Dillsue Posted April 6 Share Posted April 6 1 hour ago, NailBiter said: Having root on your own tech (or a company that won't ever go bust e.g. Apple) is incredibly important IMO Not sure you'll find a PV inverter from a company with 100% imunity from bankruptcy. You might find a company that's very open with their designs/in depth configuration so you can fault find to the level you want but realistically your likely stuck needing occasional manufacturer support. Link to comment Share on other sites More sharing options...
NailBiter Posted April 6 Author Share Posted April 6 (edited) 28 minutes ago, Dillsue said: Not sure you'll find a PV inverter from a company with 100% imunity from bankruptcy. You might find a company that's very open with their designs/in depth configuration so you can fault find to the level you want but realistically your likely stuck needing occasional manufacturer support. I think Victron might be the closest. They don't deal direct with customers at all and their product offering is hard to understand for someone without specific training. There are two risks of company bankruptcy, one of which only applies to cloud connected kit: 1. The device breaks and spares cannot be obtained / fitted (either directly, via a non-OEM replacement or from scrap) 2. The device becomes locked out (apparently something as small as a device tripping an over sensitive fuse twice in a row can do this) and can only be reset via their now non-functional cloud system. Not only does 2 have a greater chance of happening but it is unnecessary and hard to mitigate (rarely such a thing as a non-OEM cloud). Edited April 6 by NailBiter Link to comment Share on other sites More sharing options...
SteamyTea Posted April 6 Share Posted April 6 Don't we have the Right to Repair them under the Consumer Rights Act. Or is that something we gave away when we voted to leave the EU. Link to comment Share on other sites More sharing options...
Dillsue Posted April 6 Share Posted April 6 1 hour ago, SteamyTea said: Don't we have the Right to Repair them under the Consumer Rights Act. Or is that something we gave away when we voted to leave the EU. I think we pretty much align ourselves with EU requirements or we'd not be able to sell them anything?? No idea if we have the right to repair but that right likely evaporates if a manufacturer goes bump?? Link to comment Share on other sites More sharing options...
Dillsue Posted April 6 Share Posted April 6 3 hours ago, NailBiter said: IThere are two risks of company bankruptcy, one of which only applies to cloud connected kit: 1. The device breaks and spares cannot be obtained / fitted (either directly, via a non-OEM replacement or from scrap) 2. The device becomes locked out (apparently something as small as a device tripping an over sensitive fuse twice in a row can do this) and can only be reset via their now non-functional cloud system. Not only does 2 have a greater chance of happening but it is unnecessary and hard to mitigate (rarely such a thing as a non-OEM cloud). Number 1 happens anyway through obsolescence even with a fully functioning manufacturer-spares dry up followed by support a few years later. Lack of spares/support being an issue needs the manufacturer to go bump, no one to take over their business, premature failure and a lack of non OEM parts/secondhand parts. I'm not sure how often number 2 happens that can't be reset with a reset to factory defaults or software reinstallation. I'm not saying it doesn't happen but a manufacturer would soon be struggling with sales if that was actually the case. I appreciate a few people want to be totally independent in looking after their tech but I think for the majority the risks you've identified are low, certainly for me they are. The other thing to consider in not having an internet connection for your inverter is that you loose the possibility for your inverter to send diagnostic info to the manufacturer. This would help them debug and maybe covertly install fixes. Maybe your fault is happening with all Energy Bank systems but those connected to the Internet are getting covertly reset whilst SE work on a fix?? Not saying this happening but it seems plausible to me?? Link to comment Share on other sites More sharing options...
Roger440 Posted April 6 Share Posted April 6 15 hours ago, NailBiter said: No software update for at least 6 months before generation stopped but when I went to troubleshoot you have to install the latest update. SetApp forces you to do so when you try to connect to the inverter. The issue was related to our battery, my guess is they have some sort of quite sensitive lockout mode as their Energy Bank is a newish device and they'd rather inconvenience customers than potentially get in trouble with grid operators. It came up as a priority 9 (highest) alert and the alert made it very clear the only way to clear it was to contact support. Interestingly it didn't just lock out the battery it also stopped all generation. I'd much rather have access to troubleshoot myself than have to beg someone else to make the changes to their backend I need made. Solar is about self sufficiency not dependance. @elite No specific fault code, just a generic message like below: Im with you 100%. If i cant fix it myself, or at the very least, identify the defect myself, then it isnt getting fitted. Well, certainly not for anything important, like heat and power. Being reliant on "support" likely means whatever it is wont be working for extended periods if it goes wrong. I get that limits my options, but so be it. 1 Link to comment Share on other sites More sharing options...
