I never claimed remote updating would prevent supply chain attacks. I was respon... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		DoctorOetker on Aug 19, 2024 \| parent \| context \| favorite \| on: The gigantic and unregulated power plants in the c... I never claimed remote updating would prevent supply chain attacks. I was responding to: > With a hardware switch, none of that malware will survive a reboot of the device. A reboot of the inverter would not prevent a supply chain attack using MPPT measurement electronics for an optical backdoor channel.

WalterBright on Aug 19, 2024 [–]

So don't put the backdoor channel in without a physical switch.

DoctorOetker on Aug 19, 2024 | [–]

Attackers don't ask permission.

The hardware backdoor channel is present anyway because MPPT needs it.

The software can abuse the measurements to listen for optically transmitted commands.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact