Startling Security Report Finds Solar Power Systems Are Ripe For Hacking

startling security report finds solar power systems are ripe for hacking
If you have a solar roof and power management system, you might be vulnerable to a cyberattack depending on how the system was implemented. However, this problem is not limited to solar but also includes wind and hydroelectric systems connected to the internet, which all make juicy targets for a threat actor.

Researchers at Cyble have become increasingly concerned about the expansive growth and interconnectedness of domestic green energy solutions. The group reports that threat actors might exploit vulnerabilities or misconfigurations of the interconnections in times of conflict or heightened tensions.

exposure startling security report finds solar power systems are ripe for hacking 708

These sorts of attacks, if widespread, might lead to “destabilizing the targeted region, inflicting economic disruption, undermining energy security, and securing a strategic advantage." This is entirely possible, too, as the researchers discovered 130,000 internet-exposed photovoltaic diagnostic and monitoring systems globally, or in other words, many solar systems alone are exposed to the internet, ignoring wind and hydroelectric systems entirely.

accessed panels startling security report finds solar power systems are ripe for hacking
These are a sample of the web panels that the researchers accessed in their hunting.

Setting aside the concerns about domestic power systems, this also highlights similar concerns regarding commercial systems that power homes that have not yet gone green. As we get into summer, an attacker could abuse the power grid, which will already be running thin, by controlling smart home devices to fluctuate power requirements. This could cause many problems, as the U.S. Government Accountability Office suggested in 2022.

Cybersecurity not only threatens our homes but that which provides them with power, water, and other essential services. We are generally wholly unprepared for these attacks, which could have lethal consequences given good malicious timing. Of course, you can do your part to keep systems up to date and, if possible, offline.