After a recent EG4 18kPV installation I was curious about how its cloud monitoring system was designed. To my surprise, there is
no encryption whatsoever, and raw RS485 MODBUS commands are being sent directly across the public internet.
This means a MITM attacker has trivial control over sensitive inverter parameters, such as battery thresholds and grid-interactive features. As just one example, the parameters used for IEEE 1547 interaction could be misconfigured as part of a larger effort to destabilize the grid. Finally, the entire inverter firmware appears to be updatable via this route, possibly opening up an even wider attack surface area beyond just the documented MODBUS parameters.
There were recent rumors of solar inverters being attacked remotely (also discussed on this forum), but they appear to have been dispelled after investigators followed-up:
Regardless, it remains prudent to reduce the external attack surface of these devices, as they are often connected to potent energy storage systems. One way to mitigate this would be to completely disconnect the inverter from the Internet, but that would mean having to roll our own local monitoring.
Instead, I used the raw plaintext protocol to my advantage and wrote some lightweight router firewall rules that allow a handful of vetted innocent requests through, while blocking all other mutation requests or otherwise undocumented features. This lets us leverage the existing EG4 cloud monitoring and inverter as-is with no extra hardware requirements, while also protecting our equipment. Here's the firewall rules, instructions, and background:
When attempting to modify inverter settings in the cloud or app I now get "Timeout" or "Unknown error" messages, and then it takes a few minutes for RS485 tunnel to be reestablished and automatic statistics to begin flowing again. There's also a narrow allowance that allows remotely modifying the date/time to adjust for clock drift and applying DST changes.
Hopefully others find this useful as they consider how to best protect their equipment.