Cybersecurity

cross-posted from: https://lemmy.sdf.org/post/36028716

Archived

Security firm Forescout identified almost 35,000 solar power devices from 42 vendors with exposed management interfaces. These devices include inverters, data loggers, monitors, gateways and other communication equipment.

Key Findings

• Despite being a rapidly growing renewable energy source, there are security issues with remote inverter management, via cloud applications or direct access to management interfaces within inverters.
• Internet-exposed solar power devices are much more popular in Europe and Asia than in other regions. Europe accounts for 76% of exposed devices, followed by 17% in Asia and the remaining 8% in the rest of the world. Germany and Greece each account for 20% of the total devices worldwide, followed by Japan and Portugal with 9% each then Italy with 6%.
• Four of the top 10 vendors with exposed devices are headquartered in Germany, two in China and one each in Austria, Japan, US and Italy. This distribution also does not match the top 10 vendors worldwide by market share, since 9 of those are Chinese.

Mitigation Recommendations

• Do not expose inverter management interfaces to the internet.
• Patch devices as soon as possible and consider retiring those that for some reason cannot be patched.
• If a device needs to be managed remotely, consider placing it behind a VPN and following CISA’s guidelines for remote access.
• Follow the NIST guidelines for the cybersecurity of smart inverters in residential and commercial installations.

I came across a Reddit thread about someone using a neighbour's WiFi, and the (unknown) neighbour later changed the ssid to the user's gaming handle.

Lots of comments saying that public WiFi can be a trap, and a malicious actor can see all your packets, sniff your passwords, spoof login pages.... And not one refuting it with SSL.

Am I missing something?! Is a WiFi/LAN actually that dangerous? I thought pretty much every site and service uses SSL these days, and signed certificates so (unless you have a particular Lenovo or Dell model) DNS spoofing won't work.

And aren't most ports on your own computer closed by default now? Unless you've opened ssh or a samba share with a poor password or something?

I realise packets can still be sniffed, website use can be tracked (but not the data, not things like passwords). With more work, that could be correlated to, for instance, what time a user logs on to a discord server.

Have I missed something big? Is someone else's WiFi or LAN actually dangerous?