Chinese Kill Switch I'm not surprised. Another reason to not be connected to the Chinese servers from your inverter.
Chinese kill switch already installed. FYI...
- Thread starter EPicTony
- Start date
that article is not well written news. It's a bad interpretation of the sources.
While there is reason to be concerned about "rogue telecommunication" hardware in any device, what they are talking about is not a "kill switch" in any way shape or form.
The hardware COULD be used for a killswitch if it was used or anything like that, but this is like someone finding an outlet installed which wasn't wired in, and then calling it a fire hazard.
edit:
store.zerohedge.com
ok im not sure what i was expecting reading news from a meat/supplement store
While there is reason to be concerned about "rogue telecommunication" hardware in any device, what they are talking about is not a "kill switch" in any way shape or form.
The hardware COULD be used for a killswitch if it was used or anything like that, but this is like someone finding an outlet installed which wasn't wired in, and then calling it a fire hazard.
edit:
Home
store.zerohedge.com
rich0
New Member
Yeah, the original articles didn't provide any details and were heavy on speculation. There was no allegation that the device was actually listening for any kind of kill instruction.
Communication devices are built into everything these days. If you put a microcontroller in a device, odds are it has Bluetooth built in. If you advertise having a Bluetooth radio, and you have three because you have a few chips with Bluetooth in them that you aren't using, you now have rogue communication devices.
On higher end hardware you also have the situation where you make one device and sell it under three model numbers and just disable the features that aren't being used. That is cheaper than designing three different devices when the chips aren't very different in price.
Nothing wrong with being careful but there is little evidence this stuff is being used nafariously. Plus it is a risk no matter where the hardware is made.
Communication devices are built into everything these days. If you put a microcontroller in a device, odds are it has Bluetooth built in. If you advertise having a Bluetooth radio, and you have three because you have a few chips with Bluetooth in them that you aren't using, you now have rogue communication devices.
On higher end hardware you also have the situation where you make one device and sell it under three model numbers and just disable the features that aren't being used. That is cheaper than designing three different devices when the chips aren't very different in price.
Nothing wrong with being careful but there is little evidence this stuff is being used nafariously. Plus it is a risk no matter where the hardware is made.
Zerohedge is an unreliable source and this article is further proof with the use of alarmist language and partisan framing to argue for policy changes.
While there are real cybersecurity concerns about foreign-made grid components, and the Reuters report zerohedge cited is legitimate, but, it goes beyond the facts. It uses loaded language and worst-case scenarios to make a political point. It fails to mention ongoing efforts by U.S. agencies (like CISA and DOE) to secure the grid.
It main criticism is the U.S. government’s energy policy, particularly the shift toward renewables. However, this transition is unlikely to be reversed because solar and wind energy have become cost-competitive and continue to get cheaper. As a result, energy companies will either build more solar and wind farms to supply the grid at lower cost, consumers will increasingly install rooftop solar systems, or as we we are already witnessing, a combination of both will occur to meet electricity demand. Link.
If you are interested in security, try looking for reports from established, nonpartisan sources and technical experts in grid security.
While there are real cybersecurity concerns about foreign-made grid components, and the Reuters report zerohedge cited is legitimate, but, it goes beyond the facts. It uses loaded language and worst-case scenarios to make a political point. It fails to mention ongoing efforts by U.S. agencies (like CISA and DOE) to secure the grid.
It main criticism is the U.S. government’s energy policy, particularly the shift toward renewables. However, this transition is unlikely to be reversed because solar and wind energy have become cost-competitive and continue to get cheaper. As a result, energy companies will either build more solar and wind farms to supply the grid at lower cost, consumers will increasingly install rooftop solar systems, or as we we are already witnessing, a combination of both will occur to meet electricity demand. Link.
If you are interested in security, try looking for reports from established, nonpartisan sources and technical experts in grid security.
BarracudaBob
Harvesting free photons from clean fusion
"I brought you into this world, and I'll take you out"
-parents and manufactures
outboard1196
I go victron victron victron, I'm a victron guy.
Same as the other article no proof.
Let's assume there are killswitches in devices, wouldn't you want to get the information out which devices are compromised so they can be dealt with?
