Author Topic: Security Concern Connecting ECC to Router  (Read 1639 times)

Cblhygi

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
Security Concern Connecting ECC to Router
« on: June 29, 2018, 09:34:01 AM »
I am concerned that connecting the TED Pro Home ECC to my router will allow unauthorized parties from outside my house to access my home computing network.

What security measures are included with the TED Pro Home Energy Monitor to prevent unauthorized parties outside my house from accessing the home computing network via the PLC connection to the router?  What prevents someone outside my house from spoofing the MTU to gain access to my router?

Support7

  • Administrator
  • Sr. Member
  • *****
  • Posts: 472
  • Karma: +1/-0
Re: Security Concern Connecting ECC to Router
« Reply #1 on: June 29, 2018, 12:56:20 PM »
While I enjoy entertaining these type's of possibilities as the beauty in technology makes all things possible with enough time and determination, with current technology there is no reason to be concerned about this for several reasons;
1st: There is no terminal access or OS on the ECC or MTU so the only way to change it's defined operational parameters would be to rewrite the embedded proprietary firmware and figure out how to flash it which would require physical access and a specific programming tool.

2nd: The ECC requests specific information from the MTU in very small increments, thus manipulating the PLC signal would be completely pointless as you could not transmit enough information to effectively change or do anything and the MTU is not capable of transmitting any settings adjustment information nor gaining any type of root shell access as there is none available. These are not smart home devices; There is no auto update capability, they don't pair with other devices, and they don't use the internet for functionality. They perform a very specific task at very specific intervals and the hardware is limited to it's current capabilities as any firmware change or rewrite would exceed the available resources so it would not function as intended if anything was changed.
(You can choose to post to an online cloud to view your data remotely but this doesn't give reverse access to the ECC as the information goes one way and does not provide access to your local Footprints page unless you port forward.)

3rd: Your router is the access point to your home network, the TED ECC is not and does not provide any wireless access on it's own so there is no way to use it as a stand alone access point or means to access your router as it simply doesn't work that way. You would have to gain access to your router or physical access to the ECC first before you could even begin to consider changing anything and the TED system has no command structure to issue any instructions to anything outside of the TED system itself. And as I mentioned before due to limited hardware resources, if anything was changed the system simply would not work.

As I said before, technology can make anything possible and there is no way I could know for sure what can or can't be done now but logistically, the amount of effort it would take to attempt this would be a complete waste of time as the only information your TED system gives up is how much energy you use. It does not allow any control of the energy you use or anything in your home so if it is possible to do, there is simply no reason to do it for any type of gain that makes sense to me.

Support7

  • Administrator
  • Sr. Member
  • *****
  • Posts: 472
  • Karma: +1/-0
Re: Security Concern Connecting ECC to Router
« Reply #2 on: June 29, 2018, 01:06:01 PM »
Also, we have had corporate pen testers put the TED system to task before implementing it in their environments and they basically said the same as I did above. Anything is possible but it would be pointless as effort substantially outweighs benefit. 

pfletch101

  • Sr. Member
  • ****
  • Posts: 427
  • Karma: +0/-0
    • My home page
Re: Security Concern Connecting ECC to Router
« Reply #3 on: June 30, 2018, 09:55:31 AM »
I am concerned that connecting the TED Pro Home ECC to my router will allow unauthorized parties from outside my house to access my home computing network.

What security measures are included with the TED Pro Home Energy Monitor to prevent unauthorized parties outside my house from accessing the home computing network via the PLC connection to the router?  What prevents someone outside my house from spoofing the MTU to gain access to my router?

Sadly, you should probably be spending your time worrying about the security of your router itself, rather than about the probably non-existent risk of someone using the TED ECC as an attack point on your network. Many low- to mid-grade routers sold for the home and small office environment have (again!) recently been shown to have serious security holes, and even professional-level ones are intermittently found to have issues.
Peter R. Fletcher
TED Pro Home - main MTUs monitoring utility and PV Solar feeds; 2 Spyders monitoring selected individual circuits

Cblhygi

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
Re: Security Concern Connecting ECC to Router
« Reply #4 on: July 01, 2018, 12:47:44 PM »
Thanks for your prompt, thorough and convincing reply to my question.
I will place my TED order shortly.