• Have you tried out dark mode?! Scroll to the bottom of any page to find a sun or moon icon to turn dark mode on or off!

diy solar

diy solar

CHINA kills all non Sol-Ark branded DEYE unit in the USA this morning.

pone said:
I think this completely misses the point. China has 100% of the power, and Sol-Ark has none. In this case China exercised that power in order to honor a business agreement with Sol-Ark. In the future, China can exercise that power for any reason they care to find, or for any reason the CCP will make up and order companies to follow. Your Deye systems have a backdoor that lets China alone decide who lives and who dies.
Click to expand...
That's not the point. People might not like the ramifications of how this played out, but that's a side story. There were business agreements. Businesses were butting heads based on those agreements. One business decided to act on it in a way they saw fit. Whether we agree with it or not changes nothing. What China can do or force it's companies to do has nothing to do with the rights of Sol-Ark to protect their interests.
China has no power over Sol-Ark. They can't, as far as we know, control Sol-Ark inverters. If Deye (China) doesn't fulfill their obligation to the contracts, Sol-Ark is free to go anywhere else they want, or even go in house.

If China is behind this at all, all they really did was tip their hand. If this doesn't open people's eyes to the mess we've gotten ourselves into, that's on us.

Again, my points were simple.
This did not affect Sol-Ark inverters.
Sol-Ark has a right to protect their interests.
Tell me how China turning off Deye inverters has power over Sol-Ark. It doesn't. Sol-Ark wasn't affected in a negative way. And in fact, if Deye is cracking down on illegal installs, this is exactly what Sol-Ark is fighting for. Sounds like Sol-Ark wins in this case. And winning is power.

Bottom line, the OP was about someone, we assume Deye (China), killing Deye inverters that were installed in sales territories that were not allowed. This happened because of business agreements. What China can do and the power they have outside of this agreement is a different topic. It may be relevant, but it wasn't the OP.
 
pone said:
As a matter of US national security, this incident really raises questions about the wisdom of buying any device from China that is critical infrastructure. In a regional military or political conflict, can the CCP just order all Chinese manufacturers to shut off critical infrastructure all across the US?
Click to expand...
Inverters would need access to the internet. I have "dumb" inverters that do not connect to the internet. I could access data by using a LAN and then thru access of the LAN from outside the LAN. It's not hard.

It is the inverters that connect directly to the internet/cloud thru an access point that have a problem with remote changing of settings or a kill switch.
 
Tulex said:
They can't, as far as we know, control Sol-Ark inverters.
Click to expand...
I encourage all Sol-Ark owners to ensure they are no longer connected to the China server. Yes, Sol-Ark ported all systems to the US server, but in my case they neglected to remove mine from the China server. I had tech support correct this. All 3 systems I maintain were still on the China server.
 
Oldphile said:
I encourage all Sol-Ark owners to ensure they are no longer connected to the China server. Yes, Sol-Ark ported all systems to the US server, but in my case they neglected to remove mine from the China server. I had tech support correct this. All 3 systems I maintain were still on the China server.
Click to expand...

Is there a way to determine this myself (without relying on Sol-Ark support to check for me)?
 
JimP said:
Is there a way to determine this myself (without relying on Sol-Ark support to check for me)?
Click to expand...
You could prob see China bound traffic at the router depending on what you are using, I think in a previous solark firmware thread they got into the details of the exact ips and geolocations.
 
Crowz said:
Only if your dumb enough to keep your equipment connected to the internet :)

My equipment has no direct connection to the net. Its all buffered/firewalled so the only thing it can talk directly to is my local network.
Click to expand...

All that would be needed is a watchdog timer in your inverter's firmware, and it would brick itself at a pre-set time if you don't let it connect.

I downloaded a free CAD program, "Sweet Home 3D" or something like that. I used it to do drawings of a project I wanted to get permits for. What they had not disclosed was that it would expire at year's end and I had to start paying to access my data. Same could happen to your off-grid local network power system.
 
Hedges said:
All that would be needed is a watchdog timer in your inverter's firmware, and it would brick itself at a pre-set time if you don't let it connect.

I downloaded a free CAD program, "Sweet Home 3D" or something like that. I used it to do drawings of a project I wanted to get permits for. What they had not disclosed was that it would expire at year's end and I had to start paying to access my data. Same could happen to your off-grid local network power system.
Click to expand...
Well if it the inverter in question keeps time as well as mine do it will go back in time before it would reach a timeout :)

As for croaking at a 1 year point or something it wouldn't work as a weapon against other countries for china since it wouldn't be something that could be activated because of a world crisis.

I would look at it as a defect more than a security issue if they had it set to do that.
 
Hedges said:
I downloaded a free CAD program, "Sweet Home 3D" or something like that. I used it to do drawings of a project I wanted to get permits for. What they had not disclosed was that it would expire at year's end and I had to start paying to access my data. Same could happen to your off-grid local network power system.
Click to expand...

Sweet Home 3D is open source. I've used it, and still use it, to design everything from a woodshed to the sauna (and did the house with it) and I'm definitely not paying anything. Must have been something else.
 
