Cellular vs Wifi Connectivity

Status
Not open for further replies.
jaggedben said:
For PV that's true. For PV+storage it starts to get a little more gray.
Click to expand...
There is no WIFI anything in 2022, that can't be cracked, just google 'Pairwise Master Key Identifier Crack'. I have seen PV systems connected to WPA networks, which can be hacked in under 2 minutes. A PV system on a roof is a great 'attack surface', its an ideal antenna.
 
gene6 said:
There is no WIFI anything in 2022, that can't be cracked, just google 'Pairwise Master Key Identifier Crack'. I have seen PV systems connected to WPA networks, which can be hacked in under 2 minutes. A PV system on a roof is a great 'attack surface', its an ideal antenna.
Click to expand...
The PV arrays on the roof have zilch to do with wifi transmission or reception in any application I've seen. (And the vulnerability you mention doesn't seem to apply to all 'wifi anything.')
 
gene6 said:
There is no WIFI anything in 2022, that can't be cracked, just google 'Pairwise Master Key Identifier Crack'. I have seen PV systems connected to WPA networks, which can be hacked in under 2 minutes. A PV system on a roof is a great 'attack surface', its an ideal antenna.
Click to expand...
I have no experience with this sort of system but wouldn't any wifi antenna likely be on collection/distribution equipment more so than on the PV panels themselves?
 
ggunn said:
I don't think it does in any case. Internet access is just for monitoring on most residential PV systems.
Click to expand...
New standards now require that inverters be able to be remotely updated with new software and settings if they have an internet connection. Some manufacturers have offered this functionality for a long time. Enphase remotely reprogrammed thousands of inverters in Hawaii to allow for new functionality the utility mandated. So far, an internet connection has not been required for a PV system, but I would not be surprised if there were a requirement in the future for the owner to provide an internet connection or that the inverter has to have a cellular data connection built-in. The ability to remotely reprogram inverters is just too important.
 
kwired said:
wouldn't any wifi antenna likely be on collection/distribution equipment more so than on the PV panels themselves?
Click to expand...
It would be on whatever box actually needs the connectivity, although that box may be a receiver which is then hard-wired to other devices.

pv_n00b said:
The ability to remotely reprogram inverters is just too important.
Click to expand...
As is the ability to prevent that from happening without notice and coordination (do not make changes to my system without my approval).
 
jaggedben said:
(And the vulnerability you mention doesn't seem to apply to all 'wifi anything.')
Click to expand...
What I am saying is the types of security used on 99% of residential WIFI networks is about as secure as a screen door, WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and version 2 of the WPA2, this is the encryption the WIFI radio devices use to send and receive all your private data.
From an attackers perspective they need to intercept this radio signal going between a client and a WIFI router, and from a far distance.
Picking up data from a WIFI printer in your home office from a far away distance is difficult because of walls, proximity of the WIFI printer to the router, etc.
If a PV device on a rooftop such as a optimizer needs to transmit a WIFI signal to a residential router then the router transmits it to the inverter, that is a likely vector.
Once in the network, the firmware of the roof top device is updated with new firmware from the attacker and now functions normally to the user, but now provides a ongoing port of entry, that is one example of many.
If the PV devices are hard wired with cheap cat5e ethernet cable there is no chance a WIFI security hole is created, zero.
Don't trust me, do your own research, consult an IT security professional you trust to review the equipment your installing in peoples homes, every one of these WIFI things are like adding a screen door in someones house.
Same thing with WIFI cameras, WIFI thermostats, dimmers etc.
The thing about PV is the CPU horsepower is way better than a camera and the rooftop location is an ideal radio antenna.
EOT
 
gene6 said:
If a PV device on a rooftop such as a optimizer needs to transmit a WIFI signal to a residential router then the router transmits it to the inverter, that is a likely vector.
Click to expand...
FWIW, the microinverters and optimizers I dealt with when I was designing residential PV systems communicate with a monitoring device via powerline communication over DC conductors.
 
gene6 said:
...
If a PV device on a rooftop such as a optimizer needs to transmit a WIFI signal to a residential router then the router transmits it to the inverter,...
Click to expand...
This doesn't describe any PV communications architecture in the slightest. The vast majority of systems use PLC for comms to the roof. The only common one I'm aware of that uses wireless anything on the roof is Tigo, and that's not 802.11 wifi. Other systems with wifi connections to the inverter have zero comms of any sort to the roof.
 
zbang said:
Solar system or whatever, if the wifi setup is well-configured there is very low (not zero) possibility of being hacked. For a start, don't broadcast the SSID; it's harder to hack what you don't know is there.
Click to expand...
Disabling broadcast of BSSID adds zero security and does not hide it from hackers, it just leaves the BSSID field empty in the beacon frames. The BSSID appears in clear text in other nonencrypted frames, so all anyone needs is to collect a few seconds of frames from the street near your home using a radio header-aware promiscuous sniffer application on a laptop with a wi-fi adapter, or natively using a macbook to get your BSSID. That said, I agree, as long as you choose a decent preshared key and have newer Wi-Fi network gear that uses WPA2 or WPA3, it would be difficult for hackers to be able to obtain your preshared key via brute force and decrypt your network . I think it is far more likely they will get into your network through email fishing or geting you to download a trojan horse virus.
 
solarken said:
Disabling broadcast of BSSID adds zero security and does not hide it from hackers, it just leaves the BSSID field empty in the beacon frames. The BSSID appears in clear text in other nonencrypted frames, so all anyone needs is to collect a few seconds of frames from the street near your home using a radio header-aware promiscuous sniffer application on a laptop with a wi-fi adapter, or natively using a macbook to get your BSSID. That said, I agree, as long as you choose a decent preshared key and have newer Wi-Fi network gear that uses WPA2 or WPA3, it would be difficult for hackers to be able to obtain your preshared key via brute force and decrypt your network . I think it is far more likely they will get into your network through email fishing or geting you to download a trojan horse virus.
Click to expand...
And really, unless you work for the CIA or hold some equally high stakes info on your home network, why would someone go to the trouble of physically staking out your house to gain access to your wifi? I rather doubt anyone participating in this forum is so special.
 
Seems like the most common way to get into residential networks is just to sniff around for unsecured IOT devices that are already on the network and take them over. Every device in a home that communicates with the internet is open to attack. That's why we read these stories about hackers taking over IOT cameras and microphones in homes. How much do you think a manufacturer is investing in security on a $35 camera? How often does that get updated? I just patched my overpriced fancy lightbulbs the other day, weird thing to have to do but I'm glad they are keeping them up to date even if I don't allow them to communicate directly with the internet.
 
Status
Not open for further replies.
Top