A Dutch researcher recently acknowledged around 21 vulnerabilities in solar panel equipment in Spain, allowing computer hackers to target electricity grids. Willem Westerhof, who is a cyber-security researcher at ITsec, defined these susceptibilities at the SHA2017 security conference in the Netherlands.
The flaws were found in inverters, which are supposed to convert electricity produced by solar panels. If connected to internet, these security flaws makes it easy for the hackers to target the electricity grids. Although, manufacturers accepted that only a small portion of their devices were affected. Willem carried out a field test at the inverters manufactured by a German company SMA Solar Technology, which had photo voltaic (PV) fittings connected to the power grid besides their accessories contains the security flaw making it possible for the hacker to remotely control the devices and change the flow of power.
Hackers to Gain Power Control
He told that there is above 90 GigaWatts of PV power installed in Europe. If the attacker controls the flow of power from many of these devices, it could cause fluctuations of quite a lot of GW, triggering huge balancing issues leading to extensive power outages. Since energy devices on the grid requires to balance supply with demand, straining the system can result in a power cut or blackouts.
He warned that if a hacker executes these attacks successfully on a large scale, it is expected to have serious consequences as the power grid instability will cost billions of euros, impacting millions of lives. In response to the claims, SMA Solar technology exclaimed the vulnerability of only four of its models and advised the users to change the default passwords when the models were installed. The company further added that since the inverters are not connected to the internet, there is no requirement of doing so.
Partnering with Dutch Cyberforces
The German company is also working on a report to publish in response to the accusation by teaming up with the Dutch National Cyber Security Centre, and is determined to correct the issues addressed.
Cyber-security researchers at F-Secure have also confirmed the attacks were real, although, also agreed with SMA that not all inverters are susceptible to such attacks. They also mentioned that manufacturers seems to be pushing away from their responsibility by asking users to change the password. Westerhof learned about these security flaws while working on an undergraduate thesis, and later decided not to issue full details to avoid encouraging spiteful hackers.