Can Software-Defined Batteries be Hacked?

IoT, home security cameras, the AI overlord, Siri, Alexa, and software-defined everything sound great until you realize they’re all attack vectors for thieves, scammers, spies, and other unsavory characters. 

Recently, stories like this one about how Chinese solar equipment used by US solar farms comes “pre-hacked” with rogue communication devices and malware are getting attention. 

When it comes to solar power production, you can’t overlook the importance of battery energy storage systems (BESS). As solution manufacturers increasingly add software components to their equipment, shoddily executed implementations can create vulnerabilities that threat actors can exploit to infiltrate our critical infrastructure.

Since Tanktwo is synonymous with software-defined batteries (SDBs), you may wonder, “Can they come pre-hacked?”

The short answer is a definitive “No” because there is no known method to access our customers’ data and equipment if locked down, even if a hacker had access to all the designs, software, encryption keys, and even hardware through a supply chain attack.

So, how do we make that work? Here’s the longer story.

We’ve been on the cutting edge of cybersecurity developments since the beginning. We anticipated large-scale vulnerabilities in critical infrastructure becoming a problem and baked advanced countermeasures into our design. Security is integral to our software architecture, not an afterthought or bolt-on.

A core element of Tanktwo Battery Security is the secure enclave-based architecture. While we don’t believe in security through obscurity, we have not published all the details to avoid making the lives of the bad guys easier than necessary. However, we share all the details of the inner workings with interested and competent parties. To this day, it has survived all external analyses (including customers in the military sector).

>> Download the Tanktwo Battery Security white paper <<

Tanktwo’s secure enclave-based architecture 

Our approach to battery security is similar to Apple’s iOS security architecture. You might have heard about Apple’s Advanced Data Protection (ADP) and how the UK government wanted to force Apple to build a backdoor into iCloud and iMessage.

Apple responded that ADP is encryption, which is math, and there is no known math to break the encryption. It can’t give the UK government access to the devices in question because it doesn’t have access to the required information (i.e., the keys), and there’s no known method for brute-force access.

The UK government would have to force Apple to disable ADP if it were to access user information, essentially outlawing encryption. Apple got off the hook by saying the information that protects the data doesn’t go through the company. 

Our battery security architecture employs a similar mechanism.

We protect the Tanktwo SDB secure enclave with several software and hardware security layers. Grossly simplified, we hold single-use keys that allow our customers to write their own keys and encryption algorithms into a physical area of a chip ring-fenced by Tanktwo security enclave protection. 

In our most secure solution, the algorithms and keys allow for "write-only" and just once. It’s physically impossible to read the keys or the algorithms, as the hardware to read data off the chip does not exist. 

Also, we protect the write-once mechanisms with a “fuse,” a physical conductor on the chip that gets zapped at the end of the programming cycle. It is not only impossible to read the data. But you can’t write it a second time. This mechanism prevents an attacker from experimenting with rogue software — you must know what to do, as you only get one shot, after which the equipment will lock down for good.

A Tanktwo SDB system’s critical operations, including charging and discharging, changing routing, and collecting telemetry, are guarded by this secure enclave.

Additionally, all interfaces are rate-limited — we limit reads and writes into the secure enclave to around a dozen messages per second. If a persistent hacker were to attempt brute force access, it would take them the actual age of the universe times a billion to get lucky. 

We also have a flash-based system that allows rewrites for use cases that are less demanding than nuclear weapons.

So, Tanktwo’s SDBs are as locked down as theoretically possible using world-class cryptography. There are no known methods to break it, even if you have all the information, algorithms, understanding, money, access, and time in the world. 

The most security-conscious and capable customers have analyzed our architecture and found no flaws in its design. Tanktwo cannot access customers’ data and equipment if they choose not to share. 

Plus, our customers cannot access their own data unless they write down their algorithm and keys. But since they are the types that describe the security at Fort Knox as “cute,” we have reasons to believe the information isn’t on an oversized Post-it note on Fred’s monitor in accounting.