EG4 Community Forum

Menu
Forums
Support
General Troubleshoo...
Please, provide rec...
 
Notifications
Clear all

Please, provide recommendations for securing wireless access

 
Page 1 / 2
General Troubleshooting
Last Post by Helidriver 4 weeks ago
10 Posts
6 Users
0 Reactions
143 Views
RSS
Posts: 12
 eg4c
Topic starter
December 19, 2024 10:18 pm
(@eg4c)
Eminent Member
Joined: 1 month ago

My installation consists of GridBOSS and 18kPv system. Both arrived with wifi/bluetooth dongles. I see following security vulnerabilities, which allow remote takeover:

1. Wi-fi access point mode cannot be disabled, even after initial configuration is complete. This allows a person within proximity to perform attack on access point and reconfigure dongle. I am aware that it is possible to set a password on those APs, but it is still a vulnerability, as they do advertise, and even absent other vulnerabilities it gives remote person a way to gain information about the system without physical contact.

2. Bluetooth configuration option is always available and I cannot find a way to secure it. Remote attacker can use bluetooth to remotely reconfigure wifi network and use that connection to see configuration as well as change it.

Please provide the recommendations, how to disable wifi access point and secure the dongle against random people connecting to it remotely via bluetooth. Right now people can literally park next to my house and start messing with my electrical system without me even knowing.

Topic Tags
Dongle wifi bluetooth security
9 Replies
Adam De Lay
Posts: 10
 Adam De Lay
December 20, 2024 2:56 pm
(@adelay)
Active Member
Joined: 3 months ago

For Wifi, take a look at section 7 of this doc: https://eg4electronics.com/wp-content/uploads/2024/07/EG4-Wifi-Dongle-Troubleshooting-Guide.pdf

As far as I know, there's no way to disable/secure bluetooth unless EG4 has recently added a pin code requirement.

Reply
Jared
Posts: 247
 Jared
Admin
December 20, 2024 8:06 pm
(@jared)
Online Support
Joined: 3 months ago

It would also be worth noting that the Wi-Fi dongle will need to be on firmware version v2.06 for local SSID encryption.

 
Reply
4 Replies
 eg4c
(@eg4c)
Joined: 1 month ago

Eminent Member
Posts: 12
December 20, 2024 8:26 pm
Reply toJaredJared

@jared I am aware of SSID encryption, but I want if off, not encrypted. Can you also comment on what can be done to prevent bluetooth access?

Reply
Joel Brodeur
 Joel Brodeur
(@joel-brodeur)
Joined: 3 months ago

Estimable Member
Posts: 204
December 20, 2024 8:58 pm
Reply toeg4c
Jared

@eg4c Have you looked at the following device:

Ethernet Adapter - EG4 Electronics

Sometimes the easiest solution is the best solution.
Sometimes not.

Reply
 eg4c
(@eg4c)
Joined: 1 month ago

Eminent Member
Posts: 12
December 20, 2024 9:34 pm
Reply toJoel BrodeurJoel Brodeur
Jared

@joel-brodeur yeah, but it's $200 per adapter...

I'm not looking to be Karen here, but these inverters and grid bosses are not cheap. Not having them wide open looks like common sense. Is it really too much to ask?

Reply
Joel Brodeur
 Joel Brodeur
(@joel-brodeur)
Joined: 3 months ago

Estimable Member
Posts: 204
December 20, 2024 10:45 pm
Reply toeg4c
Joel Brodeur
Jared

@eg4c I agree that it would be nice to have a higher level of security with the BT and Wi-Fi devices, but I can say, I have very little faith in the current security measures of any Wi-fi or BT devices. If I were to use and EG4 inverter as a backup for my server room, I can guaranty that I would be using Enet and not Wi-Fi or BT (probably would even use the cloud connect at all).

For my home system, things are a little different for me, for ease of use and for cost, I went ahead and used Wi-Fi and BT.  Luckily for me I was able to place the inverter in a location that no one could walk by and connect since the range is so limited on the BT.  And I am contemplating using SSID encryption as the Wi-Fi signal is a bit stronger and can be intermittently grabbed outside.

It would be nice to be able to disable the BT, but for now I will watch for an update that allows it or move to the Enet version of the dongle.

Best of luck,

JB

 

Sometimes the easiest solution is the best solution.
Sometimes not.

Reply
Posts: 12
 eg4c
Topic starter
December 20, 2024 9:42 pm
(@eg4c)
Eminent Member
Joined: 1 month ago

@jared can you please confirm that wifi dongles that arrive with EG4 products (namely: 18kpv and gridboss):

- can NOT be locked up against unauthorized people connecting via bluetooth

- expose wifi access point, which can NOT be disabled

and that the only way to address the vulnerability is to unplug them and buy wired adapters?

 

 

Reply
Posts: 2
 wvannus
December 21, 2024 11:08 pm
(@wvannus)
New Member
Joined: 1 month ago

I like the way it's handled by most EVSEs. The AP is broadcasted for 5-10 minutes after manually triggered or power cycled, then it shuts off. This could be exploited, but it adds another layer of security. That behavior also keeps the 2.4GHz band clearer, too. Each dongle blasts the same 40Mhz of channel width with a fair amount of power.

I wish the wired ones weren't so dang expensive.

Reply
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  Dongle (4) , wifi (3) , bluetooth (1) , security (1) ,
Share: