Hacker News new | ask | show | jobs
by DoctorOetker 673 days ago
I never claimed remote updating would prevent supply chain attacks.

I was responding to:

> With a hardware switch, none of that malware will survive a reboot of the device.

A reboot of the inverter would not prevent a supply chain attack using MPPT measurement electronics for an optical backdoor channel.
1 comments
WalterBright 673 days ago
So don't put the backdoor channel in without a physical switch.
link
DoctorOetker 673 days ago
Attackers don't ask permission.

The hardware backdoor channel is present anyway because MPPT needs it.

The software can abuse the measurements to listen for optically transmitted commands.

link