Malicious communication devices discovered in solar inverters in the USA
Following the discovery of unknown communication devices in Chinese solar inverters, US energy authorities want to reassess their risk.
(Image: west cowboy/Shutterstock.com)
During the investigation of inverters from China by experts in the USA, undocumented communication devices were found in some devices. According to media reports, US energy authorities want to reassess the risk of these Chinese inverters.
In its report, the Reuters agency refers to two people familiar with the matter. Electronics experts involved in dismantling and analyzing electronic equipment had come across the undocumented communication units in the solar inverters. In the past nine months, undocumented communication devices such as mobile communication devices have also been found in some batteries from several Chinese equipment manufacturers.
Inverters in use everywhere
Such inverters, most of which are manufactured in China, are ubiquitous: they connect solar panels and wind turbines to the electrical grid and can also be found in batteries, heat pumps and electric car chargers. Most of these devices have built-in network connectivity to enable updates and maintenance, for example. However, many companies and private individuals rely on firewalls to block this communication with the manufacturer in China, for example.
The malicious components open up additional undocumented communication channels that allow firewalls to be bypassed, with potentially catastrophic consequences, writes Reuters. “Using the malicious communication devices to bypass firewalls and remotely shut down inverters or change their settings could destabilize power grids, damage energy infrastructure and trigger widespread blackouts, according to experts,” the agency further discusses.
Videos by heise
One of the two informants told Reuters: “This means that the bottom line is that there is a built-in way to physically destroy the power grid.” However, neither informant wanted to name the Chinese manufacturers of the inverters, nor how many manipulated devices they had found in total.
The US government has not publicly confirmed the findings. However, a spokesperson for the U.S. Department of Energy said, “While this function has no malicious intent, it is critical for procurers to know exactly the capabilities of the products they receive.” However, the Department stated that it continually assesses the risks associated with new technologies. It acknowledged that there were significant issues with manufacturers' disclosure and documentation of capabilities.
Security concerns in Germany too
There are also concerns in Germany due to the sheer volume of Chinese inverters. During the legislative process for the “Solar Peak Act” at the beginning of the year, attention was also focused on the manufacturer clouds. The German Federal Office for Information Security (BSI) told BR that “the central government in Beijing could exert direct influence on a system-relevant part of the German power supply” via the internet-enabled components of solar systems.
However, malicious actors and (state) cyber gangs could attack some of the numerous security vulnerabilities in photovoltaic systems and thus endanger the power grids.
(dmk)
