1、#BHAS BlackHatEventsA Closer Look at the Gaps in the Grid:New Vulnerabilities and Exploits Affecting Solar Power SystemsDaniel dos Santos,Francesco La Spina,Stanislav DashevskyiForescout Technologies#BHAS BlackHatEventsWho we areDaniel dos SantosFrancesco La Spina#BHAS BlackHatEventsPart 1:Motivatio
2、n and Background#BHAS BlackHatEventsWhy analyze solar power systems?Image sources:https:/en.wikipedia.org/wiki/Growth_of_photovoltaicshttps:/www.ief.org/news/the-remarkable-rise-of-solar-powerhttps:/www.iea.org/news/how-solar-energy-could-be-the-largest-source-of-electricity-by-mid-century#BHAS Blac
3、kHatEventsOverview of solar power systemsUserManufacturer cloudInverterSolar PanelsPower GridCommsdongleMobileappSolar PV panels generate DC power,which is converted to AC by invertersThese inverters are grid-connected andcloud-connected IoT devicesEnable remote monitoring and managementSometimes re
4、quire an extra dongle/data loggerLarge attack surfaceInverters(comm dongles)are not supposed to be accessible directly via the internetHowever,they are managed via the vendors cloud,web apps and mobile appsLots of other components we dont include in this talk:batteries,EV chargers,etc.HTTPMQTTModbus
5、Web appNetworkSerialElectricLegend#BHAS BlackHatEventsExample 1:Growatt architecture and appImage source:https:/ BlackHatEventsExample 2:Sungrow iSolarCloudImage source:http:/:8181/docs/a1-0/d3.md#BHAS BlackHatEventsExample 2:Sungrow iSolarCloud App#BHAS BlackHatEventsExample 2:Sungrow WiNet-S dongl
6、eRemember that they should not be accessible?2,600 with exposed HTTP server on ShodanThousands more similarly exposed from other manufacturersMillions more managed via apps/cloudsImage source:https:/ query:https:/www.shodan.io/search?query=http.favicon.hash%3A792201344#BHAS BlackHatEventsSolar power