Hacking

Flaws in solar panels potentially threatening European power grids

The Horus scenario, is a scenario describing a large scale cyber attack targeting the vital electrical infrastructure triggering flaws found in solar panels

Willem Westerhof, a Dutch security researcher at the security firm ITsec has found a serious vulnerability in a component of solar panels that could be exploited by hackers to cause widespread outages in European power grids.

The vulnerability resides in the inverters that are the components of solar panels used to convert direct current to alternating current.

The vulnerabilities affect the inverters manufactured by the German market leader SMA. Westerhof reported the issued to the company in December 2016, and SMA invited him to discuss his findings. Unfortunately, after six months nothing is changed and the SMA still hasn’t solved the issue.

Westerhof has published a detailed analysis of the vulnerability and of the attack scenario that was dubbed by the expert Horus Scenario, after the Egyptian deity.

According to the Dutch newspaper Volkskrant, Westerhof claims that the security flaw affects thousands of Internet-connected inverters used in European power grids.

The attack scenario hypothesized by the expert is disconcerting, it sees hackers taking control of a large number of inverters and switch them off simultaneously. The attack can cause a huge power outage in large parts of Europe.

According to a research conducted by Westerhof, vulnerable solar panels manage around 17 gigawatts of power, clearly, a successful cyber attack could have a catastrophic effect.

Volkskrant reports that in 2006, more than 10 million people were left in the dark after a power shortage in Germany triggered blackouts across western Europe late Saturday night. Many capital cities were affected by the outage, including Paris and Madrid spent hours without power because of that incident.

The German power grid had to deal with a five-gigawatt shortage, while the attack scenario presented by Westerhof could cause a 17-gigawatt shortage, more than three times greater.

SMA explained that the inverters are properly secured and the company told Volkskrant’s journalists that the vulnerabilities only affect a limited range of products. The manufacturer also confirmed that its engineers are working on technical corrections.

Inverters of solar panels are just an example of the billion of IoT devices that could be targeted by hackers. Solar panels are becoming ever more widespread, it is neccssary to solve the issued as soon as possible.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – solar panels, power grid)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

5 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

11 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

23 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.