Researchers from the Dutch Institute for Vulnerability Disclosure (DIVD) have managed to remotely take over millions of solar panel systems from manufacturer Enphase worldwide.
DIVD researcher Wietse Boonstra found the first problems in the account management of Enphase devices. Researchers discovered six other security vulnerabilities in Enphase IQ Gateway, formerly called Enphase Envoy. This controls communication through solar panel microinverters and the Enphase app. By exploiting three of the security vulnerabilities in combination, an unauthenticated user could remotely execute commands on the system. Through an attack on the solar panel systems, the power grid could be disrupted.
"A gateway is only vulnerable if the Enphase equipment is connected to an untrusted network, such as the public Internet or a guest network at home. According to the manufacturer, some four million systems are installed in more than 150 countries," the DIVD said in a press release.
Click here for the message from the DIVD.
