The Unseen Hand: The Security Risk Hiding in Your South African Solar System

You invested in solar power for independenceto take control of your energy, your costs, and your peace of mind during load-shedding. But what if that control was an illusion? What if, without your explicit knowledge, someone else had a digital key to your system?

This is the unsettling reality for thousands of South African households with solar installations. A MyBroadband reader discovered it only by accident. When he reported a battery issue, his installer casually mentioned they would “check in on the system remotely.” The homeowner was stunned. He had never been told this was possible, let alone that it was already happening.

The Default Setting You Never Agreed To

The heart of the issue lies with two of the country’s most popular inverter brands: Deye and SunSynk. To connect these systems to their cloud services for remote monitoring, the installation process requires the installer to register the system using a business app. This automatically makes them the “Owner” of the system in the digital realm.

The actual homeownerthe person who paid for the equipmentis then granted access as an “Administrator.” This hierarchy, designed for convenience, creates several alarming vulnerabilities.

The Hidden Dangers of a Shared Key

While having a trusted installer help in a pinch sounds good, this backdoor access poses real risks:

1. A Weak Link in Security: The installer’s business login is another gateway for cyberattackers. There’s no guarantee the small-to-medium installation company has robust cybersecurity to protect their master account details.

2. The Threat Within: A disgruntled employee with access could deliberately alter settings, potentially damaging your expensive batteries or inverter.

3. Hostage Situations: Unscrupulous installers could exploit their “Owner” status to lock you in, making it difficult or impossible to switch to a different company for maintenance without a fight.

One installer on Powerforum revealed he abandoned the SunSynk brand over this very policy, stating, “I’m not trying to create a hostage situation… The rights to allow changes and ownership of the plant should never be negotiable.”

How to Reclaim Your Digital Independence

Thankfully, you are not powerless. If you are uncomfortable with this arrangement, you have options:

• The Direct Approach: Contact your installer and politely but firmly request that they de-link your system from their business account. Both Deye and SunSynk have local support teams that can facilitate this, though you may need to provide your logger’s serial number.

• Go Over Their Head: If the installer is uncooperative, you can contact the manufacturers directly:

  • Deye: Email service.deye.com.cn or call 010 499 1668

  • SunSynk: Email [email protected] or call 010 100 3589

• The Ultimate Solution: Cut the Cloud Cord: For maximum security and control, you can bypass the manufacturer’s cloud entirely. Replace the Deye or SunSynk dongle with a local system like Solar Assistant or Home Assistant.

These systems use a small Raspberry Pi computer connected directly to your inverter. They give you full, cloudless monitoring and control via your home network, with no third-party intermediary. Solar Assistant is a popular, pre-configured option, while Home Assistant is more affordable but requires more technical setup.

Your solar system is a major investment in your family’s comfort and security. Ensuring you have sole control over it isn’t just about privacyit’s about protecting that investment and the independence you sought in the first place.