Willem Westerhof, a Dutch security researcher at the security firm ITsec has found a serious vulnerability in a component of solar panels that could be exploited by hackers to cause widespread outages in European power grids.
The vulnerability resides in the inverters that are the components of solar panels used to convert direct current to alternating current.
The vulnerabilities affect the inverters manufactured by the German market leader SMA. Westerhof reported the issued to the company in December 2016, and SMA invited him to discuss his findings. Unfortunately, after six months nothing is changed and the SMA still hasn’t solved the issue.
Westerhof has published a detailed analysis of the vulnerability and of the attack scenario that was dubbed by the expert Horus Scenario, after the Egyptian deity.
According to the Dutch newspaper Volkskrant, Westerhof claims that the security flaw affects thousands of Internet-connected inverters used in European power grids.
The attack scenario hypothesized by the expert is disconcerting, it sees hackers taking control of a large number of inverters and switch them off simultaneously. The attack can cause a huge power outage in large parts of Europe.
According to a research conducted by Westerhof, vulnerable solar panels manage around 17 gigawatts of power, clearly, a successful cyber attack could have a catastrophic effect.
Volkskrant reports that in 2006, more than 10 million people were left in the dark after a power shortage in Germany triggered blackouts across western Europe late Saturday night. Many capital cities were affected by the outage, including Paris and Madrid spent hours without power because of that incident.
The German power grid had to deal with a five-gigawatt shortage, while the attack scenario presented by Westerhof could cause a 17-gigawatt shortage, more than three times greater.
SMA explained that the inverters are properly secured and the company told Volkskrant’s journalists that the vulnerabilities only affect a limited range of products. The manufacturer also confirmed that its engineers are working on technical corrections.
Inverters of solar panels are just an example of the billion of IoT devices that could be targeted by hackers. Solar panels are becoming ever more widespread, it is neccssary to solve the issued as soon as possible.
(Security Affairs – solar panels, power grid)