Tesla is the expensive option....
Hang on,
last I checked Tesla Powerwall is a cheapest per kWh and life time system cost. Where are you getting that it's the expensive option?
Also in case people are too lazy to read the Forbes article
I wanted a rude username linked:
Beardsley discovered there was one possible path into the gateway, thanks to weak default logins: a user name of any email address and a password of the last five characters of the gateway serial number.
I'm surprised they don't use a pseudo-random string like most consumer Wi-Fi routers these days.
First-party disclosure of the "hack" from the security company cited in the Forbes article that disclosed it.
https://blog.rapid7.com/2020/11/17/dont-put-it-on-the-internet-tesla-backup-gateway-edition/ [Also seems to be miss attributed in the Forbes article to Tod Beardsley instead of Derek Abdine?] Edit: Sent Forbes author an email to check. Edit 2: No reply but attribution has been semi-corrected in the Forbes article.
It's less clear in the Forbes article but they didn't actually hack into any Powerwalls and control them. They did however point out and demonstrate there's plenty of info that can be scraped without authentication if the AP can be discovered and 379 were discovered via a Google database hack. They also point out the
potential vulnerability to hack into and tamper with the system due to weak default credentials and link to another even earlier security disclosure here
https://github.com/hackerschoice/thc-tesla-powerwall2-hack/blob/master/README.md[Just noticed its the same post Phoenix linked.]
But the Rapid7 post also points out
the issue has been fixed for some time.
Prior to publication, we reached out to Tesla's Product Security about this, and they let us know that they are working on further mitigating accidental exposure in some upcoming security features. In the meantime, they let us know that "predictable installer passwords have been fixed for some time on newly commissioned Backup Gateway V1 devices, but some previously commissioned devices still had them, and all online Backup Gateway V1 devices have had their installer passwords randomized." In addition, "all Backup Gateway V2 devices come from the factory with non-predictable random passwords," so that all sounds like good news going forward.
Edit: The Forbes article also mentions this right at the end.
Quick search seems to confirm that:
https://www.tesla.com/sites/default/files/images/support/powerwall/support-powerwall-backup-gateway-002.png
Also pointed out in the Rapid7 article, the powerpack units which are used for battery farms are also on the internet! Though no published hacking of those yet from Rapid7.
2FA has also been implemented but no signs they force users to setup and use it.
https://www.tesla.com/en_AU/support/multi-factor-authentication?redirect=noOpps. Tesla Powerwalls Exposed To Password Hacks Via Google
Anyone following this story? I can just see the script kiddies having fun with this one.
Looks like the recent 2nd-hand news articles are reporting on some fairly outdated security disclosures and no longer present vulnerabilities 
Predictably no one reads the ****ing article and just start slinging based of the title alone
(Even worse not linking any article in the OP)
Home
Help
Search
Login
Register
