Researchers discover actively-exploited security flaw in solar power plant monitoring device

Jan

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
13,990
Reaction score
11,997
Location
The Rabbit Hole
Security flaw threatens hundreds of solar power stations

An actively-exploited security vulnerability in a device that monitors solar performance metrics has put hundreds of solar power stations at risk of attack, Ars Technica reports.

The device in question is developed by Japanese company Contec and sold under the SolarView brand.
 
Yep, and Sunsynk / Deye / Inge inverters using Solarman or Sunsynk dongles have a major flaw that allows anyone to change any setting for any inverter from anywhere in the world thanks to their support network who publish details of the official support whatsapp groups online for ANYONE to join.
Just send a message, request an update to any inverter by providing just a dongle serial number and a willing support employee will oblige... including downgrade or upgrade firmware and update settings.

Some of those settings can be downright dangerous to update - e.g. if you don't use CAN bus for battery management, you can program the inverter to push dangerous currents to the battery while charging or demand more than the battery can discharge... and if the installer only accounted for the batteries capacity with cabling, that's NOT an ideal situation.
 
lkpat said:
Yep, and Sunsynk / Deye / Inge inverters using Solarman or Sunsynk dongles have a major flaw that allows anyone to change any setting for any inverter from anywhere in the world thanks to their support network who publish details of the official support whatsapp groups online for ANYONE to join.
Just send a message, request an update to any inverter by providing just a dongle serial number and a willing support employee will oblige... including downgrade or upgrade firmware and update settings.

Some of those settings can be downright dangerous to update - e.g. if you don't use CAN bus for battery management, you can program the inverter to push dangerous currents to the battery while charging or demand more than the battery can discharge... and if the installer only accounted for the batteries capacity with cabling, that's NOT an ideal situation.
Click to expand...

Seems Sengen has reset the join link :mad:

1688655678443.png

The SunSynk/E-Linter/PV-Pro dongle is easy to hack if you within WiFi range.
They don't turn off the setup WiFi SSID - EAP-xxxxx with the default password 12345678
The connect procedure is in the manual include the password.

Here is my neighbours SunSynk dongle.
1688660129918.png
If he pisses me off, I'm tempted to reconfigure his "dongle".
 
Don't tell them, its handy for switching off noisy neighbours who party late at night.
 
The device in question is developed by Japanese company Contec and sold under the SolarView brand

Who? Never heard of them.
 
lkpat said:
Yep, and Sunsynk / Deye / Inge inverters using Solarman or Sunsynk dongles have a major flaw that allows anyone to change any setting for any inverter from anywhere in the world thanks to their support network who publish details of the official support whatsapp groups online for ANYONE to join.
Just send a message, request an update to any inverter by providing just a dongle serial number and a willing support employee will oblige... including downgrade or upgrade firmware and update settings.

Some of those settings can be downright dangerous to update - e.g. if you don't use CAN bus for battery management, you can program the inverter to push dangerous currents to the battery while charging or demand more than the battery can discharge... and if the installer only accounted for the batteries capacity with cabling, that's NOT an ideal situation.
Click to expand...
Wait what?
Since when can you remotely change settings on solarman app?
 
system32 said:
Seems Sengen has reset the join link :mad:

View attachment 1552509

The SunSynk/E-Linter/PV-Pro dongle is easy to hack if you within WiFi range.
They don't turn off the setup WiFi SSID - EAP-xxxxx with the default password 12345678
The connect procedure is in the manual include the password.

Here is my neighbours SunSynk dongle.
If he pisses me off, I'm tempted to reconfigure his "dongle".
Click to expand...
Is there anything I can change to prevent this? I remember struggling to connect to my dongle.
 
system32 said:
Seems Sengen has reset the join link :mad:
Click to expand...
Well that's about time!
But I am still on the group and can still invite anyone I like or advertise the url to anyone else. There are plenty of non-installers on that group.
system32 said:
The SunSynk/E-Linter/PV-Pro dongle is easy to hack if you within WiFi range.
They don't turn off the setup WiFi SSID - EAP-xxxxx with the default password 12345678
The connect procedure is in the manual include the password.

Here is my neighbours SunSynk dongle.
If he pisses me off, I'm tempted to reconfigure his "dongle".
Click to expand...
Eish... these people!
And try telling them it's insecure.
 
Last edited:
rh1 said:
Is there anything I can change to prevent this? I remember struggling to connect to my dongle.
Click to expand...
You can do the following:

1. Log a security issue with SunSynk [email protected] and CC Joel Egan <[email protected]> (head of software)
2. Unplug the SunSynk dongle.
3. Use a IoT vlan/WiFi configured with firewall rules for these kind of devices and CCTV devices, Tuya devices, DSTV Explora and any untrustworthy devices.
 
Last edited:
system32 said:
You can do the following:

1. Log a security issue with SunSynk [email protected] and CC Joel Egan <[email protected]> (head of software)
2. Unplug the SunSynk dongle.
3. Use a IoT vlan/WiFi configured with firewall rules for these kind of devices and CCTV devices, Tuya devices, DSTV Explora and any untrustworthy devices.
Click to expand...
2 is the only solution to keep anyone off the street out.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter