The expansion of decentralized energy generation repeatedly reveals deficiencies in the IT security of market-leading hardware. The focus is again on the Chinese company Hoymiles, which, according to its own statements, serves around 20 percent of the European market for microinverters. These are installed in balcony power plants and smaller roof solar systems. Security researcher Benedikt Heinz, also known as Hunz, together with the Chaos Computer Club (CCC), has uncovered far-reaching security vulnerabilities: With simple means from the electronic junk box and little know-how, it is reportedly possible to manipulate, switch off, or permanently disable solar systems in the neighborhood while driving by.

  • Ghoelian@piefed.social
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 days ago

    One use-case is people with dynamic energy contracts. You don’t want your solar panels to return power to the grid if the energy price is negative, because you’d pay for every watt returned. This way the energy provider can remotely stop the inverters if prices are negative.

    Though afaik the on-board connectivity is usually exclusively for the API the manufacturer’s app uses. There’s some energy providers in the Netherlands that use this API as well, but this is slow and sometimes unreliable. My employer also installs these panels+inverters, but we control them using modbus via a device we manufacture that you plug in to the modbus/control port. It connects to us via mobile 4g, because we don’t want to rely on the customer’s network (even when wired).