diy solar

diy solar

Daly Smart BMS - is there a dangerous security issue with Bluetooth module?

jimjoe

New Member
Joined
Oct 19, 2022
Messages
29
I am playing with Daly 150A, 48V Smart BMS. Something that bothers me a lot is that the mobile app allows change protection parameters so you can set different values of protection parameters - if you want, you can set 5V for LiFePo4 battery as "cell volt high protect". I won't test whether BMS applies such dummy value charging but something I see being a serious problem with this BMS and its bluetooth solution is lack of any security that could assure me no one else will change battery's parameters to test the 5V cut off for me. You connect bluetooth module to BMS, then get the app for the BMS, chose visible via bluetooth BMS and you're ready to go with the default protection password - 123456. As there's no functionality to change password, set any passwords, I cannot see any way to secure this without development of some sophisticated electronics so in theory - anyone close to your battery/BMS can change the settings with few taps on their phone and possibly destroy quite costly piece of equipment. With security in mind, the bluetooth is not usable to keep constantly connected for monitoring without a risk - especially when you live in a densely populated areas.

If you managed know something about it or know there are some hidden settings to secure the bluetooth connection, please let me know.
 
Last edited:
I'm in the same boat, I recently purchased a battery with a Daly BMS for my campervan, I don't like the idea that someone can park next to me and change my settings...

My BT dongle is inside a stainless-steel battery box but it still has a surprisingly good range, more than enough range so if someone with a Daly BMS camped near me and they noticed my BMS in their app they could connect to mine and screw with it... On the upside, if someone parks next to me with a Daly BMS and they play music late into the night or their TV is too loud, I can log into their BMS and turn their power off, or turn off their ability to charge the battery so it's not an issue the following night, lol (joking)

You wouldn't think it would be so hard to get the password change function working, it seems it's never worked though... I've installed most the old versions of the Android Smart BMS App attempting to do it but none of them work... The odd thing is, on the password change page if you enter an incorrect "old password" it throws up an error, but if you enter the correct 123456 "old password" it just does nothing...
 
I got an update of the app, right now on the version 2.2.5 I could change password and seems to be fairly safe. Once you change the default password, the new password is required to access the configurations and full view of batteries so I am a bit assured about safety of my battery now.
 
I'm glad it works for you... I tried v2.2.5 on 2 Android devices with the same result, I still cant change the password, (BTW: single 4s 12v 100a BMS)... v2.2.5 also seems quite buggy, data and settings are slow to load as I change pages and it crashes often, it's no where near as smooth as the older versions...

I ended up switching back to the last version, v2.1.7 ...
 
I have always maintained that the problem of passwords and security will sooner or later be the main problem....
There are more and more people who have lithium batteries, such as campers, fishermen, etc....
Manufacturers like JBD ( Daly seem more cooperative with requests) just don't seem to care about the problem.
I refer to the same 8S and 16S ( also sold by overkill...). They are not cooperative in making a secure firmware.
The 4S now also have firmware 0x21 where there is no ability to protect parameters.
They even make new firmware where you don't put and change passwords, just because people complain that they can't connect.
Or they develop apps and firmware where there is no possibility to protect parameters.
Yet a simple switch (on the bms) like modems, where if you can't remember the wifi password anymore, you can do a reset procedure, would be enough.
A bms without a password is the equivalent of a bomb in the house, campervan, electric bike, boat, etc.
 
Last edited:
Bit of an inconvenience but can you just unplug Bluetooth module if worried about dodgy neighbors?
 
There is an option to Change the standard 123456 password.
All app versions I use for more than a year support this feature..
 
My issue is on the flip side I have to hit the button on thr top of thr dongle every time I want to connect after being away I'm curious how your connecting to it without hitting the button. Once would be fine but everytime I return is a pain and I'm having to run a long usb extension in order to have thr dongle where it's accessible.
 
Back
Top