U.S. engineers have discovered mysterious, undocumented communication devices lurking in some Chinese-made solar power inverters and batteries Reuters reported.
“The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with potentially catastrophic consequences,” said Reuters’ sources, who spoke anonymously because they had not been given permission to speak on the record.
The story illustrates a security issue that has haunted analysts since the dawn of the “Internet of Things,” the sudden craze for adding Internet connectivity to all manner of devices, from household appliances to industrial machinery.
The number of devices broadcasting information online has grown exponentially since the turn of the millennium – and so has the danger that some of those devices could be spying on their users, or opening back doors into secure networks.
In the case of the suspicious Chinese power inverters, the devices were designed to connect solar panel arrays and windmills to power grids. They have Internet capability, so their performance can be monitored and their software can be updated easily.
Knowing this to be standard practice, the information technology teams at solar and wind farms set up firewalls as a precaution to prevent the devices from sending unauthorized signals. They also physically inspect equipment from China to look for bugs, and they find them with shocking regularity.
“The two people declined to name the Chinese manufacturers of the inverters and batteries with extra communication devices, nor say how many they had found in total. The existence of the rogue devices has not previously been reported. The U.S. government has not publicly acknowledged the discoveries,” Reuters reported.
These “rogue communications devices” could do a lot more than just spy on the American power grids that use them. Cybersecurity experts have long warned that hostile powers are very interested in targeting American infrastructure. Hidden Internet connections could allow an attacker to shut down power grids or damage sensitive machinery.
This is not a purely hypothetical threat. On November 15, 2024, users of inverters manufactured by a Chinese company called Deye reported their units suddenly displayed pop-up error messages and became “bricked,” or unusable.
Deye said the units were sold without proper authorization, outside of their distribution contracts for the Western hemisphere, and the simultaneous brickings occurred not because they sent a kill command over the Internet, but rather because the unauthorized units did not receive scheduled firmware updates.
Some users doubt the company’s explanation, and continue to believe Deye did use remote commands to kill the inverters. Whatever the exact scenario was, the incident was an unwelcome reminder for solar panel owners that their equipment could be controlled or shut down using the Internet.
Rep. Carlos Gimenez (R-FL) in the House, and Sens. Rick Scott (R-FL) and Maggie Hassan (D-MA), have introduced legislation to “decouple” U.S. companies from batteries made by Chinese companies. Cybersecurity vulnerability was listed as one of the most important reasons to move away from Chinese equipment.
“With our nation currently sourcing a majority of its batteries from Chinese-linked manufacturers, we’re subject to a major, unnecessary risk to our national security,” Sen. Scott said in February.
Other countries have also passed legislation based on the risks posed by Chinese power equipment. Lithuania passed a law in November requiring power plant operators to install cybersecurity defenses to prevent tampering with their Chinese hardware, as occurred in the Deye incident. The law banned Chinese manufacturers from remotely accessing systems they supply to Lithuania.
Some U.S. power companies, notably including Florida Power & Light (FPL), have launched their own initiatives to minimize reliance on Chinese power inverters and batteries.
China is the largest supplier of inverters by a significant margin. One Chinese company, electronics and telecom giant Huawei, accounts for almost 30 percent of the global supply, although it exited from the U.S. market in 2019 after its 5G networking hardware was banned.
