Solar Power Infrastructure Exposed to Cyber Threats

In a recent analysis, researchers have uncovered critical security vulnerabilities in leading solar inverters produced by companies such as Sungrow, Growatt, and SMA. These devices, which are fundamental for converting the direct current from solar panels into the alternating current compatible with commercial grids, are now found to have weaknesses that could be exploited by hackers to disrupt power generation and jeopardize grid stability.

A detailed examination by Forescout’s Vedere Labs of these solar power devices has indicated that these inverters represent approximately one-third of the global photovoltaic inverter market. The identified vulnerabilities include unauthorized remote access, insecure authentication protocols, and the risk of remote code execution. The research suggests that an attacker able to control a substantial number of these inverters could potentially generate enough instability to disrupt the associated power grids.

Attackers could manipulate the operation of these inverters, turning them on or off at will. Such an attack scenario appears to be particularly feasible with Growatt inverters, as their cloud services provide access to critical configuration settings. Control over a significant number of inverters could allow a malicious actor to orchestrate resonance manipulation, potentially resulting in frequency fluctuations that lead to grid failures.

In addition to these broader vulnerabilities, certain Sungrow inverters exhibit weaknesses related to insecure direct object references in their application programming interfaces. This flaw could allow attackers unauthorized access to vital firmware files. Unfortunately, due to inadequate input sanitization on the cloud infrastructure, researchers discovered that remote command execution could be achieved merely by altering the file extension of malicious software.

The reality of cyberattacks capable of crippling power infrastructure has moved beyond hypothetical risks, particularly highlighted by past incidents such as the 2015 Ukrainian power grid attack attributed to Russian state-sponsored hackers, which left substantial portions of the population in the dark. The ongoing threat has raised alarms regarding the susceptibility of the U.S. power grid to similar assaults.

Forescout’s findings also reveal that over half of solar inverter manufacturers, along with 58% of energy storage system companies, are based in China, raising concerns about potential vulnerabilities in supply chains. In 2024, the FBI issued a warning pointing to an increase in cyber threats aimed at the renewable energy sector as it gains greater prominence in energy production. While attempts to disrupt solar energy generation through hacking have yet to succeed significantly, the continuous discovery of vulnerabilities suggests that this is an ongoing risk that businesses need to monitor closely.

The report emphasizes various vulnerabilities that threaten grid security. Among these, high-severity flaws include those affecting remote code execution capabilities, privilege escalation issues, and critical command injection vulnerabilities in solar energy management platforms. As businesses strive to adopt renewable energy solutions, they must remain vigilant about the security implications associated with this transition.

Notably, the MITRE ATT&CK framework can shed light on adversary tactics that may have been leveraged in these attacks. Potential techniques could include initial access through exploitation of vulnerabilities, persistence via maintaining control over compromised systems, and privilege escalation to gain higher levels of access, underscoring the multidimensional threat landscape faced by the energy sector in a digital age.