Hacker News new | ask | show | jobs
by WalterBright 672 days ago
> It’s also possible to install new software (firmware) on the inverters via the manufacturer, either automatically or manually.

As always, the vulnerability of enabling remote updates. When will people learn? Updates should only be possible if there's a physical switch (not a software switch) on the device. If it's "off", no updates are possible.

Isn't the most devastating attack vector remotely installing malware? With a hardware switch, none of that malware will survive a reboot of the device.

I remember when hard disk drives came with a write-enable jumper. Then, once you've made a backup, the jumper is removed. Then it is impossible to accidentally or maliciously write over your precious backup.
1 comments
DoctorOetker 672 days ago
That doesn't protect against supply chain attacks.
link
WalterBright 672 days ago
Neither does remote updating. But you'll still need physical access to the supply chain to compromise it, and that's not possible for some hacker in a basement.
link
DoctorOetker 672 days ago
> But you'll still need physical access to the supply chain to compromise it, and that's not possible for some hacker in a basement.

I forgot to respond to this sentence in the sibling response.

Supply chain attacks can be executed by intermediaries of the supply chain, or by manufacturers themselves: develop the capability to deny a foreign nation its energy infrastructure. The manufacturer is not a hacker in a basement. Manufacturers can be pressured by their local gorvernments, militaries, 3 letter agencies, ...

A precautionary principle would induce potential target nations to surreptitiously catalogue the inverter boards, sort them by most-GW serving type, and consider which control traces to cut to control the internal energy transfers in its inductors, capacitors, ... from a trusted parasite board. Just develop and test a few parasite boards for the most common inverters, and preferably have critical stock ready.

The main value in inverters is the power switches, inductors, capacitors, ... it would be cheaper to reroute the control to a trusted controller in the event of a calamity. We would survive fine, but it will be a painful few days.

link
DoctorOetker 672 days ago
I never claimed remote updating would prevent supply chain attacks.

I was responding to:

> With a hardware switch, none of that malware will survive a reboot of the device.

A reboot of the inverter would not prevent a supply chain attack using MPPT measurement electronics for an optical backdoor channel.

link
WalterBright 672 days ago
So don't put the backdoor channel in without a physical switch.
link
DoctorOetker 672 days ago
Attackers don't ask permission.

The hardware backdoor channel is present anyway because MPPT needs it.

The software can abuse the measurements to listen for optically transmitted commands.

link