Dillsue Posted April 7 Share Posted April 7 10 hours ago, Roger440 said: Being reliant on "support" likely means whatever it is wont be working for extended periods if it goes wrong. I'm not sure how long it took SolarEdge to respond and remedy the OPs problem but in my experience they provide a very fast response. When an optimiser failed they remotely diagnosed the problem and dispatched a replacement in a day Link to comment Share on other sites More sharing options...
Roger440 Posted April 7 Share Posted April 7 7 hours ago, Dillsue said: I'm not sure how long it took SolarEdge to respond and remedy the OPs problem but in my experience they provide a very fast response. When an optimiser failed they remotely diagnosed the problem and dispatched a replacement in a day The problem is you go can never really know how good response will be. Yes, some compnies reputation is better than others, but quite often that counts for nothing, or its some bizarre fault they dont understand. Id rather not put myself in that position in the first place. 1 Link to comment Share on other sites More sharing options...
SteamyTea Posted April 7 Share Posted April 7 35 minutes ago, Roger440 said: some compnies reputation is better than others SMA make good inverters, but when we had problems with them, it was always a case that the inverter had to be shipped back to Germany. That was over a decade ago and the UK was a small market for them, so things may have changed. Link to comment Share on other sites More sharing options...
billt Posted April 7 Share Posted April 7 2 minutes ago, SteamyTea said: SMA make good inverters, but when we had problems with them, it was always a case that the inverter had to be shipped back to Germany. That was over a decade ago and the UK was a small market for them, so things may have changed. It was still the case last year when I had to return an inverter. Even worse I had to get an EROI number to get it returned to the UK as we'd left the EU then. Link to comment Share on other sites More sharing options...
MikeSharp01 Posted April 7 Share Posted April 7 I guess, in terms of value, the trick is to work out the life length of the gear. The Solar panels have long guarantees, 25 plus years, but do we seriously expect the company to honour them, let alone still be around, in 23.5 years? There is always the challenge of us still being around then to worry about it. So with the inverter which have much shorter guarantees anyway. Is it disposable equipment if so do the sums and work out how long it needs to last. Also if a few inverter manufacturers switch to a monetised model - they all will and nobody will be able to get one that is not cloud connected. Link to comment Share on other sites More sharing options...
NailBiter Posted April 8 Author Share Posted April 8 On 07/04/2024 at 08:56, Dillsue said: I'm not sure how long it took SolarEdge to respond and remedy the OPs problem but in my experience they provide a very fast response. When an optimiser failed they remotely diagnosed the problem and dispatched a replacement in a day It took about an hour from contacting them to having the issue resolved which in all fairness is truly excellent service. 21 hours ago, Roger440 said: The problem is you go can never really know how good response will be Exactly, or once the inverter is a bit older they might be incentivised to not fix issues or worse to create issues (like Apple getting caught degrading their battery performance allegedly to push more upgrades) 20 hours ago, MikeSharp01 said: nobody will be able to get one that is not cloud connected. We are fast approaching that point it seems. Link to comment Share on other sites More sharing options...
Dillsue Posted April 8 Share Posted April 8 2 hours ago, NailBiter said: We are fast approaching that point it seems. In terms of PV inverters needing to be internet connected, everyone who's commented says their inverter runs, or believes will run, without an internet connection. Theres about half a dozen mainstream manufacturers been stated not to need an internet connection to run so not sure why you're thinking otherwise?? Link to comment Share on other sites More sharing options...
Nick Thomas Posted April 8 Share Posted April 8 On 04/04/2024 at 15:45, NailBiter said: Are there any inverter manufacturers where you can selfhost the control plane locally? I've got a LuxPower hybrid inverter one that *asks* to connect to the cloud, but can be set up not to, and can still be managed locally using https://github.com/celsworth/lxp-bridge (optionally + HomeAssistant). Pretty skunkworks, but it does at least work when there's no internet. Local security is also important. Some inverters set up an insecure wifi AP by default - prior to this one, I had a Solax that would throw up an unencrypted AP where the password was the SSID - so anyone can stand outside your house with a mobile phone and control your inverter. The LuxPower one was slightly better than that by default, but can be configured to act as a wifi client, rather than AP, which is much better - altough direct modbus, or even ethernet, would be better still. 1 Link to comment Share on other sites More sharing options...
