Cybersecurity Vulnerabilities Discovered in Solarman and Deye Solar Management Platforms
Recent investigations by cybersecurity experts have unveiled serious security flaws within the photovoltaic system management platforms operated by the Chinese firms Solarman and Deye. These vulnerabilities pose significant risks, potentially allowing malicious actors to disrupt operations and cause widespread power outages.
Researchers from Bitdefender, a Romanian cybersecurity company, have detailed their findings, indicating that if exploited, these vulnerabilities could grant attackers control over inverter settings integral to solar grid operations. This control could lead to cascading failures across portions of the electrical grid, raising the specter of blackouts. As reported, the vulnerabilities were disclosed responsibly by researchers to the companies in May 2024, and they have since been addressed as of July 2024.
The analysis highlighted multiple weaknesses in the two platforms, which could facilitate unauthorized account access and expose sensitive information. Among these issues, a notable concern is the potential for full account takeover through manipulation of authorization tokens via specific API endpoints. Additionally, vulnerabilities enabling the reuse of tokens and unintentional information disclosure were identified.
The report specifies several critical security risks, including the existence of hard-coded accounts allowing unrestricted device access and potential weaknesses in JWT management, which could empower attackers to generate unauthorized tokens. Such issues indicate a significant lapse in security protocols that are essential for safeguarding sensitive energy management systems.
If successfully exploited, these vulnerabilities could lead attackers to not only gain control over Solarman accounts but also to utilize Deye Cloud tokens to access these accounts unlawfully. This access could lead to the extraction of private data on registered organizations and insight into Deye devices.
Cybersecurity experts caution that attackers gaining such access can initiate disruption in solar power generation, with implications for grid stability. The potential for leakage of sensitive user information could also facilitate targeted phishing attacks and other malign activities. The researchers further emphasized the potential for attackers to modify inverter settings, resulting in serious disruptions to power distribution and threats to grid integrity.
According to the MITRE ATT&CK framework, the tactics relevant to this incident include initial access, where attackers might gain access through vulnerable APIs or misuse of tokens, and privilege escalation, allowing them to assume control over critical system settings. Persistent threats could arise from attackers leveraging these initial compromises to maintain control over compromised accounts and systems.
In summary, the recent findings underscore the pressing need for enhanced cybersecurity measures within solar energy management systems. As the reliance on renewable energy sources increases, ensuring robust security protocols will become even more crucial to protect infrastructure from evolving cyber threats.
For business owners managing energy systems, keeping abreast of such developments is essential to safeguard operations and mitigate potential losses related to cybersecurity incidents.
