• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Even Solar Panels Can Be Hacked

August 9th, 2016 Ryan De Souza Hacking News, Security 0 comments
Even Solar Panels Can Be Hacked
Share on FacebookShare on Twitter
Believe it or not, your Solar Panel can be hacked as well — Just like this man who hacked his own solar panel

Do you know how you can verify if your home or property is fully secure? Well, in Fred Bret-Mounet’s opinion, the only way is to try to violate the security measures yourself. And he did just that to prove his point.

Solar arrays are provided by Tigo Energy. It is a device that lets users control or monitor panels via the internet. Like every other house in California, Bret-Mounet also installed a solar array on his home but he was immensely concerned about the level of security that it provided to his family. So, he decided to check it. To his surprise, there were certain vulnerabilities in the system, with which he could easily spy on the home and even hack the power supply of a thousand homes at least. This was possible due to the open Wi-Fi access point that was linked with the MMU (Management Unit) of the solar array.

Read: 7 Unexpected Hacks of 2015, Thanks To DefCon and Black Hat

The fact that the device utilizes an open Wi-Fi access point is quite disturbing because if someone can get the login password of web account from where the solar panels could be monitored then it becomes an easy job to spy on homes.

But this was just the beginning!

In October last year, he discovered some rather serious issues. He identified that his Tigo was being served via an unencrypted HTTP connection, which was secured with an extremely easy-to-guess username and password namely “admin” and “support.” To him, it was kind of a default login and he could easily manipulate the solar arrays of other residents with the same login information.

But he didn’t attempt to damage his solar array but instead searched on Shodan for other vulnerable arrays on the internet and was successful in finding other Tigo systems. He then prepared to act like a malicious attacker and using the login credentials he looked for other weaknesses of the system and gained root-level access to the controller of his solar panel. This meant that he could do just about anything to his panels.

Then he identified that all Tigo devices have the same VPN connection.

“If I’d gone through that tunnel I would have reached any of them. I could have shut down a small-to-medium electricity generation facility in the aggregate, but my personal belief is that I could have used those as Trojan horses to attack targets that happened to have that type of solar panel,” Bret-Mounet told Forbes.

Read: 8 Technologies That Can Hack Into Your Offline Computer and Phone

Fred Bret-Mounet presenting his findings in Def Con

@fbret crushing it @DEFCON right now. The way presentations should be. pic.twitter.com/5h07tcbZ9y

— Kevin Peterson (@secureaccess) August 6, 2016

[fullsquaread][/fullsquaread]

Read: Shield Your PC from Radiofrequency, Hackers Can Steal Data Using Radio/Sound Waves

When he contacted Tigo, the company responded quickly and the issues were supposedly being resolved in December last year. But then he was informed that the company had sold around 1000 development devices to buyers, one of whom was Bret-Mounet. Bret-Mounet also verified the company’s claim by checking for vulnerable devices across the city and couldn’t find any new ones. He was then delivered a production model by Tigo. But this poses an important question—how many of such devices are out there that are vulnerable to spying and hacking?

[src src=”Top, Featured Image Via” url=”https://pixabay.com/en/solar-panels-energy-durable-681979/”]MinkS/Pixabay[/src]

  • Tags
  • def con
  • Energy
  • hacking
  • Infosec
  • internet
  • security
  • VPN
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Malware Infected PokémonGo Apps Found on GooglePlay Store
Next article Internet Minefield: Beware of fake WiFi spots in Rio stealing user data
Ryan De Souza

Ryan De Souza

Ryan is a London-based member of the HackRead's Editorial team. A graduate of Maths and physics with a passion for geopolitics and human rights. Ryan places integrity at the pinnacle of successful journalism and believes this is somewhat lacking in traditional media. Ryan is an educator who balances his time between family, social activism and humanitarian causes and his vice is Football and cars.

Related Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Malwarebytes says it was also breached by SolarWinds hackers

Malwarebytes says it was also breached by SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

22
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

47
Malwarebytes says it was also breached by SolarWinds hackers
Hacking News

Malwarebytes says it was also breached by SolarWinds hackers

60

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us