Rogue communication devices found in Chinese solar power inverters
“Rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by US experts who strip down equipment hooked up to grids to check for security issues, the two people said. Over the past nine months, undocumented communication devices, including cellular radios, have also been found in some batteries from multiple Chinese suppliers, one of them said.”
I generally ignore all the unsubstantiated propaganda (think Huawei) out of the USA unless it actually is substantiated by some evidence. This does look like such a case, as undocumented devices have apparently been found in some Chinese inverters. Pure speculation is never evidence of anything.
My own LiPO4 battery for example does have a Wi-Fi communication device in it for calling home to the OEM, but firstly it is documented, and secondly I configure it to only connect via my IoT VLAN, and thirdly it calls home to the local company in my town who manufactured it. The same goes for my German made Victron inverter.
It is becoming more and more apparent though, given all the IoT devices we now install on our home networks, that just using any basic ISP router is no longer acceptable. You do need to separate your user devices from any such IoT devices, and then also vet which of those devices are allowed to access the Internet. There may be valid reasons for accessing the Internet such as getting updates, managing warranties, syncing to a cloud service you know about, etc.
Remotely accessing your IoT devices when you are away from home should be considered carefully. For example, my CCTV cameras are not allowed any Internet access, and if I want to access them while I'm away, I have to initiate a secure Tailscale tunnel and only then can I see them. The same goes for login access to my OPNsense firewall, it has no open login access facing the Internet at all.
It is true though that anyone capable of accessing your inverter (or many of them across a city or a country) could not only disable all your power, but it could also spark a massive demand load on the grid, possibly calling a blackout. So this has more severe implications than one home just being hacked to access data.
The analogy could be made with cars where 20 or 30 years ago airbags were not seen as essential, and going back further, neither were seatbelts nor power brakes, but today those are essential standard components of all cars. It is also time that home networking started to move with the times. There is actually no excuse on the hardware side, as much of this is just about software, not even actual hardware requiring replacement.
The problem though is a bit more complex as:
* OEMs want to sell you new hardware, not just upgrade software on what you have.
* Many cheaper devices have no automatic software upgrades.
* Most home users are just not skilled enough yet to implement VLANs properly.
* It is too easy for IoT devices to just be connected with a Wi-Fi ID and password to open home networks.
So there is some way to go still before this type of vulnerability will be properly addressed.
See
https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14
#technology #security #vulnerability #inverters
#technology #filesharing #opensource
