Rogue Communication Devices Found in Chinese Solar Power Inverters

Gilmoure shares a report: U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said. Power inverters, which are predominantly produced in China, are used throughout the world to connect solar panels and wind turbines to electricity grids. They are also found in batteries, heat pumps and electric vehicle chargers.

[...] Using the rogue communication devices to skirt firewalls and switch off inverters remotely, or change their settings, could destabilise power grids, damage energy infrastructure, and trigger widespread blackouts, experts said. "That effectively means there is a built-in way to physically destroy the grid," one of the people said, The two people declined to name the Chinese manufacturers of the inverters and batteries with extra communication devices, nor say how many they had found in total.

Sure, huawei is fine tho

[Austerity Empowers]

I can't wait to see the spin from our faithful CCP bots.

Re:

[drnb]

I can't wait to see the spin from our faithful CCP bots.

Expect a lot of "LIES!" in all caps.

Re:Sure, huawei is fine tho

[ToasterMonkey]

I can't wait to see the spin from our faithful CCP bots.

Dude, please, you need to at least ask questions. Like are these part of some management SoC and not used in some configuration of the hardware. Are the radios powered on, or are they a threat because some firmware update or some other trigger could enable them later. Do they even have antennas?

There's unlimited potential to be a threat, but it's stupid to not ask questions and understand the actual threat if we have something concrete.

Re:

[hey!]

Sure, industrial infrastructure commonly has remote monitoring and administration capabilities. Grid storage systems for example have to monitor battery and inverter health. EV chargers can often communicate to determine the most economical charge times.

In this case the devices included cellular radios that could bypass site network administrators completely. Again this is not necessarily nefarious, because there are legitimate use cases for this.

But if the capability is there, it should be shipped tota

Re:

[hey!]

I thought of provisioning as an obstacle, but it's not necessarily a difficult one for an actor with "national means" to overcome. Most likely none of the low-cost service providers who provide service for things like GPS trackers would bat an eye if you had a shell company set up a few hundred or even a thousand devices. Just tell them you're doing vehicle tracking or something like that. China's MSS could even set up a bogus cell tower near their target sites, stringray style. The main target of such

Why not state which ones?

[Turkinolith]

"The two people declined to name the Chinese manufacturers of the inverters and batteries with extra communication devices, nor say how many they had found in total." Evidence is needed so people can protect their stuff / verify if this is a problem.

Re:

[smooth wombat]

I'm of two minds on this. On one hand, if you identify the company, yes, people will know what to look for and can either replace the inverter or get a whole new panel.

On the other hand, by identifying the company, you've tipped them off that you know what they did and the company will try to find a different way to do the same thing.

On the other other hand, by not identifying the company this keeps China in the dark about which ones were found and allows time for companies to look for the same thing in ot

Re:

[algaeman]

On the third hand, oil companies have a vested interest in generating FUD about solar power. US energy officials essentially work for them. The press release is in London. No names or details given. This reeks of false flag BS.

Re:

[Turkinolith]

By going public with "We found this out" we already told them that it's been identified so there is no real point in staying quiet about it. Unless it's just a fake "discovery".

Re:

[Z00L00K]

It could also be that the investigation continues into other brands.

Re:

[IWantMoreSpamPlease]

This assumes only one Chinese firm has been doing this, and said Chinese firm knows they are the only one doing this, then yes, the jig is up.
But if it's multiple firms doing this, and they don't talk to each other about doing this, then there is still a bit of question in the air.

Re:

[HiThere]

Yeah...but it also assumes that it actually ever happened. If nobody can check, nobody can validate. That lets them say anything they feel like.

If the government were more honest and trustworthy I might cut them some slack. As it is...my default assumption is that it's a lie.

Re:

[bagofbeans]

Agreed. It's just FUD without any backup. Meanwhile, how many brand new cars can't be remotely disabled by the manufacturer?

Re: Why not state which ones?

[SafeMode]

Mine can't because i removed the radio board onstar uses (not just the antennas). No ota updates...no remote access to anything. My phone via android auto handles infotainment. As god intended (since there is no aftermarket for such 'head units' anymore).

Re:

[Fly Swatter]

Look at the country of origin sticker?

Re:

[Z00L00K]

It's not a certain answer.

Re:

[itsme1234]

Yea, this. Plus they need to spell out what we're looking at, mostly everything nowadays wants some wifi connection and an app, and will most likely leak at a minimum everything you are doing with the device, plus what it can see around, your wifi password and so on. Also it'll have autoupdate ota capabilities enabled by default, so it can literally do anything they might want it to do at some point including to attack other machine, bound only by its hardware capabilities.

Re:

[Turkinolith]

Yeah my microinverters are all network connected so I'm not surprised there.

Re:

[Tailhook]

Evidence is needed, period. We did this not too long ago: big headlines about mystery chips from China in server hardware, subsequently debonked as fake news.

Independent, third party corroborated analysis, with names of people that matter attached, saying stuff in a full throated manner. If these leaks get us there then that's great, but until SECDEF or POTUS is standing in front of a camera with a device in hand, flanked by NSACIAFBI people, I'm not paying attention.

Re:

[Entrope]

We did this not too long ago: big headlines about mystery chips from China in server hardware, subsequently debonked as fake news.

And if you don't believe that can happen, I have a GREAT deal on pagers and walkie talkies for you! (For references, call Hezbollah.)

Re:

[Tailhook]

I believe it has happened. Given all the countless gear that has been manufactured under the thumb of the CCP/PLA, I'm absolutely certain there are real backdoors in Chinese made equipment and that has already been installed in Western infrastructure. The US did exactly this to Russia on more than one occasion. It would be almost irresponsible for China not to do exactly the same thing; they're practically obligated to do it, and not doing it would be weird.

