In the past, I read about the insecurity of Powerline adapters, but that is years ago. Surely they have this figured out by now. The box of my TP-Link set mentions AES-128, so it's probably a very simple AES-128-CBC with static keys between the adapters, which will do just fine.
Surely they have this figured out.
They haven't. I should have known.
So that's the story of how I accidentally multi-homed my Internet connection: when plugging in my newly purchased device, it instantly found the neighbours' device and picked an available uplink seemingly at random.
I bought a set of two powerline adapters from TP-Link, specifically the AV600 Powerline Wi-Fi Kit, consisting of a TL-PA4020Pv3 (gateway) and a TL-WPA4220v4 (access point). The gateway is plugged in near the router and connected via Ethernet. The access point also has an Ethernet port to connect to, and it emits a configurable Wi-Fi hotspot for your devices to connect to.
The protocol they use is HomePlug AV, seemingly also known as IEEE1901 (though the IEEE charges $449 to read this standard). If I understood things correctly, "Powerline" is the part of the HomePlug AV standard that is about actual networking over power lines.
After plugging in the devices and connecting the gateway over Ethernet, you can use the access point using a preconfigured SSID and password. I figured that since they were sold together, they were already paired in the factory (just like your car keys come specifically for your car), so it makes sense that it just works out of the box.
The quick installation guide does say to press the pair button on both devices, but it does not mention anything about this being necessary for security. By doing this, I would probably give an attacker a window of opportunity to pair themselves as part of the network, so I didn't do that.
The firmware version reported is 4.0.2 Build 20180308 Rel.37064. In case you're interested in the specifics,  is not identical but quite close.
On the status page you can see which devices are connected (their MAC addresses) and the link speed. The reported link speed seems to be generated using a random number generator, as they vary from zero to hundreds of megabits, while the actual speed is quite stable. Fun fact: when you plug the devices literally into each other (since the gateway is a pass-through power outlet), it reports a line speed roughly half of what is advertised on the box (it advertises a 600mbps powerline connection, while supporting 300mbps Wi-Fi and 100mbps LAN... go figure). I can understand that performance depends on many variables, but if it never reaches more than half the speed (and only on paper) under perfect (unrealistic) conditions, then it's just false advertising.
Under Device Settings -> Powerline, you can see the "Powerline key". I figured that would be the encryption key for either this device, or the network. You cannot change the key, unfortunately.
The Wi-Fi security settings are pretty standard and allow you to set WPA2-PSK with AES (or, if you so desire, WPA-PSK and TKIP -- which shows that it really enforces WPA2 and does not do WPA/WPA2 mixed mode, at least if you configure it correctly). Transmit power can be set to high/medium/low and it also supports a guest network (with optional host isolation, and you can disallow clients to use the management interface).
Many people online claim that the powerline signal almost certainly secure by default because it doesn't go through the power meter, but on top of that there is the AES encryption.
A whitepaper from "HomePlug® Powerline Alliance, Inc." from 2005 contains some diagrams clearly showing that all traffic first goes through a scrambler, and while it is not explained, elsewhere in the document there is a whole section on security explaining that all data is encrypted with AES-128. The security section also claims that "[i]n order to join an [powerline network], a station must obtain a Network Membership Key (NMK)." They mention a few deployment techniques:
The last deployment option is only secure in case of eavesdroppers, not in case of active attacks. In my device, a pairing does persists through power cycles, so a power outage does not reset your network to the default keys.
The administration interface does not allow me to enter a password for the network, so the most secure option is unavailable for my devices.
Since I haven't pressed the pair button and I haven't invited my device, I must be using the default key. Not that inviting another device claims to regenerate the NMK (so you'll just be sharing the default key with another device), but because I haven't done it I can be certain that I'm using the default key.
This default key is the exact opposite of the security claims, and it explains why I can see the neighbours' network without even trying to hack it: it is interfacing with compatible devices using the default key. (They don't even have the same device.)
Let me reiterate that: it just works with the default key instead of forcing people to press a single button a single time for the device's entire lifetime. And yet the box claims to be "encrypted" and "secure" by default... I'm not even using the same device as my neighbours, so it's not as if one manufacturer deployed the same encryption key by mistake or something.
My neighbours must also not have used the pair button because it worked by itself anyway. And even if you use the pair button, it does opportunistic encryption, though if I'm being honest, the risk there is quite low.
One notable piece of work is from Ben Tasker, who wrote in 2014 that the device key is derived from the MAC address. Looking at the algorithm, it seems that it is indeed trivial to generate. It seems that your devices' MAC addresses are visible to any device that can receive your signals, regardless of whether your network is using a secure NMK. As of December 2016, TP-Link claims to have fixed the issue that a device key is derivable from your MAC address.
What I don't like about this system is that it's closed. The specification is now publicly available (in 2014,  wrote that it cost $5000, though IEEE still thinks they can get $449 for it at the time of writing), but I cannot hook my laptop up to the network with some sort of network cable, nor can I construct a simple tap (e.g. using USB) that lets me listen in on the (encrypted) traffic. Because the devices (obviously) need power to function, I also can't isolate my network, for example by plugging both devices into a power strip without connecting the power strip to the mains, which would allow the devices to pair securely.
I've tried disconnecting the ground pins from the device, but the communication still works. It really uses the high-voltage line and not the ground line. Using ground would have made it a lot easier/safer to make equipment to inspect the traffic.
The only way for me to learn about the system is poking at a limited web interface, reading standards, and trying to ping the neighbours' router. And the only way to configure this securely is through a user-supplied password (not available for my devices) or authenticated public-key encryption (but authentication is unavailable).
If you do not manually secure your devices by using the high-tech and very complex method of "press the bloody pair button", your internal network is literally open for anyone close to your power line. For me in Germany, it goes through a meter that was newly installed a few months ago (when this building became multi-tenant), so I have little doubt that people across the street can also receive my connection. For a rule of thumb, I guess you could say that the reach is similar to having an open Wi-Fi network. Do you have a password on your Wi-Fi network? Then please also hit that pair button.
If you are looking for high security, though, be sure to check that your HomePlug®-compatible device supports setting an encryption key manually. I haven't even looked into the actual protocol because of the other major issues that would need to be fixed first, but if you can manually set a secure password, then maybe it can be considered a secure network.