Site icon Read Fanfictions | readfictional.com

Attacks on solar systems due to inverter security gap

The boom in balcony power plants and solar systems provides green energy in your own front yard. But a current investigation reveals significant IT security gaps in inverters from the market leader Hoymiles. Hundreds of thousands of systems across Europe are affected, which in the worst case can be manipulated remotely without authorization. The discoveries show how vulnerable the decentralized energy transition is currently.

A security researcher, working closely with the Chaos Computer Club (CCC), has demonstrated blatant defects in so-called microinverters. The weak points affect the widespread balcony and roof solar systems from the Chinese manufacturer Hoymiles. The company is not a small fish on the market, but claims to have a market share of 20 percent in Europe.

The affected components control the feed-in of the electricity generated and communicate completely unprotected over the radio frequencies of 868 megahertz and 2.4 gigahertz. Because basic security standards for data transmission are missing, large-scale exploitation of the vulnerabilities could result in sudden performance drops in the gigawatt range.

While the CCC classifies this as a systemic risk to the infrastructure, the supervisory authorities dismiss it. The reason is that the network operators could absorb these failures.

Why the security gaps in Hoymiles inverters are so dangerous

From a technical point of view, the whole thing works relatively simply because, according to the report, the supposedly secret digital keys for controlling the solar systems via Hoymiles inverters are completely unprotected. Only the serial number of the respective device serves as the secret key for remote control of the Hoymiles processors. Anyone who has this number basically already has access.

Through an undocumented firmware function, a so-called broadcast, every inverter in the area sends its own unencrypted serial number into the air. Attackers could intercept these IDs on the fly with minimal expertise and little cost. PV systems in entire neighborhoods could be manipulated using cheap components from specialist shops.

Once the serial number is intercepted, full control of the inverters can be taken. Unauthorized persons could then reconfigure the devices as they wish, delete the firmware completely or install malware in order to permanently physically destroy the hardware. The necessary attack hardware can even be easily mounted on a drone for coordinated attacks from the air.

The systemic risk to critical infrastructure

According to CCC, another drastic scenario arises from Hoymiles actively pushing customers into the cloud, from which theoretically hundreds of thousands of rooftop solar power plants could be switched off centrally from abroad. The rapid expansion of balcony solar systems is currently taking place in a kind of “Wild West manner”, in which providers who ignore fundamental IT security standards are tolerated.

Hoymiles reacted irritably or not at all as part of the responsible disclosure process (or “Responsible Disclosure”) and has not yet provided a security patch. State regulatory authorities also reject regulatory intervention. The authorities’ justification leaves an aftertaste: the network operators could simply absorb potential performance drops in an emergency. CCC spokesman Dirk Engling emphasized the urgency of the situation and assessed the case critically:

No more Wild West in IoT. This case is a practical lesson in why ‘critical infrastructure’ doesn’t just start with large power plants, but in the front yard. If thousands of systems can be switched off via broadcast, this is a systemic risk.

Security gaps in inverters: What operators can do

Anyone who operates an original Hoymiles data transmission unit (DTU) should set a strong password immediately. This creates at least a minimal hurdle for opportunistic attackers, but does not provide complete protection. The paradox is that a password does not prevent unauthorized installation of third-party firmware via the radio interface.

In view of this, the CCC is calling on the OpenDTU community and independent security researchers to jointly develop an open source patch or alternative firmware for the radio modules. The goal is a reliable solution based on real cryptography such as the Advanced Encryption Standard (AES). To maintain technological sovereignty, the control of energy systems must be permanently local and secure instead of depending on foreign cloud servers.

From now on, system operators should critically question the “black box” in their own power box, remain vigilant and, if possible, rely on transparent open source solutions. At the same time, politicians have a duty: The CCC is already calling for an EU-wide ban on market approval for devices that accept firmware updates via radio without authentication.

Also interesting:

Source link

Exit mobile version