Cyber attackers could shut down power grids by exploiting solar panels flaws

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn21

New research called “Horus Scenario” published by Willem Westerhof, a Dutch security researcher from the security firm ITsec, explains a serious vulnerability in a component of solar panels that could be exploited by attackers to cause public outages in European power grids.

The flaws affect the inverters that are used to convert direct current (DC) to alternating current (AC). The researcher reported the flaw to the German market leader SMA in December 2016, and the company asked him to explain his findings. But, after several months the SMA still hasn’t fixed the issue and the flaw still exists.

Westerhof said that the SMA defects enable an attacker to destroy the normal functioning of a solar power plant. Due to the way power grids are built, any trouble, small or large, will have a long-lasting and quick-spreading effect.

The security flaw affects hundred of thousands of Internet-connected inverters used in power grids. If the hackers getting control of a large number of inverters and switch them off together, the attack can cause a huge power outage in large parts of Europe.

“A hacker controlling a single device of course isn’t much of a problem. The available countermeasures for grid stability will easily protect us from such an attack. Hacking these devices becomes a problem when done at a large scale. Since more and more of these PV installations are being connected to the internet or the local network, to provide the user with certain functionalities, they can be targeted easily, and remotely, by hackers.”

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn21

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply