Willem Westerhof, a cybersecurity researcher at Dutch security firm ITsec, has identified a serious vulnerability in an essential component of solar panels, the inverter. If this flaw is exploited then European power grids will be severely affected, and there is a threat of widespread outages. According to Westerhof, the flaw is present in thousands of Internet-connected inverters installed across Europe. The findings were published in a Dutch newspaper Volkskrant.
The function of the inverter is to convert direct current into alternating current. Since Internet of Things devices are vulnerable to hacking, therefore, it is easily possible to gain control of as many inverters as hackers may want to. Resultantly, hackers can switch them off to affect power supply by creating an imbalance and enable power outages in different parts of Europe.
Related: Even Solar Panels Can Be Hacked
Westerhof researched upon some inverters which were responsible for managing 15 gigawatts of power and found them to be poorly secured. This highlighted the gravity of the problem. If all of them get hacked, and hacker decides to shut them all off, there will be a widespread outage.
Research also revealed that the flaws were present in inverters produced by German based inverter manufacturer SMA. This issue was reported to SMA by Westerhof in December 2016, and the company invited him too for further discussion, but until now there is hardly any progress in addressing the problem. On the other hand, SMS denied that its inverters were poorly secured, and the company claimed that the identified flaws are restricted to a limited range of inverters. The company also stated that they were already working on fixing the errors.
Westerhof has described the vulnerability in detail on a website, which was launched soon after the news was published in Volkskrant. He has referred to it as Horus Scenario and explained how hackers could exploit this flaw and the terrible consequences associated.
“In the worst case scenario, a 3-hour power outage across Europe, somewhere mid-day on June is estimated to cause +/- 4.5 billion euros of damage,” wrote Westerhof.
This is not the first time when researchers have discovered critical security flaws affecting solar panels. Last year in August, a user hacked his own solar panel system and demonstrated it during Defcon.