Attackers Could Hack Smart Solar Systems and Cause Serious Damages
The world's increasing reliance on solar energy has raised concerns about the security of smart solar systems. As the demand for renewable energy grows, hackers have revealed security flaws in rooftop installations and solar power plants worldwide, exposing risks to national power grids.
Hacking Smart Solar Systems: A Growing Concern
According to experts, weak or default passwords expose solar plants to cyber threats, allowing remote control over power systems and risking grid security. Aditya K Sood, a white hat hacker, demonstrated how easy it is to gain access to a remote dashboard for a solar power plant in India using a weak password.
"There it goes," says Aditya K Sood as the remote dashboard for a solar power plant in India appears on his screen. The US-based hacker explained that control consoles for smart solar systems are often poorly protected or configured with weak or default passwords."
The Risks of Cyber Attacks
Cyber experts warn that if threat actors manipulate the power those plants feed into the European power grid, they could cause blackouts. Andreas Ulbig, a researcher at RWTH technical university in Aachen (Germany), emphasizes that digitizing Europe's power grid is crucial for transitioning from large thermal plants to millions of renewable energy units.
"Threat actors could compromise smart grids, potentially causing blackouts," says Ulbig. "However, coordinating enough attacks to trigger safety protocols would be difficult."
The Vulnerabilities of Smart Solar Systems
Experts point out that the majority of smart solar systems support cloud-based remote monitoring provided by multiple vendors. One such provider is the Chinese company Solarman PV, which monitors 195 GW of solar capacity across 190 countries, about 10% of the global total.
In August 2024, Bitdefender found a major bug in Solarman PV's software, exposing all client connections. They demonstrated how to get access to systems in the United States."
The Consequences of Cyber Attacks
"If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing blackouts," says Aditya K Sood.
Recent cyber attacks on EU critical infrastructure have highlighted the need for improved security measures. In September 2024, the pro-Russian hacktivist group Just Evil and the nation-state actor Beregini launched a coordinated cyberattack on Lithuanian energy infrastructure."
A Call to Action
Experts urge policymakers and industry leaders to take immediate action to address these security flaws and protect the global power grid from cyber threats. As the demand for solar energy continues to grow, it is essential that we prioritize the security of smart solar systems.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon (SecurityAffairs – hacking, smart solar systems)