Seems like it's pandering to certain people.
Let's assume there are killswitches in devices, wouldn't you want to get the information out which devices are compromised so they can be dealt with?
Seems like it's pandering to certain people.
Koyaanisqatsi
Electron addict
If you want quality news about security issues like this, look to The Register (https://www.theregister.com/) or Hacker News (https://thehackernews.com/). There are a few others as well. But I like El Reg the best. They have a snarky way of writing that makes me smirk as I read.
houseofancients
Solar Wizard
Clickbait to feed into propaganda
houseofancients
Solar Wizard
This feeding into the current en past rigme's anti china propaganda agenda
Exactly what I mean
I was being a bit sarcastic, I mean why would you expect clickbait propaganda from a site which mostly seems to want to sell mail order meat/supplements to preppers.
grebaba
Solar Enthusiast
I think we will find a lot more about this subject when China attacks Taiwan.
Greg
Greg
Brucey
Velcro Man
Ultimately the demand for power electronics from China with associated backdoors will diminish as US manufacturing ramps up. But that may be moreso on the C&I side versus residential where low price of entry may trump all other factors.
do you genuinely think this is an example of a backdoor existing, or are you saying that in general? Are you more concerned with Chinese backdoors than American ones? How about devices with no backdoors (open hardware/software) except that's much less profitable, despite being far safer for users, and better for the concept of "ownership"
Brucey
Velcro Man
Speaking in general terms.
I'm more confident in the integrity of my made in India Schneider xw pro 6848, Victron Phoenix 48/1200, multiplus 12/1200, sccs and my built in USA midnite rosie and hawkes bay 90, than my Chinese ecoflow river 2s and delta 2 max.
The designed in Canada built in Florida overkill Pathfinder BMS that was recently released is another attractive non Chinese based BMS option, versus a JK for example.
Brucey
Velcro Man
Look a bit like Will!
SE wants to paywall security upgrades, because it's "too expensive" for them to maintain and provide them for free, as every other manufacturer does. I'm not sure if that service is a thing yet, but maybe that will be preferred to their current solution of "ignore issues"
Subscription, Network Management Cards, 3 year, Secure NMC System, 1 PDU device, reduce your exposure to attack and stay up-to-date - SWNMC3PDU-3Y-DIGI | APC USA
SWNMC3PDU-3Y-DIGI - Subscription, Network Management Cards, 3 year, Secure NMC System, 1 PDU device, reduce your exposure to attack and stay up-to-date | APC USA
www.apc.com
To me this says "are our devices secure? idk maybe, pay us if you want to have any hopes that they are". The NMC is a full blown computer in the system. If you're using a SE device without an upgradeable NMC, lol.
That's interesting.
CarbonCycle
New Member
Yes - this is exactly what wireshark is for, I use it in my day job. These assertions made without proof - are right in line with the rest of the misinformation space and designed to evoke unreasoning fear in the general population. If there was any substance to this report, there are a significant number of subject matter experts that would love to make their bones publishing blogs about what they found. What do we have after weeks of anxiety? Crickets. Nothing but echoes from bots and those that don't question random reports for veracity. And memes. But no proof or examples. No blogs from research groups. There are steps you can take to harden the attack surface like encrypted DNS or perhaps a managed switch where you can disable the port when you aren't actively using it - but then you lose the telemetry.
I think network security is a good discussion to have - but I'd focus on starting with good perimeter security ( router/firewall ) and habits that keep all devices inside the perimeter from compromise. What I'd like to see is vulnerability testing on these solar control devices. I'm more concerned about buggy open source libraries and/or poor encryption/authentication designs than Chinese APT groups in this context. You don't need to have code in place if you can crack the perimeter and have juicy bugs to exploit.
I think network security is a good discussion to have - but I'd focus on starting with good perimeter security ( router/firewall ) and habits that keep all devices inside the perimeter from compromise. What I'd like to see is vulnerability testing on these solar control devices. I'm more concerned about buggy open source libraries and/or poor encryption/authentication designs than Chinese APT groups in this context. You don't need to have code in place if you can crack the perimeter and have juicy bugs to exploit.
Similar threads
