Photo credit: www.techradar.com
Insecure Solar Systems Enable Cybercriminal ActivitiesMillions of Solar Inverters at Risk from Cybersecurity VulnerabilitiesForescout – Vedere Reveals Security Flaws in Solar Systems
The rise in solar energy adoption has brought to light significant cybersecurity issues affecting inverters, cloud services, and monitoring systems. This creates a landscape where hackers can tamper with energy output, destabilize power grids, and access sensitive information, presenting considerable threats to the global energy framework, according to experts.
A report by Forescout – Vedere Labs uncovered 46 new cybersecurity vulnerabilities across three prominent solar inverter brands: Sungrow, Growatt, and SMA. Earlier analyses indicated that 80% of identified vulnerabilities were rated high or critical, with several attaining maximum CVSS scores, underscoring the severity of the risks.
In the last three years, an average of 10 new vulnerabilities have been reported each year. Alarmingly, 32% of these were associated with CVSS scores of 9.8 or 10, signifying that attackers could gain complete access to the affected systems.
Security Threats Linger Over Millions of Solar Power Systems
Many solar inverters are connected directly to the internet, making them prime targets for cyber threats. Hackers can take advantage of outdated firmware, weak authentication methods, and unencrypted data transmissions to seize control of these systems.
Vulnerabilities in APIs give attackers the opportunity to list user accounts, reset credentials to factory settings, and alter inverter configurations, potentially leading to power interruptions.
Furthermore, insecure object references and cross-site scripting (XSS) can lead to exposure of sensitive user information, including email addresses and energy usage details, posing risks of non-compliance with privacy laws like GDPR.
The repercussions of compromised inverters extend beyond potential instability in power supply; they can include data theft, financial fraud, and unauthorized access to smart home devices—some vulnerabilities even allow attackers to control electric vehicle chargers and smart plugs.
In addition, cybercriminals may manipulate inverter settings to influence energy prices or demand ransom payments for restoring access to systems. In response to these threats, the report advocates for manufacturers to focus on software patches, implement secure coding practices, and engage in regular penetration testing.
Utilizing Web Application Firewalls (WAFs) and following established cybersecurity frameworks like NIST IR 8259 can also be pivotal in reducing these security risks.
Regulatory bodies are encouraged to recognize solar inverters as critical infrastructure and implement security measures aligned with standards such as ETSI EN 303 645 to promote adherence to best practices.
For owners and operators of solar systems, enhancing security involves segregating solar devices onto distinct networks, enabling continuous security monitoring, and adhering to recommendations from entities like the U.S. Department of Energy to mitigate risks.
Additionally, implementing robust antivirus software will provide an important defense mechanism, while employing effective endpoint protection solutions can further shield connected devices from cyber threats targeting solar infrastructure.
Related Insights
Source
www.techradar.com