Jump to content

New remote control feature on Solarman Smart


Tariq
 Share

Recommended Posts

42 minutes ago, Paul Greeff said:

Thank you Tariq, this is a very handy feature.

 

The play store has the old version.

I downloaded and Installed the version from Solarman, https://www.solarman.cn/enterrace_2.html. With this one I have remote control from my phone. 

Can you link directly to the android API to download as I can't find it there. 

Link to comment
Share on other sites

42 minutes ago, pete boy said:

Can you elaborate?

The Solarman app (and its web-based equivalent pro.solarman.cn) is a public interface, the config of your Sunsynk is literally protected by a userid and password. This is considered pretty weak authentication, humans can choose weak passwords and / or re-use passwords across various sites, take a look at https://haveibeenpwned.com. There is 2SV on registration but not on subsequent authentication.

This means that an attacker who discovers your password in a previous data breach, or who successfully guesses your password, can alter the config of your inverter. 

Firstly, when adding this kind of functionality, Solarman should rather make it opt-in, givng the user the choice in taking the risk. Secondly, 2FA should be mandatory for any config changes coming from a publicly available interface.

 

 

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...