Hacking a Solar Inverter RF Interface – Hackaday
One of the main advantages of cheap radio modules is that they are used in consumer electronics. So once you know what is being used, you can build your own compatible hardware. While researching the RF interface used in a number of cheap "smart" solar inverters [Aaron Christophel], he created an Arduino library for receiving inverter telemetry using a $ 2 RF module. Watch the demonstration after the break.
[Aaron] bought the inverter and the ~ 40 Euro USB “Data Box” which enables the user to wirelessly monitor the status of the inverter. Upon opening the two units, he found that they were using LC12S 2.4 GHz modules that create a wireless UART connection. With a little reverse engineering he was able to find out the settings for the HF modules and the serial commands for querying the inverter status. It does not go into the possible security implications, but the link does not appear to contain any form of encryption. Anyone with a module should be able to sniff out the messages, extract the ID of the inverter and hijack the link. Just knowing the status of the inverter shouldn't be that dangerous, but it doesn't mention what other commands can be sent to the module. Anyone else could have more serious effects.
Sniffing the radio signal that flashes through the air around us is a regular topic here on Hackaday. From testing the security of WiFi networks with an ESP32 to monitoring SpaceX launches with an SDR, the possibilities are endless.