All IoT devices are at cybersecurity risk if you don’t take the time to secure them properly. That’s something that’s been hammered home a lot over the past few years. But sometimes things fall through the cracks. Worryingly, the latest thing seems to be solar power systems. Recent research has shown that many solar power devices are exposed to the Internet and not properly secured. And when solar power systems are vulnerable, it’s not just individuals who are impacted but potentially entire power grids.
The research
Cybersecurity company Forescout recently discovered that thousands of solar power systems worldwide are vulnerable to security issues. Using the Shodan search engine, it found that 35,000 devices from 42 different vendors had internet-exposed management interfaces. The devices included inverters, gateways, data loggers, monitors, and other communication equipment.
These devices were located around the world, but Europe was in the lead with 76%, followed by Asia with 17%. Germany and Greece account for 20% of vulnerabilities each, followed by Italy and Japan, which account for 9% each.
Meanwhile, the top 10 exposed solar device vendors had headquarters in Germany, two in China and one each in Austria, Japan, the US and Italy. Leading the way is Germany-based SMA, with more than 12,000 exposed devices. The research also points out that the top exposed vendors in the study do not align with the top 10 solar panel vendor companies in the world based on market share.
While Internet exposure does not necessarily mean that all these devices can be hacked, it doesn’t mean it’s impossible. Especially when the security firm found in another report that these kinds of devices can be susceptible to other vulnerabilities, some of which can be exploited by botnets.
Furthermore, many of the top five devices that accounted for 70% of the exposed devices have experienced security issues before. The most common device, SMA Sunny WebBox, has been among the most exposed solar devices since 2014, though it is no longer being manufactured. Another device of interest, SolarView Compact, accounts for 8% of exposed devices. In Japan in 2024, 800 were hijacked and used for bank account theft.
What needs to be done
Typically, Internet exposure isn’t an inherent device flaw, but rather due to users configuring port forwarding. Vendors often discourage this. However, this study reveals that some devices, such as the SolarView Compact, did have vulnerabilities
So, to reduce the risk of security vulnerabilities, researchers at Forescout advise organizations and owners of solar devices to patch devices as soon as possible. If patches aren’t available for certain devices, you should consider stopping their use and replacing them with safer options.
They also warn against exposing the management interfaces to the Internet. For remote management, use a VPN and follow CISA’s remote access guidelines.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.