Back to news
Millions of solar power systems could be at risk of cyber attacks after researchers find flurry of vulnerabilities
@Source: techradar.com
Skip to main content
Tech Radar Pro
Tech Radar Gaming
Tech Radar Pro
TechRadar the business technology experts
Search TechRadar
View Profile
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
Expert Insights
Website builders
Web hosting
Best web hosting
Best website builder
Best office chairs
Expert Insights
Millions of solar power systems could be at risk of cyber attacks after researchers find flurry of vulnerabilities
Efosa Udinmwen
30 March 2025
Weak authentication lets hackers hijack inverters and alter energy output
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock / VAKS)
Insecure solar systems allow cybercriminals to steal data and ransom access
Millions of solar inverters remain vulnerable to severe cybersecurity threats
Forescout – Vedere uncover flaws allowing attackers to take full control over solar systems
The increasing use of solar power has exposed critical cybersecurity vulnerabilities in inverters, cloud computing services, and monitoring platforms, creating an insecure ecosystem where hackers can manipulate energy production, disrupt power grids, and steal sensitive data, posing serious risks to global energy infrastructure, experts have warned.
A study by Forescout – Vedere Labs identified 46 new vulnerabilities across three major solar inverter manufacturers, including Sungrow, Growatt, and SMA. Previous findings showed that 80% of reported vulnerabilities were high or critical in severity, with some reaching the highest CVSS scores.
Over the past three years, an average of 10 new vulnerabilities have been disclosed annually, with 32% carrying a CVSS score of 9.8 or 10, indicating that attackers could fully compromise affected systems.
Millions of solar power systems face security risks
Many solar inverters connect directly to the internet, making them easy targets for cybercriminals. Attackers can exploit outdated firmware, weak authentication mechanisms, and unencrypted data transmissions to gain control.
Exposed APIs allow hackers to enumerate user accounts, reset credentials (ideally stored in password managers) to default values, and manipulate inverter settings, leading to power disruptions.
Additionally, insecure object references and cross-site scripting (XSS) vulnerabilities could expose user emails, physical addresses, and energy consumption data, violating privacy regulations such as GDPR.
Beyond grid instability, compromised inverters create further risks, including data theft, financial manipulation, and smart home hijacking - some vulnerabilities allow attackers to take control of electric vehicle chargers and smart plugs.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Cybercriminals could also alter inverter settings to influence energy prices or demand ransom payments to restore system functionality. As a result, the report recommends that manufacturers should prioritize patches, adopt secure coding practices, and conduct regular penetration testing.
Implementing Web Application Firewalls (WAFs) and adhering to cybersecurity frameworks like NIST IR 8259 could help mitigate risks.
Regulators are also urged to classify solar inverters as critical infrastructure and enforce security standards such as ETSI EN 303 645 to ensure compliance with best practices.
For solar system owners and operators, securing installations requires isolating solar devices on separate networks, enabling security monitoring, and following guidelines from organizations like the U.S. Department of Energy to reduce risks.
Installing the best antivirus software adds an extra layer of defense against threats, while deploying the best endpoint protection solutions further safeguards connected devices from cyberattacks targeting solar infrastructure.
You may also like
These are the best green web hosting providers
We’ve rounded up a list of the best web hosting providers
Adapting the UK’s cyber ecosystem
Password Managers
Efosa Udinmwen
Social Links Navigation
Freelance Journalist
Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Latest in Security
An old Android RAT has returned with some new tricks - here is what to look out for
Firefox patches zero-day security flaw days after Chrome fixes the same issue
Solar grids could be hijacked and even potentially disabled by these security flaws
Thousands of websites have now been hijacked by this devious, and growing, malicious scheme
This new phishing campaign can tailor its messages to target you with your favorite businesses
Microsoft Stream classic domain hijacked, causing spam across SharePoint
Latest in News
The foldable iPhone display is rumored to be keeping the 4:3 aspect ratio of the iPad – and there's a good reason for it
Leaked renders of the Samsung Galaxy Z Flip 7 FE may have revealed the affordable foldable's design
Quordle hints and answers for Sunday, March 30 (game #1161)
NYT Strands hints and answers for Sunday, March 30 (game #392)
NYT Connections hints and answers for Sunday, March 30 (game #658)
Here’s your first hands-on look at the Star Wars: Grogu, Mandalorian, R2-D2, and Darth Vader earbuds
More about security
An old Android RAT has returned with some new tricks - here is what to look out for
Firefox patches zero-day security flaw days after Chrome fixes the same issue
What is AI Distillation?
See more latest
Most Popular
World Backup Day 2025: All the news, updates and advice from our experts
'An engineering masterpiece' — reviewer raves about fastest large capacity SSD ever built, but it won't be cheap
Megawatt-class AI server racks may well become the norm before 2030 as Nvidia displays 600kW Kyber rack design
How to sync iPhone and iPad – iCloud, Photos, Calendars, and more
The foldable iPhone display is rumored to be keeping the 4:3 aspect ratio of the iPad – and there's a good reason for it
Analyst claims Softbank bought Ampere Computing for $6.5 billion to help OpenAI's chip ambitions
Quordle hints and answers for Sunday, March 30 (game #1161)
NYT Strands hints and answers for Sunday, March 30 (game #392)
NYT Connections hints and answers for Sunday, March 30 (game #658)
Everything new on Disney+ in April 2025: Andor season 2, Doctor Who season 15, Dying for Sex, and more
LATEST ARTICLES
What is AI Distillation?
World Backup Day 2025: All the news, updates and advice from our experts
'An engineering masterpiece' — reviewer raves about fastest large capacity SSD ever built, but it won't be cheap
It's time to put this debate to bed: ITX gaming PCs are the ultimate form factor
How to choose a graphics card
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future's experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait...
Related News
19 Mar, 2025
Rwanda vs Nigeria: Who's the last p . . .
09 Mar, 2025
India vs New Zealand Champions Trophy Fi . . .
17 Mar, 2025
Blake Lively shares loved up snap with h . . .
21 Mar, 2025
Vanuatu Capital Investment Immigration P . . .
13 Feb, 2025
Mikel Arteta admission sheds more light . . .
01 Apr, 2025
Paige Bueckers scores career-high 40 poi . . .
18 Mar, 2025
Video: Egypt incurs monthly losses of US . . .
22 Mar, 2025
George Foreman's inspirational final pos . . .