August 8, 2024 at 09:18AM
Bitdefender researchers found critical vulnerabilities in widely used Solarman and Deye solar power systems, potentially enabling attackers to cause disruption and blackouts. The flaws allowed attackers to take control of accounts, manipulate inverters, and access sensitive data. Bitdefender reported the findings and patches were deployed in the summer. Robust cybersecurity is crucial for managing solar energy systems.
The meeting notes indicate that cybersecurity firm Bitdefender has identified serious vulnerabilities in widely used solar power systems, particularly in the products of Chinese companies Solarman and Deye. These vulnerabilities could potentially allow attackers to disrupt power generation, cause blackouts, and gain access to sensitive data. The vulnerabilities were found in the management platforms provided by Solarman and the inverters provided by Deye, which are used to operate millions of solar installations worldwide, contributing to approximately 20% of the global solar power production.
Bitdefender disclosed these vulnerabilities in separate papers and a blog post, detailing how attackers could exploit these flaws to gain control of accounts, manipulate inverters, and access sensitive data. Bitdefender reported its findings to Solarman and Deye in May, and patches were deployed during the summer.
Bitdefender emphasized the need for robust cybersecurity in managing solar energy systems and in general IoT setups, highlighting the potential attack surfaces introduced by integrating solar power into the grid. This discovery underscores the importance of addressing security flaws in solar power systems to ensure the integrity and stability of energy generation and grid operations.