18

cross-posted from: https://scribe.disroot.org/post/10061950

Security researchers from the Chaos Computer Club (CCC) have exposed critical vulnerabilities in Hoymiles solar inverters that allow attackers to remotely control, manipulate, or destroy hundreds of thousands of solar installations across Europe. The Chinese manufacturer holds roughly 20 percent of the European microinverter market, making the security flaw a widespread threat to balcony power plants and small rooftop solar systems.

...

During experimental tests, a modified handheld scanner located two dozen foreign inverters and their identification numbers within 20 minutes. In Augsburg, Hunz identified 42 hackable systems within just one hour. The radio signals can travel several hundred meters, making it feasible to mount attack equipment on drones for systematic scanning of residential areas.

Once attackers have the serial numbers, they can switch inverters on or off, alter power limits, and inject malware through an unprotected firmware update command. Tampering with sensitive network parameters or erasing bootloader memory could lead to fires, electrical accidents, or device destruction requiring physical repair.

...

The CCC informed Hoymiles [which is headquartered in China] about the vulnerability in February but received no initial response. Only after the German Federal Office for Information Security contacted the Chinese authority CNCERT did Hoymiles react at the end of June. The company announced a security update for mid-October.

...

Archived

top 11 comments
sorted by: hot top new old
[-] SlippiHUD@slrpnk.net 1 points 6 hours ago

All the articles on upday claim to be AI generated. It might be good to find an alternative source.

[-] tardigrade@scribe.disroot.org 2 points 6 hours ago

I posted the original article in this thread as well as an article on the same topic, here again:

Original article by CCC (in German)

And:

China Holds a Kill Switch to European Power Grids (May 2025)

Despite years of debate about supply chain resilience, more than 70 percent of world’s solar inverters come from Chinese manufacturers. The three biggest players – Huawei, Sungrow, and Ginlong Solis – are all Chinese. Here lies the first paradox: Huawei has been banned from a large portion of Europe’s 5G networks due to national security concerns, yet its technology is welcomed into the power grid.

[-] hexdream@lemmy.world 2 points 10 hours ago

The death star is clearly an underachiever

[-] resipsaloquitur@lemmy.cafe 3 points 19 hours ago
[-] hexdream@lemmy.world 2 points 10 hours ago

Whole solar systems!, so yeah, Pluto too.

[-] erebion@news.erebion.eu 2 points 19 hours ago

"The company announced a security update for mid-October."

This is says it all, I doubt I will ever buy products from them.

[-] tardigrade@scribe.disroot.org 9 points 1 day ago* (last edited 1 day ago)

Here is the article by CCC (in German)

Edit:

China Holds a Kill Switch to European Power Grids (May 2025)

Despite years of debate about supply chain resilience, more than 70 percent of world’s solar inverters come from Chinese manufacturers. The three biggest players – Huawei, Sungrow, and Ginlong Solis – are all Chinese. Here lies the first paradox: Huawei has been banned from a large portion of Europe’s 5G networks due to national security concerns, yet its technology is welcomed into the power grid.

[-] Dogyote@slrpnk.net -1 points 1 day ago

Is this actually a problem? Sounds like china-scary fud.

[-] SlippiHUD@slrpnk.net 1 points 1 day ago* (last edited 1 day ago)

It sounds like anyone can light your house on fire if you happened to buy this microinverter. Whether or not this is a consipiracy or shoddy workmanship.

[-] Dogyote@slrpnk.net 1 points 10 hours ago

I really don't think it's that easy. Nobody's going to fly a drone down the street broadcasting malware to these inverters. Still sounds like FUD to me. "Don't buy the reasonably priced solar, someone will burn your house down."

[-] SlippiHUD@slrpnk.net 2 points 7 hours ago

The issue is can not will. One does not need a drone to do it either. The radios have a "several hundred meter range". The device communicates without encryption, and accepts updates without encryption/authorization.

This applies to nearly all devices made by one company thats captured 1/5 of the market. It doesnt matter who makes it, this is unacceptable negligence.

This is an immently reasonable demand "The CCC is demanding mandatory minimum IT security standards for feed-in devices in the European Union. The organization specifically calls for banning devices that accept firmware updates via radio without cryptographic authentication."

this post was submitted on 11 Jul 2026
18 points (82.1% liked)

Solarpunk technology

4471 readers
25 users here now

Technology for a Solar-Punk future.

Airships and hydroponic farms...

This is not an IT industry news community.

founded 3 years ago
MODERATORS