NailBiter Posted April 8 Author Share Posted April 8 2 hours ago, Dillsue said: In terms of PV inverters needing to be internet connected, everyone who's commented says their inverter runs, or believes will run, without an internet connection. Theres about half a dozen mainstream manufacturers been stated not to need an internet connection to run so not sure why you're thinking otherwise?? That's a fair point. My primary experience is with SolarEdge and they make you register the Serial Number of the inverter with their cloud before they will even let you start setting up the device. My concern is nobody seems to be focusing on local control planes it is all cloud. Which is optional until it isn't. I'm not saying we've reached that point but that it could conceivably be round the corner if consumers don't start pushing back. Link to comment Share on other sites More sharing options...
Dillsue Posted April 8 Share Posted April 8 9 minutes ago, NailBiter said: That's a fair point. My primary experience is with SolarEdge and they make you register the Serial Number of the inverter with their cloud before they will even let you start setting up the device. My concern is nobody seems to be focusing on local control planes it is all cloud. Which is optional until it isn't. I'm not saying we've reached that point but that it could conceivably be round the corner if consumers don't start pushing back. As I've said previously, my HD wave inverter installed last year had no WiFi aerial for months so no connection to the internet when it was set up. You have to remember that not everyone has an internet connection and theres no/poor mobile data in lots of places, so insisting on an internet connection to set up an inverter seems a daft thing to do. Not saying it's not the case, but seems a commercially daft thing to do. Not sure what you mean by control "plane" but I assume you mean an App/GUI/HMI?? If there's none available that's because there's not enough demand and that's likely because most people are happy with current internet offerings and Apps. I'm not sure how many domestic inverters suffer cyber attacks but I'd imagine globally it's zero or insignificant so you might be being overly concerned with the risk of having your inverter online?? Link to comment Share on other sites More sharing options...
Nick Thomas Posted April 8 Share Posted April 8 4 minutes ago, Dillsue said: I'm not sure how many domestic inverters suffer cyber attacks but I'd imagine globally it's zero or insignificant so you might be being overly concerned with the risk of having your inverter online?? People are out there constantly scanning everything connected to the internet for every vulnerability there is, and making money out of the devices they gain control of. In extreme cases that includes gaining access to them by compromising the cloud service they connect to. They don't even care what the devices are - just that they can get them to issue traffic on command. We have a running joke in the industry, which is that the S in IoT ("Internet of Things" - which definitely includes internet-connected inverters) is for security. Yup, it's not there. https://www.sciencedaily.com/releases/2022/11/221129134502.htm suggests this is just as true of inverters as it is of, e.g., IoT doorbells. The more local attack of someone stood next to your house controlling the inverter directly are much less likely, but still possible - why would anyone design a system that allows it? It's just weird. Link to comment Share on other sites More sharing options...
SteamyTea Posted April 8 Share Posted April 8 Isn't it abut time that we all started routing out 'stuff' though the TOR network? I am amazed at how reliable my TOR server is, it just keeps going and cost me a tenner. I have got OnionFruit on my Windows PC, that seem to work well. Posting this through it. Link to comment Share on other sites More sharing options...
MikeSharp01 Posted April 8 Share Posted April 8 18 minutes ago, Nick Thomas said: People are out there constantly scanning everything connected to the internet for every vulnerability there is, and making money out of the devices they gain control of. In extreme cases that includes gaining access to them by compromising the cloud service they connect to. They don't even care what the devices are - just that they can get them to issue traffic on command. We have a running joke in the industry, which is that the S in IoT ("Internet of Things" - which definitely includes internet-connected inverters) is for security. Good points Nick although my concern is not with security but with giving away my data and having, eventually, to pay to have my equipment generate electricity for me. Look what British gas did to Hive - you need to oay £5 PCM (or some such figure) for the pleasure of keeping all the features you thought you had paid for when you brought the device in the first place. Link to comment Share on other sites More sharing options...
Roger440 Posted April 8 Share Posted April 8 1 hour ago, MikeSharp01 said: Good points Nick although my concern is not with security but with giving away my data and having, eventually, to pay to have my equipment generate electricity for me. Look what British gas did to Hive - you need to oay £5 PCM (or some such figure) for the pleasure of keeping all the features you thought you had paid for when you brought the device in the first place. Absolutely this. Putting your house, things in it and other things you have at the mercy of organisations whose only motive is profit. Have we all forgotton rings little expoilts. Once you invertor is built in, whats to stop them taking control, and demanding £5 a month for having it working? Im afraid its a no from me. As Nailbiter says, without consumer pushback, we will see more and more of it. Sadly, i doubt we will see consumer pushback, people seem completely relaxed about it. 1 Link to comment Share on other sites More sharing options...
