cross-posted from: https://scribe.disroot.org/post/10061950

Security researchers from the Chaos Computer Club (CCC) have exposed critical vulnerabilities in Hoymiles solar inverters that allow attackers to remotely control, manipulate, or destroy hundreds of thousands of solar installations across Europe. The Chinese manufacturer holds roughly 20 percent of the European microinverter market, making the security flaw a widespread threat to balcony power plants and small rooftop solar systems.

During experimental tests, a modified handheld scanner located two dozen foreign inverters and their identification numbers within 20 minutes. In Augsburg, Hunz identified 42 hackable systems within just one hour. The radio signals can travel several hundred meters, making it feasible to mount attack equipment on drones for systematic scanning of residential areas.

Once attackers have the serial numbers, they can switch inverters on or off, alter power limits, and inject malware through an unprotected firmware update command. Tampering with sensitive network parameters or erasing bootloader memory could lead to fires, electrical accidents, or device destruction requiring physical repair.

The CCC informed Hoymiles [which is headquartered in China] about the vulnerability in February but received no initial response. Only after the German Federal Office for Information Security contacted the Chinese authority CNCERT did Hoymiles react at the end of June. The company announced a security update for mid-October.

Archived

  • Yggstyle@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    ·
    7 days ago

    Thats some impressive reporting from a news org utilizing an AI stock image that has no apparent ties to the content. To be fair I can’t think of any obvious choices either.

    I’ll just take a peek at their publishers:

    Damn. 404. (not that one)

    No worries - follow the money! Let’s see who your advertisers are…

    404? The plot thickens.

    About us! Surely they are going to describe their attention to detail, their quest for truth, and their refreshing lack of baises at this establishment…?

    1. Very well then. Keep your secrets.

    There can only be one explanation for this. Obviously.

    The dangerous hacker known as En Jin X. This would have never happened if everyone needed their ID online!

      • Yggstyle@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        7 days ago

        It read like it was laser focused on pushing an idea while ignoring too many obvious parallels. The fact that the site is basically all facade - no function … kind of provides a physical representation of this entire movement. Its practically modern art.

        That said - it really does drive home how this virtual snake oil is literally sending us in the wrong direction.

    • Jason2357@lemmy.ca
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      7 days ago

      Did they break this story? Looks like this is a copy-paste article on hundreds of shitty sites: https://duckduckgo.com/?t=fpas&q=chaos+computer+club+solar+vulnerability+remote+chinese&ia=web

      The Chaos Computer Club is real, and awesome, but I cand find anything on their site or YouTube about this yet. It was probably not in English though so thats on me: https://www.ccc.de/en/home

      Edit, I just had to scroll down: https://lemmy.ca/post/67687895/24241020

      • Yggstyle@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        7 days ago

        I imagine the feat itself is possible and plausible - though I couldn’t speculate further without digging into the specifics.

        What left me feeling wary was, at least in the US, theres been a massive push to limit the spread and use of renewables… and normally when sowing fear and doubt you generally want to tie in your preferred boogie man. Presently that would be China.

        Misinformation campaigns and astro turfing frequently will rely on half truths as it is FAR easier to sow dissent in a community. A half truth becomes opinion - an easily disproven lie can backfire and unify communities.

        Tons of Chinese equipment is exploitable. Most of the time its simply a product of “cheap, fast, stable/secure” pick 2. I promise you it won’t be the thing that costs time and money.

        I won’t speculate further on something I noticed in passing but… very frequently the third play in the trifecta is to accuse your boogie man of something that you are doing as well. It weakens the opposing observation, true or not, by increasing difficulty in finding data (similar search terms… two different parties) and lizard brain “feels” like your arguement is weaker because its copying the opposition.

        Either way - I’d hesitate to take an organization seriously if they fucked up their own.distribution platform that badly and didnt IMMEDIATELY fix it. Either they are inept or unaware… and unaware implies lack of traffic who might @ a dev.

  • nanometer1625@thelemmy.club
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    1
    ·
    edit-2
    7 days ago

    PSA: If your router has a guest network feature, enable it, and put all of your IOT devices on it. Unlike the main network, guest networks are typically configured such that each device on the guest network can only access the internet, and not other devices on the guest network, nor the router, itself.

    • mic_check_one_two@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      11
      ·
      7 days ago

      Or set up Home Assistant on a dedicated VLAN for all your IoT stuff. I know that’s a few extra steps that not every router will support, but it is a way to be more privacy focused (Home Assistant is entirely self-hosted) while still maintaining a lot of the IoT functionality.

