Turn off WiFi in Powerwall Gateway?

[Jedi2155]

So the WiFi Adapter is actually in the Solar Inverter on the Powerwall+ units. There's an actual WiFi antenna that looks like it has an SMA connnector within the Inverter housing that is easily accesible.

My Tesla Solar Adventure

The Order 25 June 2021 After research and talking with several solar companies, we decided on an 8.5kW Tesla Solar plus Powerwall+ system with their new high efficiency 425W panels. The main reason for our decision was the low cost, handsomely framed panels and the whole house backup capabili

www.jasonacox.com

 

[Vines]

Please before doing this ensure you do not have any neurio wifi meters connected. Many systems would not have any but some would have one more additional meters which are mostly setup over wifi only.

You might lose consumption or PV data, depending on the system configuration. Some of these CT meters can be hardwired, but mostly they are not.

 

[turboy]

I DON'T WANT wifi signals in my house.
Anyone succeeded on it? (like removing wifi antenna phisically or via software)

 

[BGbreeder]

I DON'T WANT wifi signals in my house.
Anyone succeeded on it? (like removing wifi antenna phisically or via software)

Quick way: Wrap your gateway in multiple layers of grounded aluminum foil. You will need to install ethernet to the gateway first, or you will violate your Tesla warranties, as Tesla requires a way to get data from your installation and update it.

To keep your neighbor's WiFi out, you need to do something like embedding grounded fine copper mesh in all of your outside walls, and roof (or install a standing seam metal roof), and have grounded gold film installed on your windows. It will help reject most types of radio signals, such as WiFi. Your radios, and cellphones won't work, but that probably isn't an issue of concern, is it?

 

[Kram_uk]

Bit of a thread revival, but this seems an appropriate thread.

Did anyone find out if this could be soft disabled or at least changed so it’s not presenting a network based on tkip as opposed to something better such as WPA2-PSK AES?

Thanks

 

[BGbreeder]

Bit of a thread revival, but this seems an appropriate thread.

Did anyone find out if this could be soft disabled or at least changed so it’s not presenting a network based on tkip as opposed to something better such as WPA2-PSK AES?

Thanks

What is your desired goal here?

 

[Kram_uk]

What is your desired goal here?

Not have a WiFi network broadcasting with weak security (TKIP can be broken in approx 1 minute) that could allow someone onto the wired network.

Upping it to WPA 2 or 3 PSK using AES would be acceptable (and frankly what I’d be expecting from the factory).

Off would be acceptable, but obviously easier to have it on but secure in a power cut to monitor the PW.

 

[offandonagain]

Not have a WiFi network broadcasting with weak security (TKIP can be broken in approx 1 minute) that could allow someone onto the wired network.

The TEG network doesn't have access to your home network or internet -- it's a private network just for the gateway. If you wanted to improve security there, you'd have to start by making sure the password and qr-code are not printed on a label outside, and make sure the password is stronger. But the limited access and proximity requirement make this a non-issue, in my opinion.

 

[BGbreeder]

Not have a WiFi network broadcasting with weak security (TKIP can be broken in approx 1 minute) that could allow someone onto the wired network.

Upping it to WPA 2 or 3 PSK using AES would be acceptable (and frankly what I’d be expecting from the factory).

Off would be acceptable, but obviously easier to have it on but secure in a power cut to monitor the PW.

Yes, that would be desirable, but Tesla doesn't have that AFAIK. I do think it is prudent to assume that devices will be hacked into, though not necessarily just from WiFi.

Plan A would be to run a dedicated Ethernet cable to the Gateway. Once a link is established over the wired LAN, it is generally the case that WiFi is to be ignored, and supposedly the case with the case of Tesla gateways, though I haven't probed it.

Plan B would be a router with a locked down SSID/VLAN specific to the Powerwalls. Yes, someone could hack into it, and change settings, if they had access to the WiFi signal, but it reduces the envelope. You could also, with an appropriate router, restrict the protocols and domains allowed.

There is no reason why you could not do both Plan A and restricting allowed protocols and connections.

Most IoT items tend not to have security that is either very strong, or well maintained, or even terribly well designed to be maintained.

All the best,

BG

 

[Kram_uk]

It’s on a wired network, with 802.11x and in a DMZ…. But I worry that whilst TEG might be gateway only, there might be a way to bounce via the weak WiFi network and find your way onto the home network.

TBH Best thing would be a Tesla s/ware update that improved from TKIP

 

[BGbreeder]

It’s on a wired network, with 802.11x and in a DMZ…. But I worry that whilst TEG might be gateway only, there might be a way to bounce via the weak WiFi network and find your way onto the home network.

TBH Best thing would be a Tesla s/ware update that improved from TKIP

You have taken some reasonable steps in my view. While it is not an unreasonable concern for some people, but given that someone would have to have access to something within WiFi range to pull it off, it does limit potential attacks to being near by. If this a serious concern, there are a variety of ways to mitigate it, but I'm not going to discuss them in a public forum for obvious reasons. Sorry about that.

All the best,

BG

 

[Kram_uk]

You have taken some reasonable steps in my view. While it is not an unreasonable concern for some people, but given that someone would have to have access to something within WiFi range to pull it off, it does limit potential attacks to being near by. If this a serious concern, there are a variety of ways to mitigate it, but I'm not going to discuss them in a public forum for obvious reasons. Sorry about that.

All the best,

BG

I get that.

As tkip is now so weak and in many areas there are loads of networks in range, it’s only a matter of time and IMHO a problem for the GW2 and Tesla.

The GW2 is new enough to use chips that support wpa2 aes, the very least to be done would be a firmware update to enable the modern encryption.

Not perfect, but way better.

Wonder if I can find an old gateway2 and find components, pin outs and try adding physical switches.

 

[miimura]

If you don't want anyone to use the WiFi (including yourself), unscrew the antenna cable from the Gateway computer. That would greatly reduce the chance of anyone accessing it. They would have to walk up next to the box to get enough signal.

 

[Kram_uk]

If you don't want anyone to use the WiFi (including yourself), unscrew the antenna cable from the Gateway computer. That would greatly reduce the chance of anyone accessing it. They would have to walk up next to the box to get enough signal.

I’d like to be able to use it in the event of a power cut to monitor the gateway. But otherwise that’s a solution if they’re obvious. Far better would be a Tesla s/ware update mind

 

[BGbreeder]

I’d like to be able to use it in the event of a power cut to monitor the gateway. But otherwise that’s a solution if they’re obvious. Far better would be a Tesla s/ware update mind

Well, if you keep the antenna cable, you would be able to use WiFi, if you need it.