The increasing adoption of solar power, now valued at $70 billion in 2024, comes with cybersecurity risks that could impact power grids and user privacy. Researchers at Forescout presented findings at Black Hat Asia, identifying 46 vulnerabilities across major solar vendors—Sungrow, Growatt, and SMA—affecting inverters, mobile apps, and cloud systems. These flaws could allow attackers to hijack solar inverters, manipulate power output, and even destabilize electrical grids.

The study found that over 30 vulnerabilities stemmed from insecure direct object references (IDORs), highlighting a lack of basic security measures. With an average of 10+ vulnerabilities discovered annually in solar systems, researchers stress the need for security-by-design in future implementations.

To mitigate risks, experts recommend treating inverters as critical infrastructure, following cybersecurity guidelines, conducting risk assessments, segmenting networks, and ensuring regular security updates. While vendors have patched the reported vulnerabilities, businesses and users must proactively secure their systems to prevent future exploitation.

Source: https://www.darkreading.com/vulnerabilities-threats/security-bugs-could-rain-out-solar-grids

‍