Researchers discover actively-exploited security flaw in solar power plant monitoring device

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
13,295
Security flaw threatens hundreds of solar power stations

An actively-exploited security vulnerability in a device that monitors solar performance metrics has put hundreds of solar power stations at risk of attack, Ars Technica reports.

The device in question is developed by Japanese company Contec and sold under the SolarView brand.
 
Yep, and Sunsynk / Deye / Inge inverters using Solarman or Sunsynk dongles have a major flaw that allows anyone to change any setting for any inverter from anywhere in the world thanks to their support network who publish details of the official support whatsapp groups online for ANYONE to join.
Just send a message, request an update to any inverter by providing just a dongle serial number and a willing support employee will oblige... including downgrade or upgrade firmware and update settings.

Some of those settings can be downright dangerous to update - e.g. if you don't use CAN bus for battery management, you can program the inverter to push dangerous currents to the battery while charging or demand more than the battery can discharge... and if the installer only accounted for the batteries capacity with cabling, that's NOT an ideal situation.
 
Yep, and Sunsynk / Deye / Inge inverters using Solarman or Sunsynk dongles have a major flaw that allows anyone to change any setting for any inverter from anywhere in the world thanks to their support network who publish details of the official support whatsapp groups online for ANYONE to join.
Just send a message, request an update to any inverter by providing just a dongle serial number and a willing support employee will oblige... including downgrade or upgrade firmware and update settings.

Some of those settings can be downright dangerous to update - e.g. if you don't use CAN bus for battery management, you can program the inverter to push dangerous currents to the battery while charging or demand more than the battery can discharge... and if the installer only accounted for the batteries capacity with cabling, that's NOT an ideal situation.

Seems Sengen has reset the join link :mad:

1688655678443.png

The SunSynk/E-Linter/PV-Pro dongle is easy to hack if you within WiFi range.
They don't turn off the setup WiFi SSID - EAP-xxxxx with the default password 12345678
The connect procedure is in the manual include the password.

Here is my neighbours SunSynk dongle.
1688660129918.png
If he pisses me off, I'm tempted to reconfigure his "dongle".
 
Don't tell them, its handy for switching off noisy neighbours who party late at night.
 
The device in question is developed by Japanese company Contec and sold under the SolarView brand

Who? Never heard of them.
 
Yep, and Sunsynk / Deye / Inge inverters using Solarman or Sunsynk dongles have a major flaw that allows anyone to change any setting for any inverter from anywhere in the world thanks to their support network who publish details of the official support whatsapp groups online for ANYONE to join.
Just send a message, request an update to any inverter by providing just a dongle serial number and a willing support employee will oblige... including downgrade or upgrade firmware and update settings.

Some of those settings can be downright dangerous to update - e.g. if you don't use CAN bus for battery management, you can program the inverter to push dangerous currents to the battery while charging or demand more than the battery can discharge... and if the installer only accounted for the batteries capacity with cabling, that's NOT an ideal situation.
Wait what?
Since when can you remotely change settings on solarman app?
 
Seems Sengen has reset the join link :mad:

View attachment 1552509

The SunSynk/E-Linter/PV-Pro dongle is easy to hack if you within WiFi range.
They don't turn off the setup WiFi SSID - EAP-xxxxx with the default password 12345678
The connect procedure is in the manual include the password.

Here is my neighbours SunSynk dongle.
If he pisses me off, I'm tempted to reconfigure his "dongle".
Is there anything I can change to prevent this? I remember struggling to connect to my dongle.
 
Seems Sengen has reset the join link :mad:
Well that's about time!
But I am still on the group and can still invite anyone I like or advertise the url to anyone else. There are plenty of non-installers on that group.
The SunSynk/E-Linter/PV-Pro dongle is easy to hack if you within WiFi range.
They don't turn off the setup WiFi SSID - EAP-xxxxx with the default password 12345678
The connect procedure is in the manual include the password.

Here is my neighbours SunSynk dongle.
If he pisses me off, I'm tempted to reconfigure his "dongle".
Eish... these people!
And try telling them it's insecure.
 
Last edited:
Is there anything I can change to prevent this? I remember struggling to connect to my dongle.
You can do the following:

1. Log a security issue with SunSynk [email protected] and CC Joel Egan <[email protected]> (head of software)
2. Unplug the SunSynk dongle.
3. Use a IoT vlan/WiFi configured with firewall rules for these kind of devices and CCTV devices, Tuya devices, DSTV Explora and any untrustworthy devices.
 
Last edited:
You can do the following:

1. Log a security issue with SunSynk [email protected] and CC Joel Egan <[email protected]> (head of software)
2. Unplug the SunSynk dongle.
3. Use a IoT vlan/WiFi configured with firewall rules for these kind of devices and CCTV devices, Tuya devices, DSTV Explora and any untrustworthy devices.
2 is the only solution to keep anyone off the street out.
 
You can write with a solarman. You just need to ask support to enable it for your dongle.
Would be amazing if I can have write access via the API.. I don't see anything about it on the documentation.
 
Back
Top