Energy systems are vulnerable to cyberattacks. It seems that PV systems are part of the pack. I wonder if the Chinese know this?
Dutch hacker was able to take over 4 million solar panel systems in 150 countries
Solar panels supply direct current, which is converted into alternating current before it can enter the power grid. This requires an inverter. Multiple solar panels are often connected to such an inverter, but with Enphase systems each solar panel has its own micro-inverter. At Enphase you, as a customer, can put together your own system. You can then manage this via your account; you can also outsource that management to someone else.
Boonstra discovered an error in the software that allowed someone to make themselves the administrator of other accounts. To test this, he purchased two systems from Enphase and created two administrator accounts. It turned out that his first account could also control his second account, without his permission. 'I then created twenty other accounts and had them all controlled from the first account…
That wasn’t all. With his colleague Hidde Smit, Boonstra also examined the firmware – the operating system – of Enphases devices. If you can change that firmware, you have full control over the devices. They found six vulnerabilities in it. Boonstra and Smit could have written an algorithm capable of infecting millions of solar panel systems worldwide with malware, and then let them do whatever they wanted.
Boostra is an ethical hacker and has won many awards for finding security holes in governmental agencies. I’m glad that there are good people looking for the holes, because everything that uses software has holes.
When one takes over a panel, what does one then do with it? Is there any benefit other than perhaps shutting it down so that someone doesn’t get power?
It could be used to help shut down a country’s power grid in time of conflict. There is also the possibility of ransomware. Remember the Colonial Pipeline incident in 2021?
Isn’t it basically a denial of service type attack? If you can’t access/use your inverters then you can’t get the power onto your grid. The more your grid relies on solar the more trouble you have avoiding an outage.
When I got my solar panels I declined the $500 (??) option to get the WiFi feature. The only thing they said it did was allow you to monitor the performance via WiFi rather than just go look at the display on the inverter…not a turn on/off. Seems to me I always wanted it on, other than the safety requirement for auto-disconnect when the grid goes down to prevent back feeding the grid.
If there were some problem there is a manual switch on the inverter plus a big red handle disconnect from the grid.
I don’t know, but I would think that a utility has a standard way of communicating to their grid connect breakers that isn’t part of a single phase inverter