142

cross-posted from: https://scribe.disroot.org/post/10061950

Security researchers from the Chaos Computer Club (CCC) have exposed critical vulnerabilities in Hoymiles solar inverters that allow attackers to remotely control, manipulate, or destroy hundreds of thousands of solar installations across Europe. The Chinese manufacturer holds roughly 20 percent of the European microinverter market, making the security flaw a widespread threat to balcony power plants and small rooftop solar systems.

...

During experimental tests, a modified handheld scanner located two dozen foreign inverters and their identification numbers within 20 minutes. In Augsburg, Hunz identified 42 hackable systems within just one hour. The radio signals can travel several hundred meters, making it feasible to mount attack equipment on drones for systematic scanning of residential areas.

Once attackers have the serial numbers, they can switch inverters on or off, alter power limits, and inject malware through an unprotected firmware update command. Tampering with sensitive network parameters or erasing bootloader memory could lead to fires, electrical accidents, or device destruction requiring physical repair.

...

The CCC informed Hoymiles [which is headquartered in China] about the vulnerability in February but received no initial response. Only after the German Federal Office for Information Security contacted the Chinese authority CNCERT did Hoymiles react at the end of June. The company announced a security update for mid-October.

...

Archived

top 23 comments
sorted by: hot top controversial new old
[-] yggstyle@lemmy.world 1 points 42 minutes ago* (last edited 42 minutes ago)

Thats some impressive reporting from a news org utilizing an AI stock image that has no apparent ties to the content. To be fair I can't think of any obvious choices either.

I'll just take a peek at their publishers:

Damn. 404. (not that one)

No worries - follow the money! Let's see who your advertisers are...

404? The plot thickens.

About us! Surely they are going to describe their attention to detail, their quest for truth, and their refreshing lack of baises at this establishment...?

  1. Very well then. Keep your secrets.

There can only be one explanation for this. Obviously.

The dangerous hacker known as En Jin X. This would have never happened if everyone needed their ID online!

[-] rmuk@feddit.uk 5 points 6 hours ago* (last edited 6 hours ago)

I've set up a few solar systems (and, I agree, it's a pretty ambiguous name). Generally speaking, they're devices that include an MPPT charger (which regulates the power coming from the solar panels), battery charger, and inverter (which produces mains AC), often with a bridge rectifier that also allows the system to accept input from the grid, and a second inverter to supply power back to the grid. It a lot of kit in a compact package, so it's unsurprising that they come with apps to allow them to be monitored and configured and, sometimes, support for automation in, say, Home Assistant.

And let me tell you: the majority of these things are fucking horrendous. I've lost count of the number of cheap Chinese units - with brands like LCERRZOPX and JRXYLNG, or provided whitebox so a fly-by-night European companies with a name like TotalCharge Voltacon Solutions can silkscreen their own logo on - which are guilty of every IoT sin imaginable: no local API or connectivity; plaintext communication to a data center in China; apps that force you to sign up and sends your credentials in clear text; apps that have not been updated since they were released in 2013 and crash constantly; no interface other than that fucking horrible app; and so on. This might seem like a minor thing, but if you're depending on these things to run your entire house, you need access to that information, but I have to plead with people not to buy them because they're €50 cheaper than the equivalent from a reputable brand. These devices are susceptible to anyone with a copy of Wireshark, let alone the manufacturers or Chinese government, and they're just waiting to be exploited.

Incidentally, if anyone is looking at buying something like this, I can't recommend Victron highly enough. Aside from their kit being high quality, you can access every feature using Bluetooth either from their own app, or a number of other apps that support their published protocols including, of course, Home Assistant.

[-] Drekaridill@lemmy.wtf 8 points 7 hours ago

I'm drunk and need someone to clarify what a solar system is in this context

[-] Bebopalouie@lemmy.ca 3 points 4 hours ago

Ahh, so no special lasers heading off into space nuking other solar systems?

[-] Darkassassin07@lemmy.ca 3 points 6 hours ago

Specifically; this article is talking about the devices that convert DC power generated by solar panels into AC power that's supplied to homes.

Seems they're mostly talking about home installations, but this could effect larger commercial setups too.

[-] Drekaridill@lemmy.wtf 1 points 6 hours ago

Oh, that makes sense, I think

[-] Aceofspades@lemmy.ca 98 points 13 hours ago

Ok, we need to refer to them as something else. I thought we had a much bigger problem on our hands when I first read the title.

Thought I was having a stroke reading the headline.

[-] zod000@lemmy.dbzer0.com 21 points 11 hours ago

Yeah, I was legit impressed both with the brazen threat of the hackers as well as Europe for somehow becoming a galaxy spanning union.

[-] Damage@feddit.it 5 points 10 hours ago

The stars on the flag aren't stars, they're actually galaxies!

[-] HeyJoe@lemmy.world 35 points 13 hours ago

I read that same line 3 times before realizing this is not comic book villain bad.

[-] gdog05@lemmy.world 12 points 12 hours ago

This is some Men in Black shit I think

[-] eager_eagle@lemmy.world 22 points 12 hours ago

that's bad, we'll get a pretty bad reputation around the milky way

[-] Rhaedas@fedia.io 8 points 11 hours ago

Already had one, why else do you think no one has contacted us yet? Wouldn't you steer clear of this planet?

[-] YerLam@lemmy.world 6 points 11 hours ago

Mostly harmless.

[-] eager_eagle@lemmy.world 2 points 10 hours ago

I can't wait for the day they decide to build a hyperspatial express highway through our star system

[-] hornedfiend@sopuli.xyz 24 points 12 hours ago* (last edited 12 hours ago)

Article created using AI. Ultimate facepalm!

[-] tardigrade@scribe.disroot.org 15 points 12 hours ago* (last edited 12 hours ago)

Here is the article by CCC (in German)

Edit:

China Holds a Kill Switch to European Power Grids (May 2025)

Despite years of debate about supply chain resilience, more than 70 percent of world’s solar inverters come from Chinese manufacturers. The three biggest players – Huawei, Sungrow, and Ginlong Solis – are all Chinese. Here lies the first paradox: Huawei has been banned from a large portion of Europe’s 5G networks due to national security concerns, yet its technology is welcomed into the power grid.

[-] BottleBoardBakon@lemmy.ml 7 points 11 hours ago* (last edited 11 hours ago)

Why the hell do solar panels need wireless connectivity?

[-] Valmond@lemmy.dbzer0.com 1 points 13 minutes ago

So you can check out stuff on your phone?

Maybe?

[-] DevDave@piefed.social 1 points 6 hours ago

The inverters send status reports for tracking and auditing their production. unfortunately disconnecting some of these systems will cause them to go into standby mode after not being able to call home after two to three days.

[-] db2@lemmy.world 2 points 9 hours ago

Why would a toaster or a toilet? Or an ordinary vacuum for that matter.

[-] el3ctron@lemmy.ml 4 points 11 hours ago

please destroy facebook, Palantir or Elon Musk and Peter Thiel shit, not solar panels.

this post was submitted on 11 Jul 2026
142 points (100.0% liked)

Technology

86255 readers
3287 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS