SUN:DOWN Vulnerabilities Expose Critical Security Risks in Solar Inverters

Recent cybersecurity research has uncovered 46 critical vulnerabilities insolar inverters manufactured by Sungrow, Growatt, and SMA. Thesevulnerabilities, collectively termed SUN:DOWN, pose significant risks toelectrical grids by potentially allowing unauthorized control over thesedevices.

Technical Analysis of SUN:DOWN Vulnerabilities

The identified vulnerabilities encompass several critical issues:

·        Remote CodeExecution (RCE): Some flaws enable attackers to execute arbitrarycommands on the devices or associated cloud platforms. For instance,vulnerabilities in Sungrow's handling of MQTT messages could lead to RCE ordenial-of-service (DoS) conditions.

·        AuthenticationBypasses: Exposed APIs in Growatt systems allow attackers to enumerateuser accounts, reset passwords to default values, and manipulate devicesettings. This could lead to unauthorized control over the inverters andpotential grid disruptions.

·        InsecureCommunication Protocols: Sungrow's Android application uses aninsecure AES key for data encryption and ignores certificate errors, making itsusceptible to adversary-in-the-middle attacks. This compromises theconfidentiality and integrity of communications between the mobile app and theiSolarCloud platform.

·        Hard-CodedCredentials: Sungrow's WiNet WebUI contains hard-coded passwords thatcan decrypt all firmware updates, providing a straightforward path forattackers to inject malicious firmware into the devices.

Potential Impact on Electrical Grids

Solar inverters play a crucial role in converting direct current (DC) fromsolar panels into alternating current (AC) used by the electrical grid.Exploiting these vulnerabilities could allow attackers to gain control over alarge number of solar inverters, effectively creating a botnet. Such a botnetcould be used to manipulate energy production, causing instability in powergrids and potentially leading to widespread blackouts. The ability to alterinverter settings on a large scale poses a serious threat to grid stability andenergy security.

How to Reduce the Risk

To address these vulnerabilities and enhance the security of solar powersystems, the following measures are recommended:

·        For Manufacturers:

o   Develop and distributepatches promptly to address identified vulnerabilities.

o   Adopt secure codingpractices to prevent common issues such as hard-coded credentials and improperinput validation.

o   Conduct regular securityassessments and penetration testing.

·        For Regulators:

o   Classify solar inverters ascritical infrastructure to enforce stringent security standards.

o   Implement and enforcesecurity regulations such as ETSI EN 303 645 to ensure best practices arefollowed across the industry.

·        For Solar SystemOwners:

o   Isolate solar devices onseparate networks to limit potential attack vectors.

o   Enable security monitoringto detect and respond to potential intrusions promptly.

o   Regularly update devicefirmware and software to incorporate security patches provided bymanufacturers.

By implementing these measures, the risks associated with cyberattacks onsolar power systems can be significantly reduced, ensuring the continuedstability and security of electrical grids.

‍