (Karlsruhe Institute of Technology); Kaibin Bao (Karlsruhe Institute of Technology); Simon Waczowicz (Karlsruhe Institute of Technology); Veit Hagenmeyer (Karlsruhe Institute of Technology)

Abstract

The wireless Metering-Bus (M-Bus) is widely used in Germany to transmit meter data for heat cost allocation as well as cold and warm water consumption in multi-family apartment buildings. This metering data poses significant privacy risks as it can reveal inhabitants’ behaviors. Consequently, the German Heating Cost Ordinance demands this transmission to be both interoperable and secure. However, the wireless M-Bus standard EN 13757 specifies security features as optional. In our work, we conducted a field study by recording sensor telegrams in four cities to assess the implementation of these security features. We analyzed the presence of encryption and the types of metering applications in use. Our findings reveal that about 48.5% of the recorded sensor devices did not have encryption enabled. Additionally, the use of encryption was found to correlate with specific manufacturers, indicating a systematic acceptance of privacy risks. To demonstrate the impact of unencrypted wireless M-Bus radio telegrams on the privacy, we recorded a wireless M-Bus based warm water meter over a period of several weeks and show that inhabitants’ presence and sleep cycles can be inferred from the recordings. These findings underscore the need for mandatory security features in the operation of wireless M-Bus based metering applications to protect consumer privacy.