The author describes installing GivEnergy solar panels with a local network API for monitoring and control, bypassing cloud services. After experimenting with the API and generating a token, they find a potential security vulnerability due to the use of a 512-bit RSA key. They successfully crack the key, access multiple accounts, and alert the vendor, who promptly updates to a more secure 4096 bit RSA key. The author praises the vendor’s response and highlights the importance of secure cryptography practices in development. They advocate for dropping support for 512-bit RSA in major cryptography libraries.
https://rya.nc/vpp-hack.html