August 9, 2016
Do you know how you can verify if your home or property is fully secure? Well, in Fred Bret-Mounet’s opinion, the only way is to try to violate the security measures yourself. And he did just that to prove his point.
Solar arrays are provided by Tigo Energy. It is a device that lets users control or monitor panels via the internet. Like every other house in California, Bret-Mounet also installed a solar array on his home but he was immensely concerned about the level of security that it provided to his family. So, he decided to check it. To his surprise, there were certain vulnerabilities in the system, with which he could easily spy on the home and even hack the power supply of a thousand homes at least. This was possible due to the open Wi-Fi access point that was linked with the MMU (Management Unit) of the solar array.
The fact that the device utilizes an open Wi-Fi access point is quite disturbing because if someone can get the login password of web account from where the solar panels could be monitored then it becomes an easy job to spy on homes.
But this was just the beginning!
In October last year, he discovered some rather serious issues. He identified that his Tigo was being served via an unencrypted HTTP connection, which was secured with an extremely easy-to-guess username and password namely “admin” and “support.” To him, it was kind of a default login and he could easily manipulate the solar arrays of other residents with the same login information.