Cybecrime: a backdoor discovered in photovoltaic control systems

Swascan, a company of the Tinexta group, reveals a vulnerability in the devices of a German player. CEO Iezzi: "Critical issues like these could have destructive repercussions on everyone's daily life" 09 Jun 2022 Veronica Balocco

"We have published a study on a zero-day vulnerability in photovoltaic control systems produced by a large German company. This manufacturer has thousands of customers around the world and an attack via the vulnerability discovered by our offensive team could have allowed Criminal hackers to take control of solar power generation systems equipped with the hardware in question and control them at will." This is how Pierguido Iezzi, CEO of Swascan, a cybersecurity company of the Tinexta group, comments on the publication on his website of a security warning regarding a backdoor in some photovoltaic monitoring devices. Swascan promptly alerted the manufacturer and the critical issue was resolved, but, as Iezzi recalls: "The combination of cyberwar and cybercrime has never been so strong as in recent months, often the line between criminal and cyber soldier is thin. Critical issues like these, in the wrong hands, could have concrete and destructive repercussions on everyone's daily life. The danger posed by the zero-day vulnerability should not be underestimated, just like the one discovered by Swascan's offensive team. The renewable sector is increasingly critical Alarming, then, that this critical issue has concerned a technology at the heart of the European strategy for energy differentiation capable of overcoming dependence on Russian sources of supply". Iezzi adds: "From wind to photovoltaics, the race has now begun, but this road could soon be undermined by retaliation and possible risks and threats of a cyber nature in order to create disruptions, total production interruptions or even as a geopolitical lever". It is not something unthinkable, just think that energy is often in the crosshairs, for example, a few weeks before russia's invasion of Ukraine in the United States an intrusion attempt by Criminal hackers was identified in several major suppliers and exporters of natural gas, including liquefied natural gas export operators Cheniere Energy Inc. and Kinder Morgan. "Even more critical – concludes Iezzi – could soon be the renewable sector that even more than fossil fuels relies on digitalization and 4.0 technology for the production and distribution of energy. In this case we were able to intercept the criticality and inform the vendor, but this does not mean that if this had ended up in the wrong hands the damage would be incalculable".