Unfortunately, there is a security issue in the APP

Unfortunately, there is a security issue in the APP. You can deactivate the AC output in the APP without registration or a PIN query. Thus, anyone who has installed the APP can connect via Bluethooth and deactivate the AC output of my EP600. The same applies to my AC200 Max and my EB03, which I use as a UPS for my alarm system. In off-grid mode, you can turn off the power from the outside.

1 Like

Hi @Kbuettgen

i think that is not 100% true. At least for what i noticed so far.

To control the powerstation in the App, you need to scan a QR Code or type the Serial Number. No one can do this, when you dont have physical access to the unit.



Unfortunately not … I can scan and Connect the device via Bluetooth and see the power switch which I can turn off and on… I can do the same with an ESP32 where I install a small software (BLUETTI_ESP32)

Ahh, thats right. i also play with the Bluetti_MQTT Software and it let me connect via bluetooth without anything.

I understand why you concernd about this but lets face it. Bluetooth doesnt have that much range. In super perfect conditions maybe 10m in most cases maybe 5m. To abuse this, you need to be really close to the powerstation. Otherwise the connection dont will be really relyable.

Maybe there can be add a Software feature where you can set a pin for the bluetooth connection. Like the victron Solar chargers.

1 Like

:+1:… Yes, the function only needs to be stored in the IOT receiver

@BLUETTI Can you move this Topic to the “App Section”?

@BLUETTI will do it. For the opinion, I will give feedback to our relative department.

i can tell you much more, you can connect to any Bluetti device and control it over Internet (if device have built in WIFI)
you don’t need to scan qr code from device

i wrote about it to Bluetti support, but they don’t care about this issue

I also reported this to the German support

There is no GDPR violation, because you will get no personal data of customer, you can only control someones device

In order to check this, I would need to know how the control over the Internet works

You just need to know serail number of device, its not hard to get it you only need to brute it

The Range of the Bluetooth is amazing! im am sitting on the 1st Floor and die Box is Downstairs.
Without a pincode its not safe so far!
Anyone who knows the Victron app can tell a story about that.There is a pincode that must be change at the first time :-)

Greetings from Hamburg


@newvol We have addressed this issue. There will be an update in the near future. Please don’t worry.

1 Like