Bluetooth safety

[phoon]

I purchased two WattCycle Bluetooth trolling 100AH 12v. In setting up to install I find there is no password/pin change, which WattCycle support confirmed. The watt cycle documentation says that if you mess with the BMS settings it can void the warrenty (there are about 10 changeable parameters, like minimum charge and temp. Yet there is no way to lock random people near my RV from turning off the battery output, turning off charge, or messing with the advanced settings.

The rest of my system modules are all victron and have a 6 digit pin and BLE broadcast encryption key.

Are all cheap BMS so stupid? If I am going to end up without a BMS anyway I thought of wrapping the battery in aluminum foil to make a faraday cage (except near the pus terminal). Either that or returning these batteries and getting some other brand that doesn’t allow trivial crippling of the system.

I use the batteries to maintain a fridge with insulin that costs $16,000 a 90 supply to replace. I’d rather not have one of the two power sources be so unprotected.

 

[OzSolar]

That does seem like an issue. I assume you've tested and are able to see the batteries via blue tooth while you're outside the RV?

Open up the batteries and replace the BMS with a different BMS is an option but then again new batteries aren't that much money compared to a potential loss of $16k.

Most (all?) of the blue tooth devices I've fiddled around with only let one person communicate at a time. EG: could this be a simple as leaving your app open thus your batteries are "locked out" for others to see?

Hopefully now that I've bumped this someone with a better idea will pop in.

 

[phoon]

That does seem like an issue. I assume you've tested and are able to see the batteries via blue tooth while you're outside the RV?

Open up the batteries and replace the BMS with a different BMS is an option but then again new batteries aren't that much money compared to a potential loss of $16k.

Most (all?) of the blue tooth devices I've fiddled around with only let one person communicate at a time. EG: could this be a simple as leaving your app open thus your batteries are "locked out" for others to see?

Hopefully now that I've bumped this someone with a better idea will pop in.

Keeping the BMS busy with the app is an interesting idea I hadn't thought of. However there are two batteries and the app can only talk to one at a time. Yes the batteries can be talked to from the nearby road and neighboring camp sites. I have a return requested RMA from wattcycle. I will just get something with a settable password like power queen. I read their manual and it has a PIN that can be changed.

 

[Brett V]

What's the range of the bluetooth signal? I generally find anything more than 25 feet to the limit. Then someone has to know what to look for and have the appropriate app. Seems like a low risk to me.

 

[MrSparkle]

there are two batteries and the app can only talk to one at a time

If only 2 batteries.
I know that android lets you install an App twice. Something like Primary and Copy. Do not remember from what Android version though and have no first hand experience of that. But I have been thinking of such a solution my self earlier when having two BMSes that one would want to watch at the same time from only one smartphone. Do not know if BT on smartphone would allow to talk to two different BMSes, but that should work, right?

 

[phoon]

Range is about 30 ft. Pair bluetooth on any phone or computer shows XDZN_001. A google search for Bluetooth "XDZN" brings up the BMS to run to talk to it. I agree it is not likely. I wouldn't mind if the app could only see the battery state. But Bluetooth can turn off charging, turn off battery output and set a bunch of battery parameters that can cause permanent damage. I work in computer programming. I guess I am not used to accepting insecure systems.

 

[phoon]

If only 2 batteries.
I know that android lets you install an App twice. Something like Primary and Copy. Do not remember from what Android version though and have no first hand experience of that. But I have been thinking of such a solution my self earlier when having two BMSes that one would want to watch at the same time from only one smartphone. Do not know if BT on smartphone would allow to talk to two different BMSes, but that should work, right?

The standard google app store does not allow installing an app twice. Some phones have a "dual app" option to do this but mine does not. But again, if someone is being malicious they can wait till I am away to hack the batteries.

 

[OzSolar]

If only 2 batteries.
I know that android lets you install an App twice. Something like Primary and Copy. Do not remember from what Android version though and have no first hand experience of that. But I have been thinking of such a solution my self earlier when having two BMSes that one would want to watch at the same time from only one smartphone. Do not know if BT on smartphone would allow to talk to two different BMSes, but that should work, right?

It's clumsy nor am I suggesting it but for discussion purposes would two pay as you go (burners) phones do this? You wouldn't need a data card or cell plan.

