Solar panel grids 'are vulnerable to remote hacking'

Researcher finds hacked inverters can control energy flow and overload a grid

Hackers could exploit a recently discovered flaw in solar panels to overload energy grids and create power cuts, according to new research.

Dutch researcher Willem Westerhof discovered 17 vulnerabilities in solar power inverters - hardware used to convert the energy gathered into useable electricity for the main grid.

The inverters, many of which are internet-connected, could be targeted by hackers, allowing them to remotely control the flow of power, according to the research.

Advertisement - Article continues below

Following the discovery, Westerhof performed a field test near Amsterdam of two inverters produced by German supplier SMA, where he was able to demonstrate the hack.

"If an attacker does that on a large scale, that has serious consequences for the power grid stability," said Westerhof, speaking to the BBC.

Westerhof first discovered the vulnerabilities when working on an undergraduate dissertation, and explained his further research at a security conference in the Netherlands on Monday. The full details of the hack have not been released in an effort to prevent malicious attacks.

Responding to the comments, SMA told IT Pro: "We would like to stress that SMA does not agree with him, as some of his statements are not correct or greatly exaggerated. The security of our devices has highest priority for SMA in all respects. We already assessed the mentioned issues on a technical basis and [we are working] intensively on the correction."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The company said that only four of its models were affected by the vulnerabilities, and that all other devices adhere to the latest security standards. Users are urged change their default passwords when the devices are installed.

"We will publish further technically detailed responses to Westerhoff's claims on our company website within the next couple of days," SMA said, adding that it was working on an official report on the security of its devices with the Dutch National Cyber Security Centre.

A UK government report published yesterday proposed huge fines for companies managing essential infrastructure, if their cyber security is found lacking. Under the Network and Information Systems directive (NIS), failure to implement adequate cyber security measures to thwart hacking attempts would result in fines of up to 17 million, or 4% of a company's global turnover.

The latest proposals are part of a 1.9 billion National Cyber Security Strategy, an effort by the government to shore up the UK's cyber defences and prevent attacks like May's WannaCry ransomware attack against the NHS.

Image: Bigstock

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/infrastructure/server-storage/355785/dell-emc-poweredge-r7525-review-an-epyc-core-density-to-make
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020