Solar power equipment vulnerable to hacks
The three largest manufacturers of solar inverters have been found vulnerable to remote sabotage that could have produced large-scale power outages if exploited. It’s lucky that a cybersecurity firm identified the vulnerabilities and the firms have fixed the problems before the U.S.’ adversaries had a chance to use them.
Of the six companies evaluated by the report, three — Sungrow, SMA, and Growatt — demonstrated vulnerabilities in their solar panel inverters, which convert the direct current (DC) generated by the panel to the alternating current (AC) used in homes and businesses. These three are 32 percent of global market share of inverters and both Sungrow and Growatt are headquartered in China.
Cybersecurity Dive reports:
The flaws — which range from information leakage to buffer overflows to defects in website code — could let hackers collect details about the equipment and its users, inject data into web portals and even overwrite devices’ firmware with malicious code…
Growatt inverters were especially vulnerable because of basic flaws in the company’s cloud platform, according to the report. These flaws would have allowed hackers to steal information about Growatt devices and even modify them without logging in to the portal. One vulnerability allowed an attacker to “upload arbitrary files” to the platform, Forescout said, while another exposed lists of authorized users.
These kinds of vulnerabilities can alter the electricity load by cranking down the inverters and causing temporary blackouts, as well as allowing hackers to harvest user data and violate privacy, hijack smart home devices, or alter energy production to manipulate energy prices. (For the interested reader, see the report’s Section 4 and 5 for the technical description of what these attacks could entail).
Rising threats to renewables equipment are “an obvious concern for national security” because of their “potential impact on grid stability,” especially because “the vast majority of solar power system components are manufactured in China.” The European inverter manufacturer, SMA, and Chinese Sungrow “patched all the issues reported,” quickly, but Growatt fixed the issues far more slowly and were difficult to get in touch with.
It’s just one more risk that solar poses to the grid, but it’s a good thing that the vulnerabilities were fixed this time around.