Common Solar Power Systems Found Vulnerable to Hacking
Image courtesy of Jonathan Cutrer under Attribution-NonCommercial 2.0 Generic License, resized to 700 x 391 pixels.
Millions of solar power systems worldwide have been found to be highly vulnerable to being hacked, according to researchers at cybersecurity company Bitfender. According to the researchers, over 195 GW, or 20% of worldwide solar power production, is it at risk. That’s certainly a big slice of the pie.
What the Vulnerable Solar Power Systems Have in Common
The photovoltaic system management platforms from 2 companies were analyzed – Chinese companies Solarman and Deye. The researchers found numerous security holes, but interestingly, the solutions are interconnected as both solutions share multiple components, such as inverters which convert DC electricity to AC so the output can be synched with the power grid.
The team identified a variety of different security holes that could be exploited for different purposes, such as taking control of any account on the platform, reusing tokens across platforms, modifying parameters and manipulating inverters, and gaining access to sensitive and/or personal information to name just a few.
These are serious problems, and any successful malicious cyber penetration could spell disaster. There are several possible outcomes of an exploitation, including (but not limited to):
- Hackers could gain full control of accounts and inverters which could lead to voltage fluctuations and/or localized outages.
- Hackers could gain access to sensitive or confidential information about users and organizations, opening the door to information harvesting, targeted phishing attacks or other malicious activities.
- Hackers could purposefully cause operational disruptions designed to destabilize the grid and cause widespread blackouts.
The research team has launched an outreach campaign to communicate the vulnerabilities to vendors and customers. Obviously, because these solar power systems are so common, reaching everybody will be an extremely daunting task, but I suppose you have to start somewhere. And of course, you also have to have a top-notch cybersecurity or emergency preparedness plan that everyone has been trained on and is prepared to follow.