‘Rogue’ devices found in Chinese solar inverters raises cybersecurity alarm in Europe
‘Rogue’ devices found in Chinese solar inverters raises cybersecurity alarm in Europe
US energy officials have found unexplained communication equipment inside some Chinese-made inverter devices.
US energy officials have found unexplained communication equipment inside some Chinese-made inverter devices.
[...]
Reuters reported the presence of undocumented and “rogue” communication devices in a number of Chinese-made solar inverters. These could potentially introduce unregulated and undocumented remote communication channels to the inverters, by which an actor could remotely bypass the cybersecurity firewalls that utility companies use to prevent direct communication back to China.
[...]
Ok, what are European vendors for inverters? I really want solar, but I would prefer local vendors.
Fronius is Austrian and there are a few others but none producing microinverters that I’m aware of. If you are doing an install with no shading issues during the day, regular inverters are preferable though since the costs are cheaper and there’s no DC-AC-DC loss if you include a battery backup.
Fronius, SMA, Victron.
The unfortunate bit is that apparently e.g. Huawei inverters are extremely reliable, whereas e.g. cheaper SMA models are not.
Victron
Not naming the manufacturers is very disappointing
Not naming the manufacturers is very disappointing
It is. So I looked it up:
According to the info I found, Huawei battery systems, and concerning solar panel electricity invertors they mentioned Sungrow, Growatt, and SMA. Growatt has arranged a patch, they claim.
Many of these Chinese systems have little to none (security) updates.
What makes you believe that those software issues from a month ago are in any way related to the undocumented communication hardware found now?
Spain reconsiders possibility of hackers causing blackouts
The possibility of the blackouts being caused by a cyberattack was immediately considered, though the grid operators in Spain and Portugal both said at the time there was no evidence of hacking, a point that was echoed by authorities and politicians.
Now, reports suggest Spanish authorities are investigating whether smaller power generators were a weak link that was exploited by cyber criminals to target the electricity grid, according to the Financial Times ...
[The original FT article is behind a paywall.]
It doesnt have to be a "cyberattack" for it to be the fault of chinese inverters. There have been plenty of cases of faulty automatic firmware updates bricking all online inverters of a brand at the same time. Thats why you always cut those things off from the internet and set up your own monitoring.
It's not as fun and exciting James Bond shit when a supply-chain attack happens too close to home, huh? At least it didn't explode in anyones faces.
Or pockets...
Hmmm. Unnamed "people" of some unnamed US spook organization find rogue devices in an undisclosed number of Chinese solar inverters and batteries of not named brands which alerts Europe. Smells fishy.
Hmmm. Unnamed “people” of some unnamed US spook organization find rogue devices in an undisclosed number of Chinese solar inverters and batteries of not named brands which alerts Europe. Smells fishy.
100% after no evidence ever emerged about the supermicro motherboards with supposed spy chips on them.... and everyone that actually bought them called bullshit, we should maintain a healthy degree of scepticism.
extraordinary claims require extraordinary evidence... but really any evidence would be nice.
fuck china, taiwan ftw :D
Unnamed "people" of some unnamed US spook organization
People employed by a state actor to screen hardware (or closely related to screening) probably aren't supposed to leak stuff like this. Nobody wants a potential adversary knowing what you do/do not know.
rogue devices in an undisclosed number of Chinese solar inverters and batteries of not named brands
Again, there's no benefit to telling, especially when this could tie back to a leaker. How could they disclose a number? They deconstruct a sample selection, not every single one that's installed. What would the public even do with brand information? Throw away the commercial utility grade inverters tied into their nonexistent home grid?
which alerts Europe
Spain just had a very public massive grid failure. Even if they don't trust the US diplomatically, they could very easily take this info and verify it on their own devices.
Every smart car on the road has a backdoor killswitch and GPS tracking, "just in case" it needs to be used against a private individual. You think a state actor supplying 30-40% of the global market (allies and adversaries alike) wouldn't do the same thing?
Wtf
China has been doing this in a lot of hardware. It’s a huge national security risk to not screen inbound hardware for problems, but doesn’t really happen because that would be a monumental task.
Hell, look at what Israel did with those pagers. It’s crazy to think that other nations haven’t been putting malicious packages in their electronics as well.
Imagine what all they are cramming into their EVs.