If you’ve ever set up a WiFi device in your home, you had to enter your password to connect to your WiFi. It could be an inverter dongle, a smart switch, a TV, a smart thermostat, Alexa, Apple Watch, tablet, laptop, security camera, or any IoT device. That device could have sent your WiFi password to the mothership. You would have never known. So “they” already know your WiFi password. And they know your location (based on IP or GPS). Even if you have a secure network, your neighbors do not. Using your neighbors hacked devices they can easily penetrate your network (they already have the password) and hack your network as well.

If you think you know more about network security than a nation state think again.
 
Last edited:
JWLV said:
If you think you know more about network security than a nation state think again.
Click to expand...
Somewhat true. Tell that to the various hacker groups that frequently gain access to nation state resources. There is always a bigger fish. Until there isn't.

That said, there are some interesting ways to exfiltrate data even without an internet connection. Using a speaker as a microphone, or the other way around. They are basically the same thing. Old hard drives could be programmed to click out data like morse code to a microphone. There are other air gapped methods.

But, the thing people forget is that data mining in that fashion has costs. Hopefully most of our data doesn't justify the cost. Also, most people just post everything online for free, so no need to go digging around in someone's personal offline cache of info.

The best advice I could give to someone for security is to minimize surface area for attack (fewer devices and accounts), and keep those secure. Also don't click on random things, or give out information to those who don't need it, even a little at a time.
 
JWLV said:
If you’ve ever set up a WiFi device in your home, you had to enter your password to connect to your WiFi. It could be an inverter dongle, a smart switch, a TV, a smart thermostat, Alexa, Apple Watch, tablet, laptop, security camera, or any IoT device. That device could have sent your WiFi password to the mothership. You would have never known. So “they” already know your WiFi password. And they know your location (based on IP or GPS). Even if you have a secure network, your neighbors do not. Using your neighbors hacked devices they can easily penetrate your network (they already have the password) and hack your network as well.

If you think you know more about network security than a nation state think again.
Click to expand...
All of my equipment is using either wired ethernet or fiber. Mostly fiber on longruns. I always throw the wifi dongles the equipment comes with in a box when it arrives. I have never used any of them.
 
Oldphile said:
I encourage all Sol-Ark owners to ensure they are no longer connected to the China server. Yes, Sol-Ark ported all systems to the US server, but in my case they neglected to remove mine from the China server. I had tech support correct this. All 3 systems I maintain were still on the China server.
Click to expand...
I hate to break it to you, but hosting a service on a particular server, having all of the same qualities as another server in another location, e.g. a "mirror" server, gives no protection. It matters not where the server is located. What matters is who is controlling the site and/or software that the server hosts. Having everything on a US server means nothing. It could be a server in Antarctica and still contain the backdoors that China embedded in the original firmware, software, or website (such as via its CGI scripts) that would compromise the Deye/Sol-Ark/etc. units.
 
JimP said:
Is there a way to determine this myself (without relying on Sol-Ark support to check for me)?
Click to expand...
I signed into PowerView and was able to access settings. After Sol-Ark corrected, I could still sign into PowerView but no longer had access to settings.
 
Norwasian said:
I hate to break it to you, but hosting a service on a particular server, having all of the same qualities as another server in another location, e.g. a "mirror" server, gives no protection. It matters not where the server is located. What matters is who is controlling the site and/or software that the server hosts. Having everything on a US server means nothing. It could be a server in Antarctica and still contain the backdoors that China embedded in the original firmware, software, or website (such as via its CGI scripts) that would compromise the Deye/Sol-Ark/etc. units.
Click to expand...
MySolArk looks like PowerView but it's their own development. No doubt copy and paste, but Sol-Ark controls it.
 
Oldphile said:
MySolArk looks like PowerView but it's their own development. No doubt copy and paste, but Sol-Ark controls it.
Click to expand...
Perhaps they licensed it, but we don’t know if Sol-Ark has all of the source code for everything.
If not, any backdoors that were present may still be in there.

If they do have everything, then Sol-Ark can reasonably say that MySolArk is under their control.
Assuming they scrubbed it.
 
Oldphile said:
MySolArk looks like PowerView but it's their own development. No doubt copy and paste, but Sol-Ark controls it.
Click to expand...
Perhaps Sol-Ark thinks they control it. Backdoors are not evident to most people and often escape notice of even the so-called experts. As one example, do you trust the SSL technology co-developed by the Pentagon?

I live with the assumption that any online communication is accessible by the powers that be. If I were a Sol-Ark owner (thankfully I am not), I would not trust it to have any connection to the internet.
 
Could someone remind me how this is different from other remote monitoring? Is there a case being made that there is a more secure solution by all other vendors?
 
SunDave said:
Could someone remind me how this is different from other remote monitoring? Is there a case being made that there is a more secure solution by all other vendors?
Click to expand...
Not by me. Anything on a remote server can be compromised.
Any firmware can ship with backdoors.

Cutting the cord is the only way to be sure.
 
SunDave said:
Could someone remind me how this is different from other remote monitoring? Is there a case being made that there is a more secure solution by all other vendors?
Click to expand...
Nope none of them are "safe". That's why the only real solution if it is actually something that someone is worried about is to collect all the data yourself with the unit having no direct internet access at all.

Anything short of that is not completely "secure". At the same time most probably don't care. But if you do that is the only real solution.
 
You must log in or register to reply here.

diy solar

diy solar
Back
Top