Lora Smart Water Meter Security Analysis

Conference:  Defcon 26



The presentation discusses the security risks of Lora-based smart water meters and how to analyze their firmware and hardware for vulnerabilities.
  • Wireless communication modules are being used in water meters to collect usage data.
  • Lora wireless protocol is used in the example water meter analyzed.
  • Security risks are analyzed from physical, data link, and sensor perspectives.
  • Reverse engineering and analyzing firmware and hardware is explained.
  • The presentation provides useful methods for testing other Lora-based systems.
  • The presentation includes anecdotes about using a strong magnet to interfere with the sensor data and using a logic analyzer to capture traffic and configure the Lora module.
The presenter demonstrated how a strong magnet can be used to interfere with the sensor data of a water meter, making it appear as though no water is being used. This could be caught if a technician physically inspects the meter. The presenter also discussed using a logic analyzer to capture traffic and configure the Lora module, which allowed for the reverse engineering of the system's parameters.


To avoid the tedious task of collecting water usage data by go user's home _ water meters that are equipped with wireless communication modules are now being put into use, in this talk we will take a water meter _which is using Lora wireless protocol_ as an example to analyze the security and privacy risks of this kind of meters_we will explain how to reverse engineer and analyze both the firmware and the hardware of a water meter system, we will be talking about its security risks from multiple perspectives , physical, data link, and sensors. Do notice that LORA is not only used in water meter ,it is being used in a lot of IoT scenarios_so the methods we employed to analyze LORA in this talk are also useful when you do tests of other LORA based systems .