Skip to main content

Millions of solar power systems could be at risk of cyber attacks after researchers find flurry of vulnerabilities

Web Hosting & Remote IT Support
  • Insecure solar systems allow cybercriminals to steal data and ransom access
  • Millions of solar inverters remain vulnerable to severe cybersecurity threats
  • Forescout – Vedere uncover flaws allowing attackers to take full control over solar systems

The increasing use of solar power has exposed critical cybersecurity vulnerabilities in inverters, cloud computing services, and monitoring platforms, creating an insecure ecosystem where hackers can manipulate energy production, disrupt power grids, and steal sensitive data, posing serious risks to global energy infrastructure, experts have warned.

A study by Forescout – Vedere Labs identified 46 new vulnerabilities across three major solar inverter manufacturers, including Sungrow, Growatt, and SMA. Previous findings showed that 80% of reported vulnerabilities were high or critical in severity, with some reaching the highest CVSS scores.

Over the past three years, an average of 10 new vulnerabilities have been disclosed annually, with 32% carrying a CVSS score of 9.8 or 10, indicating that attackers could fully compromise affected systems.

Millions of solar power systems face security risks

Many solar inverters connect directly to the internet, making them easy targets for cybercriminals. Attackers can exploit outdated firmware, weak authentication mechanisms, and unencrypted data transmissions to gain control.

Exposed APIs allow hackers to enumerate user accounts, reset credentials (ideally stored in password managers) to default values, and manipulate inverter settings, leading to power disruptions.

Additionally, insecure object references and cross-site scripting (XSS) vulnerabilities could expose user emails, physical addresses, and energy consumption data, violating privacy regulations such as GDPR.

Beyond grid instability, compromised inverters create further risks, including data theft, financial manipulation, and smart home hijacking - some vulnerabilities allow attackers to take control of electric vehicle chargers and smart plugs.

Cybercriminals could also alter inverter settings to influence energy prices or demand ransom payments to restore system functionality. As a result, the report recommends that manufacturers should prioritize patches, adopt secure coding practices, and conduct regular penetration testing.

Implementing Web Application Firewalls (WAFs) and adhering to cybersecurity frameworks like NIST IR 8259 could help mitigate risks.

Regulators are also urged to classify solar inverters as critical infrastructure and enforce security standards such as ETSI EN 303 645 to ensure compliance with best practices.

For solar system owners and operators, securing installations requires isolating solar devices on separate networks, enabling security monitoring, and following guidelines from organizations like the U.S. Department of Energy to reduce risks.

Installing the best antivirus software adds an extra layer of defense against threats, while deploying the best endpoint protection solutions further safeguards connected devices from cyberattacks targeting solar infrastructure.

You may also like



via Hosting & Support
Labels:

Comments

Post a Comment

Web Hosting
Remote IT Support
Sites & Socials
Computing Handbook - $9.95

Popular posts from this blog

Microsoft, Google, and Meta have borrowed EV tech for the next big thing in data centers: 1MW watercooled racks

Web Hosting & Remote IT Support Liquid cooling isn't optional anymore, it's the only way to survive AI's thermal onslaught The jump to 400VDC borrows heavily from electric vehicle supply chains and design logic Google’s TPU supercomputers now run at gigawatt scale with 99.999% uptime As demand for artificial intelligence workloads intensifies, the physical infrastructure of data centers is undergoing rapid and radical transformation. The likes of Google, Microsoft, and Meta are now drawing on technologies initially developed for electric vehicles (EVs), particularly 400VDC systems, to address the dual challenges of high-density power delivery and thermal management. The emerging vision is of data center racks capable of delivering up to 1 megawatt of power, paired with liquid cooling systems engineered to manage the resulting heat. Borrowing EV technology for data center evolution The shift to 400VDC power distribution marks a decisive break from legacy sy...
Post a Comment
Read more

Google’s AI Mode can explain what you’re seeing even if you can’t

Web Hosting & Remote IT Support Google’s AI Mode now lets users upload images and photos to go with text queries The feature combines Google Gemini and Lens AI Mode can understand entire scenes, not just objects Google is adding a new dimension to its experimental AI Mode by connecting Google Lens's visual abilities with Gemini . AI Mode is a part of Google Search that can break down complex topics, compare options, and suggest follow-ups. Now, that search includes uploaded images and photos taken on your smartphone. The result is a way to search through images the way you would text but with much more complex and detailed answers than just putting a picture into reverse image search. You can literally snap a photo of a weird-looking kitchen tool and ask, “What is this, and how do I use it?” and get a helpful answer, complete with shopping links and YouTube demos. AI Eyes If you take a picture of a bookshelf, a plate of food, or the chaotic interior of your junk...
Post a Comment
Read more

Passing the torch to a new era of open source technology

Web Hosting & Remote IT Support The practice of developing publicly accessible technologies and preventing monopolies of privately-owned, closed-source infrastructure was a pivotal technological movement in the 1990s and 2000s. The open source software movement was viewed at the time as a form of ‘digital civil duty’, democratizing access to technology. However, while the movement's ethos underpins much of today’s technological landscape, its evolution has proven to be a challenge for its pioneers. Hurdles Facing Young Developers Open source models successfully paved a path for the development of a multitude of technologies, cultivating a culture of knowledge sharing, collaboration , and community along the way. Unfortunately, monetizing such projects has always been a challenge, and ensuring contributors are compensated for their contributions working on them, even more so. On the other hand, closed-source projects offer greater control, security, and competitive advant...
Post a Comment
Read more