Share this article on:
Researchers have discovered that 20 per cent of the world’s solar power output, equalling 195 gigawatts and enough to power the United States, has been vulnerable to a cyber attack.
Researchers from Bitdefender made the startling discovery after observing that solar devices were becoming increasingly visible on internet networks.
The vulnerabilities existed on solar power management platforms operated by Solarman and Deye that are used to oversee the production operations of solar installations.
Bitdefender revealed that the exploits would enable attackers to seize operation of the inverter settings, which are used to manage voltage levels and variability of solar output as it produces electricity for the grid.
As detailed in the recent report, Solarman API architecture is developed with multiple entry points in order to allow solar equipment to integrate into the Solarman photovoltaic monitoring and management platform.
However, the entry points created vulnerabilities for the platforms, with Bitdefender researchers finding that the Deye inverter and Solarman data logger had “severe security vulnerabilities” capable of taking down the grid.
The exploits on the Solarman platform would allow attackers to generate authorisation tokens for any account and allow Deye cloud users to gain access to the Solarman platform, while the Solarman API also exposed “excessive” data, including private details.
Meanwhile, vulnerabilities in the Deye platform included credentials, information leakage and authorisation token generation.
A spokesperson from Bitdefender has confirmed that the vulnerabilities were reported to the operators and fixed.
A recent release from the company detailed how cyber security poses a risk as countries continue on the journey to a renewable energy future.
“Integrating solar power into the grid offers immense benefits, but it also introduces attack surfaces that equipment makers must take into account. The security flaws found in the Deye and Solarman platforms highlight the need for robust cyber security in managing solar energy systems, as well as in general IoT set-ups,” the company said.
“Protecting the grid from cyber threats is crucial to ensuring reliable and secure power for all. As we continue to embrace renewable energy, we must also remain vigilant and proactive in securing our energy infrastructure against evolving threats.”
Liam Garman is the managing editor of professional services, real estate and security at Momentum Media. He began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed international media campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to writing on politics and business, and holds a Bachelor of Commerce from the University of Sydney and a Masters from UNSW Canberra with a thesis on postmodernism and media ecology.