Published on: October 18, 2024
Researchers with the cybersecurity company Bitdefender exposed major vulnerabilities within the largest solar grid in the world.
Solarman and Deye’s PV plant management platforms produce more than 20 percent of the world’s solar energy and are critical components of the country’s power grid. Solar grids are quickly replacing traditional energy methods and creating a network of green energy worldwide.
While this is excellent news when it comes to beating global warming, it also means that having weak cybersecurity defenses could become a national disaster. These solar panels are often decentralized and each company has its cybersecurity standards.
Bitdefender’s researchers found a series of vulnerabilities that if acted upon would allow a threat actor to control inverter settings, essentially putting the entire grid at their fingertips — Solarman’s plants alone power over 10 million devices in more than 190 countries. A successful hack against them could cause international damage.
With the discovery of these vulnerabilities, it’s not unfair to say that for a brief moment, Bitdefender controlled 20% of the world’s solar power. Needless to say, this glaring threat was immediately reported to Solarman and Deye’s PV back in May 2022.
After several months of internal investigations and fixes, both companies have completely resolved the issues. Bitdefender confirmed the fixes by re-testing the same methods they used to hack into the plants in the first place.
However, this glaring vulnerability comes with some security implications.
“While most of our previous findings have a serious impact on the individual or on the internet itself, the flaws detailed in this research are fundamentally different,” Bitdefender explains in a recent blog post. “Access to devices interacting with the grid can have devastating effects on the proper functioning of the grid itself.”
If hackers had exploited either company, they could have stolen sensitive information and attempted to ransom or sell it on the dark web.
“These vulnerabilities pose a significant threat to grid security,” Bitdefender said.