And you could geek out on data while you watch both phones at the same time. LOL

 

[JanisD]

Maybe even a second super cheap phone without a sim card for monitoring?

 

[MrSparkle]

Some phones have a "dual app" option to do this but mine does not. But again, if someone is being malicious they can wait till I am away to hack the batteries.

It's clumsy nor am I suggesting it but for discussion purposes would two pay as you go (burners) phones do this? You wouldn't need a data card or cell plan.

And you could geek out on data while you watch both phones at the same time. LOL

Yes, mostly for discussion of different possibilities.

That was what I have been thinking. Getting a cheap phone that is physically dedicated at the battery-site. Always turned on, always connected to both BMSes, Dual-App and Split-screen.

@phoon
An other option would maybe be to side-load the copy of an app? But then again, if one can get hold of APK-file. Does Google play prevent only downloading an APK instead of directly installing?

I my self still only use old button-phone (Hello Family Flintstone! ) But I did buy an Android phole only to be able access my DIY-battery on my E-bike.

 

[JerryK]

maybe pickup a cheap used tablet that you can mount on a wall and have that keep the BMS busy. ?

 

[meetyg]

Have you tried other apps with this battery?
Try the Overkill Solar app, or Xiaoxong app. It just might be that the battery is using a rebranded JBD BMS, which if I recall can have a password for Bluetooth access.

 

[phoon]

That is a good idea. I just tried overkill and it can't see the wattcycle batteries. I don't find a Xiaoxong app. I tried a bunch of other BMS apps and they can't see the batteries.

 

[mjbmikeb22]

I've just received a 12v 100 Ah model with Bluetooth and have just discovered this same masive "no password" security issue.
Anyone with the app can connect to it and turn it on or off via the "charging" and "discharging" buttons and mess with the current and voltage settings.

I'll have to dismantle the battery, purchase and install my own BMS before I can even use it. Unbelievable.

 

[kommando]

Before you throw away the current BMS, check the board and look for the bluetooth board, if may be possible to desolder and then reattach with wires including a switch on VCC wire so the Bluetooth can be turned on and off.

 

[mjbmikeb22]

Are there any potential issues with cycling the power on the Bluetooth board?
For example will the BMS get confused and shutdown if it cannot regularly communicate with it?

 

[kommando]

Doubt it, the JK PB has had a firmware update so it's Bluetooth can be turned on and off. The BMS will just sit there waiting for the Bluetooth to be reenabled.

 

[mjbmikeb22]

OK I'll do the mod to my Wattcycle.

BTW on a related topic I've just watched a video about resetting forgotten JK BMS passwords by simply having knowledge of the serial number and access to a code generator. Essentially it uses a secret back door planted by the manufacturer, but now the knowledge and algorithm are public so anyone can reset the password and mess with the settings. The only way to stop this attack is by physically disabling the Bluetooth board.

If the manufactures really cared about security they would be using the standard Bluetooth pairing mechanism that other gagets have used for the last 20 years.

 

[mjbmikeb22]

Update: To open my Wattcycle battery I first had to drill out the 6 hard plastic plugs that covered the Philips head screws.
After removing the plastic debris the screws came out easily and I removed the lid.
Things to note:

• The weather seal is simply a thin silicone rubber gasget so I'm not sure how well it seals in practice given the relatively lightweight construction of the box.
• The battery lifting strap is anchored to the lid, not the lower half of the box. This means that when lifting the battery all the weight is carried by the 6 screws which seems a strange design choice. When replacing the lid all 6 screws must be in place and tightened to the same torque so the weight is carried evenly between them.
• There appears to be little or no padding between the cell terminals and the plastic case. A hard knock to the side of the case will directly transfer shock to the terminal and battery. There is padding between the BMS and the lid.
• There is lots of white rubbery sealant preventing things from shaking lose. Removing this from the white platic bluetooth connecter was tricky as everything had a uniform white colour. The male connector that plugs into the BMS has a latch that has to be levered open.

I unplugged the Bluethooth and the battery charged OK.
I plugged the Bluethooth in again and the Android app connected OK and reported the state of charge OK.
Obviously with the Bluetooth unplugged you are dependent on the use of an external shunt and coulomb meter to show the state of charge.