cross-posted from: https://scribe.disroot.org/post/10061950

Security researchers from the Chaos Computer Club (CCC) have exposed critical vulnerabilities in Hoymiles solar inverters that allow attackers to remotely control, manipulate, or destroy hundreds of thousands of solar installations across Europe. The Chinese manufacturer holds roughly 20 percent of the European microinverter market, making the security flaw a widespread threat to balcony power plants and small rooftop solar systems.

During experimental tests, a modified handheld scanner located two dozen foreign inverters and their identification numbers within 20 minutes. In Augsburg, Hunz identified 42 hackable systems within just one hour. The radio signals can travel several hundred meters, making it feasible to mount attack equipment on drones for systematic scanning of residential areas.

Once attackers have the serial numbers, they can switch inverters on or off, alter power limits, and inject malware through an unprotected firmware update command. Tampering with sensitive network parameters or erasing bootloader memory could lead to fires, electrical accidents, or device destruction requiring physical repair.

The CCC informed Hoymiles [which is headquartered in China] about the vulnerability in February but received no initial response. Only after the German Federal Office for Information Security contacted the Chinese authority CNCERT did Hoymiles react at the end of June. The company announced a security update for mid-October.

Archived

  • nanometer1625@thelemmy.club
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 hour ago

    PSA: If your router has a guest network feature, enable it, and put all of your IOT devices on it. Unlike the main network, guest networks are typically are configured such that each device on the guest network can only access the internet, and not other devices on the guest network, nor the router, itself.

    • mic_check_one_two@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      13 minutes ago

      Or set up Home Assistant on a dedicated VLAN for all your IoT stuff. I know that’s a few extra steps that not every router will support, but it is a way to be more privacy focused (Home Assistant is entirely self-hosted) while still maintaining a lot of the IoT functionality.