A Dutch security researcher has found a serious vulnerability in a part of solar panels, that, if exploited, could cause widespread outages in European power grids.
Willem Westerhof, a cybersecurity researcher at ITsec, discovered a vulnerability in so-called inverters, an essential part of solar panels that converts direct current to alternating current. According to Volkskrant, the Dutch newspaper that first reported this story, Westerhof claims that the vulnerability can be found in thousands of internet-connected inverters throughout Europe.
Like with other vulnerable Internet of Things devices, hackers could take control of a large number of inverters and switch them off simultaneously, causing an imbalance in the powergrid that can knock out electricity in large parts of Europe.
To get a sense of the scale of the problem: The poorly secured inverters Westerhof researched manage around 17 gigawatts of power. If a hacker were to shut off all them in one go, the results could be pretty catastrophic.
Volkskrant reports that in 2006, large parts of Europe went dark when a high voltage power line in Germany was disconnected and the power grid had to deal with a five gigawatt shortage. Capital cities like Paris and Madrid spent hours without power because of that incident. Now multiply that by three and you’ll see that this could be a problem.
Westerhof found the vulnerabilities in inverters made by the German market leader SMA. He reported them before Christmas 2016, and SMA invited him to discuss his findings. More than six months later, the company has barely addressed the issue, according to the researcher.
SMA denied that its inverters are not properly secured. The company told Volkskrant’s journalists that the vulnerabilities only affect a limited range of products and that they’re working on technical corrections.
These inverters are just another example of the internet of shit, a catch-all term to describe poorly designed or secured devices connected to the internet. And with solar panels becoming ever more popular, we have another worry to add to the already extensive list of devices we will have to secure.
Almost instant update: Minutes after hitting publish, Westerhof launched a website detailing the vulnerability and how an attack could play out. He’s calling it the Horus Scenario, after the Egyptian deity, and uses the website to prove that this cyber attack can indeed lead to pretty terrible consequences. “In the worst case scenario, a 3 hour power outage across Europe, somewhere mid day on June is estimated to cause +/- 4.5 billion euros of damage,” he writes. Read more at horusscenario.com.