Professor Smaragdakis was interviewed about hacked solar panels

In April 2021, Jelle Ursem, a Dutch hacker, found out that the login details of a power inventor manufacturer were only in plain text! A power inventor is a power electronic device that converges direct current (DC) to alternating current (AC) and is a critical part of solar panel installations. An investigation found that more than 40k power inventors of this manufacturer are already installed in the Netherlands. Modern power inventors are connected to the Internet, and users can remotely access them using a login and a password. The database of users of this manufacturer was hacked, and the credentials were leaked.

“It is unfortunate that users were unaware of this hack as they should have been according to GDPR. Suppose a hacker take access to the power inventors installed at homes. In that case, it is possible to tweak hardware software, and you can do bad things,” says Georgios Smaragdakis, professor of cybersecurity at TU Delft. By taking remote control of the inverter, it is possible to switch it off, stress the battery storage, or add instabilities in the power grid operation when the number of compromised devices population is large. “With tens of thousands of devices, probably scattered all over the Netherlands, it was really hard to damage the power grid in this case,” says Professor Smaragdakis. “You will need hundreds of thousands for that, but maybe this will be the case in the next years if a more popular manufacturer is hacked. Unfortunately, other Internet of things devices, e.g., smart TVs, voice assistants, and surveillance cameras, that are connected to the Internet have similar vulnerabilities. It is crucial to increase public awareness about the problem and work on solutions to protect users' privacy and security of critical infrastructures like the power grid".

Read more in RTL Nieuws (Dutch)