    • Omgpwnies@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 days ago

      Mine has guest and IOT networks, super nice because I can set up all the IOT stuff then hide the SSID

  • CodeHead@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    7 days ago

    Hackers, across Europe, can remotely destroy hundreds of thousands of solar systems.

    FTFY

    How many death stars would that require?

  • Ilovethebomb@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    6 days ago

    There is just no good reason for a solar inverter to even have the ability to be controlled remotely like that. Any wireless functionality should be limited to outputting what the inverter is doing, and air gapped from the firmware.

    • HubertManne@piefed.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 days ago

      I completely agree. Nothing at home really needs to be controlled when not at home and if it is it should be through another network product you connect using wired

  • justaman123@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    7 days ago

    Is this like an oil industry story? Like who would try this attack vector? And honestly how much damage could this actually do other than break peoples balcony solar panels?

    • tardigrade@scribe.disroot.orgOP
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      7 days ago

      And honestly how much damage could this actually do other than break peoples balcony solar panels?

      Is this satirical?

  • EastofEdson@lemmy.ca
    link
    fedilink
    English
    arrow-up
    149
    ·
    7 days ago

    Ok, we need to refer to them as something else. I thought we had a much bigger problem on our hands when I first read the title.

    • timochka@lemmy.zip
      link
      fedilink
      English
      arrow-up
      7
      ·
      7 days ago

      A brigade of yanks with “you just can’t understand how many solar systems fit in Texas, though” is incoming…

        • wonderingwanderer@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 days ago

          Every civilization ever has been self-centered, so honestly I’m not that torn up about it. Europe is more globally/internationally-focused than most of the world.

          Why do you think it hosts the UN headquarters, ICC headquarters, and so many other IGO headquarters? It’s the only multi-national federation that I know of and is part of the largest and most widespread defense pact in the world.

          Clearly people want to live there, otherwise they’d be migrating to BRICS nations and Northern Africa. So it must be doing something right.

          What’s wrong with a civilization being self-centered? Especially when most of the critique it’s received regarding previous centuries was that it was too expansionist?

          • kazerniel@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 days ago

            Why do you think it hosts the UN headquarters, ICC headquarters, and so many other IGO headquarters?

            Because it retains a lot of soft power from the centuries of being the world power.

            It’s the only multi-national federation that I know of and is part of the largest and most widespread defense pact in the world.

            Depending on where you draw the line on what counts as federation vs other associations of countries, there are many potential others, like Mercosur, Gulf Cooperation Council, Caribbean Community, African Union.

            Clearly people want to live there, otherwise they’d be migrating to BRICS nations and Northern Africa. So it must be doing something right.

            I’d say this is irrelevant to the topic? Also a large part of the reason many people want to move to Europe is because Europe fucked up their home countries starting from the centuries of colonisation, resource extraction, arbitrarily redrawing borders that then fosters ethnic tension for generations, etc.

            What’s wrong with a civilization being self-centered? Especially when most of the critique it’s received regarding previous centuries was that it was too expansionist?

            Well, Europeans tend to feel the world revolves around us (though the USA is even worse in this regard). We feel we can afford not to know about the history and geography of countries outside of Europe, since everything of import happened here. (Though in the post-WW2 era that consideration includes the USA.)

            Also, I don’t think self-centredness and expansionism are opposites. If anything, self-centredness makes it more easy for people to disregard the rights and interests of the “others”, so exploiting them doesn’t feel as wrong as if it happened to other Europeans.

    • HeyJoe@lemmy.world
      link
      fedilink
      English
      arrow-up
      49
      ·
      7 days ago

      I read that same line 3 times before realizing this is not comic book villain bad.

    • zod000@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      31
      ·
      7 days ago

      Yeah, I was legit impressed both with the brazen threat of the hackers as well as Europe for somehow becoming a galaxy spanning union.

    • Jason2357@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      7 days ago

      I assume so yes. The first video we transmitted was Hitler, and the biggest radio signals were H-bombs.

    • Rhaedas@fedia.io
      link
      fedilink
      arrow-up
      11
      ·
      7 days ago

      Already had one, why else do you think no one has contacted us yet? Wouldn’t you steer clear of this planet?

  • tardigrade@scribe.disroot.orgOP
    link
    fedilink
    English
    arrow-up
    28
    ·
    edit-2
    7 days ago

    Here is the article by CCC (in German)

    Edit:

    China Holds a Kill Switch to European Power Grids (May 2025)

    Despite years of debate about supply chain resilience, more than 70 percent of world’s solar inverters come from Chinese manufacturers. The three biggest players – Huawei, Sungrow, and Ginlong Solis – are all Chinese. Here lies the first paradox: Huawei has been banned from a large portion of Europe’s 5G networks due to national security concerns, yet its technology is welcomed into the power grid.