All that being said, until you can rub my nos

Re:

[Junta]

Yes, it *can* happen, but as far as anyone can possibly tell, it didn't happen in the SuperMicro case. And the way the article described it was actually utterly impossible (they claimed a surface mount capacitor about the size of a pencil led was a spy chip, but that just can't work even in theory).

In this scenario, I wouldn't be surprised if a chip included otherwise happened to have WIFI capability, because it's easy to get an SoC with that integrated, even if the product goal is to not bother. Especially

Re:

[Baron_Yam]

If you're expecting real journalism in the US these days, I have some very bad news for you. Or maybe a bridge to sell you, depending on my personal ethics.

Re:

[Junta]

As far as I know, the followup was the industry at large finding nothing to back up their story, a lot of head scratching what the story could be, and one of their sources coming forward and basically explaining how the article writers had no idea what they were doing and completely misunderstood their conversations with him.

No one ever came forth with the explanation of the specific allegation about supermicro, but they botched their general research so bad it's hard to imagine they somehow managed to stum

Re:

[bill_mcgonigle]

It sounds like a planted psyop story by the MIC, pissed that they can't bomb Iran. Reuters is a tell as well as the lack of detail.

If there really are cellular modems in them, did they have SIM cards or eSIM's?

If so did they run the ICCID through the carriers and see who was paying to have them active?

Then follow the money. Any natsec investigator would have done these very basic steps.

Those would be in a real article.

If all of those lead to a PLA front group then we can call in to Houston with a problem. B

Re:

[gkelley]

The Chinese Large Dong model also can track usage and 3D movement data.

put up or fuck off

[drinkypoo]

They won't name them? Lying fucks begging for attention.

is it really a bad thing?

[FudRucker]

I have a solar panel and 1600 watt inverter and AGM batteries, and I wished like heck the inverter had a remote control so I can turn it on or off without getting up and going outside and opening the access panel on my camper trailer, but nope this couldn't be for something as simple as that, its for espionage or sabotage

Re:

[HiThere]

To be fair, if they're being that honest, it could be both. Many things don't just have a single effect. And what the purpose is then depends on what the purpose of the user is.

OTOH, I expect it will turn out to be mainly a lie. The current administration is so known for its honesty.

Ubquitous

[Dan East]

I don't know how malicious this is, or if China can exploit it, or even any hackers in general. The thing is, in this day and age many microcontrollers contain "communication devices" built in, whether they are needed or used. Like ESP32 microcontroller modules, that only cost a couple bucks each, have WiFi and Bluetooth built in.

There's strong incentive to use cheap generic microcontrollers for most anything like this now, and it's usually cheaper to use some generic mass-produced thing with extra capabili

Re:

[FudRucker]

or remote control was in the development stage but it failed to work properly so it was just abandoned

Re:

[tap]

I've designed many devices that are like this. Bluetooth especially is quite cheap now and it often comes with hardware chosen for other reasons. It wouldn't save any money to remove it. And if there's no money to be saved, there's no option to do it.

I'm at a trade show right now where we've built a device, functioning prototypes at this point, with an unused BT interface. It's got a cell modem, which was intentional and is used. And there's wifi, which isn't really an intended user facing product feat

Orly?

[CEC-P]

"The two people declined to name the Chinese manufacturers of the inverters and batteries with extra communication devices"
Okay, well fuck you then. Are they trying to cover for them? BURY THEM.

Re:

[PPH]

Okay, well fuck you then. Are they trying to cover for them? BURY THEM.

Or they are trying to cover their own asses. This could be the classic "unnamed sources" leak. They might not have authorization to speak publicly.

Or they are busy unloading their shares in the companies.

So what?

[Baron_Yam]

If the hardware has comms devices in it - even ones deliberately implemented in the hardware at the direction of the MSS - that's kind of just a waste of China's effort if the hardware isn't plugged in to a communications network.

But if your stuff DOES plug into a communications network, then presumably you're connecting a data cable or giving it a WiFi password. And you want it to connect.

So either it's nothing, or it's something you want - but probably somebody should be looking at which servers it calls

Re:

[Baron_Yam]

A cellular radio is useless without the ability to connect to a network. If there's a cellular network around that is accepting traffic from unregistered Chinese spy devices and routing it to China... you have a MUCH bigger issue than the device in the battery, you have compromised telecommunications infrastructure.

Destabilise power grids

[PPH]

How can we differentiate between a Chinese attack and our local utilities normal operations?

Undocumented != Nefarious

[thegarbz]

I can't help but note that no where in TFA does it mentioned that the researchers determined these devices were active or in any way connecting to something, just that they exist. They even note their own fearmongering saying the only issue here is one of documentation and nothing else.

I will bet a Marsbar this is nothing more than providing a standard product for economy of scale. Likely the same board is used by another manufacturer who does offer it with cellular otherwise remote access as a listed featu

Where have I seen this before? Hmmmm?

[douglasfir77]

All your power are belong to us!

Not worried

[fahrbot-bot]

Rogue Communication Devices Found in Chinese Solar Power Inverters

It's the ones from Hack [wikipedia.org] that'll really get you, not Rogue [wikipedia.org]. :-)

you have a feeling of loss ...

[znrt]

everything looks SO boring now!

Two people?

[marcle]

The only source cited for this story is "two people who declined to be named." No mention of what kind of agency or authority they came from. This is either crappy journalism, a plant, or AI. Maybe all three.