Dillsue Posted April 9 Share Posted April 9 The topic is about PV inverters so no personal data, no banking details, pics of the wife etc etc. If someone hacks your inverter just disconnect it from the internet, reset to defaults and fire it up again. Fret about all the other connected stuff if you want but I don't think your inverter being hacked is worthy of any worry In terms of avoiding future charging, just don't buy an inverter that needs an internet connection to run. Seems that there's likely none out there that do need a connection so I can't see any post sales charging being "just round the corner" 1 Link to comment Share on other sites More sharing options...
NailBiter Posted April 9 Author Share Posted April 9 (edited) Someone could definitely break something and piss off your DNO if they had root on your inverter. They could likely cause permanent damage to your home battery if you have one fitted (it isn't hard, drain it to zero and turn off alerts) which would be expensive. That said my concern isn't with hackers my concern is bean counters at the company deciding they want to increase profits at the expense of customers. Exactly like the ring thing. None of my neighbours understood why I insisted on non cloud connected cameras and then the same people were seeking my advice when they were switching away from Ring. Putting an overly sensitive lockout in a device and only allowing unlock via the internet is the same as requiring internet in my book. I also object to being forced to install updates when using SetApp to login to my device. I'm normally very careful about update cycles and reading release notes. No I don't want you force pushing 1 day old code on my inverter which is a critical piece of my infrastructure before you let me access it. You may be comfortable slipping on a pair of digital handcuffs and that's fine. Sometimes I wear a pair for myself in return for convenience (e.g. with Apple products). In this particular instance and with this particular piece of hardware I'm not comfortable wearing them. Edited April 9 by NailBiter Link to comment Share on other sites More sharing options...
NailBiter Posted April 9 Author Share Posted April 9 (edited) This isn't something that I have heard of currently happening but there is no reason why it couldn't. Ransomware authors are money grabbing bastards (literally). If they think there is money to be made hacking inverters and threatening to burn your house down while you are at work if you don't pay them they will do so. Bonus points if they use their access to work out your working schedule from your usage patterns. Push Notification: We have root on your inverter, your house will burn down / we will permanently damage your expensive solar system / we will get you a fine from your DNO if you don't pay x Bitcoin to this address in the next 15 minutes. Push Notification: 14 minutes.... send x Bitcoin to address repeated. Push Notification: Your monthly usage data is here (to show we have access) Push Notification: We have turned your power off to prove we can. Push Notification from various IoT Cloud Products: device 1 is offline, device 2 is offline etc etc. Push Notification: 13 minutes... send x Bitcoin to address repeated. What do you do at this point? Assume they can make good on their threat and pay them? Try and get home in 15 minutes? Send a neighbour round? Call their bluff and hope they are bluffing? What I'd do in that instance is put my phone on silent, because I know god damn well they don't have the access they are claiming as there are several layers of defence in depth between my inverter and them. You are probably thinking what can NailBiter do security wise that SolarEdge can't. Well firstly I don't allow people to login to my network with a username and password. Secondly if I absolutely had to for some reason I'd at least bother to implement 2FA. Their security posture is so weak because they think exactly like you do, that this isn't possible. Which it isn't until it is. It seems most companies prefer remediating security breaches rather than preventing them in the first place. What does exposing something to the public internet give me that my overlay network does not? Edited April 9 by NailBiter Link to comment Share on other sites More sharing options...
Dillsue Posted April 9 Share Posted April 9 1 hour ago, NailBiter said: Their security posture is so weak because they think exactly like you do, that this isn't possible. I don't think like that at all. I think it's 100% possible that a determined hacker could get into my inverter. I also think its 99.99999% probable that they won't(more 9s are needed but youll get the point). The consequences of them getting into it are low/med as worse case I might have to buy a new inverter. Overall risk is low. The nats nudger of risk isnt worth doing anything about, for a PV inverter. Link to comment Share on other sites More sharing options...
NailBiter Posted April 9 Author Share Posted April 9 Yeah that's fair, I think my point regarding the bean counters is a lot more pertinent. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now