Recent research by Forescout Technologies has revealed 46 new vulnerabilities in solar power systems, particularly affecting three prominent manufacturers: Sungrow, Growatt, and SMA.
This discovery raises significant concerns regarding the stability of power grids and the security of utility operations, as well as consumer data privacy.
The report, titled “SUN:DOWN Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems,” indicates that 80% of vulnerabilities disclosed in the past three years were classified as high or critical severity, highlighting severe systemic weaknesses within the solar ecosystem.
Risks to Grid Stability and Consumer Safety
Barry Mainz, CEO of Forescout, emphasized the critical nature of these vulnerabilities, warning that compromised solar systems could have dire consequences.
For instance, hospitals might lose access to essential equipment, and families could experience heating or cooling shortages during extreme weather events.
The research underscores a growing trend where threat actors increasingly target critical infrastructure, making it essential to secure solar inverter systems before these vulnerabilities lead to real-world disruptions.
The identified vulnerabilities allow attackers to manipulate inverter settings and potentially take control of solar power systems.
For example, Growatt inverters are susceptible to cloud-based takeovers, enabling unauthorized access to user resources and devices.
Similarly, Sungrow inverters can be hijacked through insecure direct object references (IDORs) and hard-coded credentials, allowing attackers to execute remote code and gain full control over the devices.
Geopolitical Concerns and Vendor Responses
According to the Report, Forescout’s findings also raise concerns about geopolitical factors affecting solar supply chains, with over half of the manufacturers based in China.
This dominance prompts questions regarding national security and the integrity of foreign-made components in critical infrastructure.
In response to these findings, all affected vendors have reportedly patched the vulnerabilities through responsible disclosure practices.
Forescout’s Daniel dos Santos stressed that while solar power systems are becoming essential for global power grids, persistent security flaws pose threats to both grid stability and national security.
As renewable energy sources like solar power become more prevalent, ensuring robust cybersecurity for these systems is increasingly vital to maintaining grid stability and protecting against potential cyber threats.
Find this Story Interesting! Follow us on LinkedIn, and X to Get More Instant Updates
