general🌐InternationalHeise Security
Alber e-motion M25 Wheelchair Security Flaws Exposed at 39C3
Thursday, January 1, 2026
What
A researcher demonstrated that the Alber e-motion M25 wheelchair's "Cyber Security Key" is a physical QR code that directly derives the AES-128 encryption key, enabling unauthorized full control. This matters because it exposes users to potential manipulation and control of their mobility device, undermining claims of secure wireless communication.
Where
Alber e-motion M25 wheelchair drive systems.
When
Disclosed at the 39th Chaos Communication Congress (39C3).
Key Factors
- •The "Cyber Security Key" is a visible QR code on each wheel hub, which deterministically generates the AES-128 Bluetooth encryption key, allowing anyone to take full control of the wheelchair.
- •While AES-128-CBC encryption is used, the system lacks message integrity and authenticity checks (no MAC or AEAD), making it vulnerable to replay, manipulation, and bit-flipping attacks.
- •The manufacturer charges for "comfort functions" activated solely via software, despite claiming secure encrypted communication, which the researcher argues is a price barrier, not a security feature.
Takeaways
- →Users of the Alber e-motion M25 should be aware of the physical security risk posed by the visible QR code and the potential for unauthorized control.
- →Manufacturers of medical and mobility devices must implement robust security practices, including proper key management and authenticated encryption, beyond basic encryption to ensure user safety and trust.
Read Full Article
Opens original article on Heise Security
