Rogue Chinese communication devices found in Solar inverters.

[rogerheflin]

I'd say the opposite. You don't care about the homeowner who would have to just throw a bypass switch to disable it. You REALLY care about the 5% of equipment in mission-critical installations (energy, security, aviation, railroad etc) that have been firewalled to prevent you from doing just that.

90%+ of those homeowners may not have a bypass switch and if they do, do not even know what/where it is and even when/how to use it.

firewalled mission critical typically has rules to ALLOW the devices to talk to the manufacturer in all but DOD/DOE isolated networks. I used to work in mission critical (and I have done work on NNSA DOE isolated networks) and all but the truly isolated had rules to allow their critical devices to call home to the manufacturer for the hardware (typically could not get to the data easily--but would be able to disable/turn off the hardware).

If one was to drop a decent % (say even 25-50%) of the solar off the grid at about the same time that will cause the entire grid to go into blackout. Nothing would be able to spin-up fast enough to stop all rest of the solar and the big generators from disconnecting, so you end up with a grid restart similar to what Spain had a few weeks ago.

 

[Andrewr05]

...

After the stunning supply chain based attack that happened in the Middle East last year, it is very surprising to me that people are still skeptical that this kind of thing can and does happen.

I was wondering how long it would take for someone to bring that up.
That wasn't a hidden microchip though.
That was literally explosives.

 

[Brucey]

...I was wondering how long it would take for someone to bring that up.
That wasn't a hidden microchip though.
That was literally explosives.

Apparently very well concealed couldn't be detected on cursory examination.

 

[Brucey]

The supermicro article was similar to the new article, it was light on details, did not have any sources except crap like "some guy my brothers wife knows said...".

In the supermicro case the implanted chip was connected to the BMC. Too embarassing for the CIA etc to admit they had dodgy servers.

The Long Hack: How China Exploited a U.S. Tech Supplier

Former officials say both hardware and firmware were tampered with.

www.bloomberg.com

 

[sumpower]

LOL, the extra semiconductors must be to brick the inverter in case of an emergency. LOL

 

[Johneb]

I’m pretty sure anything they got off of my Internet would either discuss them or put them to sleep.

 

[rogerheflin]

Apparently very well concealed couldn't be detected on cursory examination.

It was reported that they did more than a cursory examination. But it was reported that the people concealing the explosives knew the other side's examination/testing processes and hid the explosives knowing how the device was to be examined/tested.

In the supermicro case the implanted chip was connected to the BMC. Too embarassing for the CIA etc to admit they had dodgy servers.

The Long Hack: How China Exploited a U.S. Tech Supplier

Former officials say both hardware and firmware were tampered with.

www.bloomberg.com

They also (at the time) showed photos (and called out) the ethernet signal conditioners (ie filter chips) between the network chip and the wires. The fact that the article called out a piece of hardware to be part of the hack is rather uninformed since most applicaiton data is already encrypted by the time it gets to this piece of hardware.

And from the BMC side it is difficult to get access to data, and the BMCs are underpowered (HPE's 100mbit connected BMC was overwhelmed by a client's broadcast traffic--about 70k pps of 70byte packets from some sort of mis-configured facility environmental control equipment). But the BMC could easily disable/turn off a lot of hardware. And typically the BMCs I have seen are most of the time on their own network.

It is also clear that a non-motherboard manufacturer/designer company has zero idea how every last thing on the boards work. I have worked with alleged "OEM" that were OEMs 20 years ago, but now are just assemblers of parts that others designed possibly from their specs (HPE, and probably DELL). They are so far removed from making the sausage they have no idea what is really involved anymore and anyone working at the company that at one time knew anything about the details has long since been fired or retired, so they would have no ability to look at the board and know that this or that chip was not needed.

Everything is part of a hack when you don't have the slightest idea what any of it does anymore.

 

[ASword]

One thing to keep in mind with home automation is that there are a ton more ac automation controls out there than dc controllers.

All of my lighting on my newer homes have the controller as the light switch itself. These controllers are ac only.

Especially for zigbee devices which I use for 90% of my home automation.

Agreed. But a homeowner having a blackout (until he gets to the bypass switch) does not cause nearly as much havoc as, say, taking down an Air Traffic Control ARTCC.

But thousands of inverters programmed to bypass any safety measures and cause fires…? If the goal is to strain national resources in a critical time, that would contribute to. Devices like these are at the mercy of software.

 

[jharrell]

Was interesting they mentioned the Deye / Sol-Ark incident in the article as sort of an example of the problem:

In November, solar power inverters in the U.S. and elsewhere were disabled from China, highlighting the risk of foreign influence over local electricity supplies and causing concern among government officials, three people familiar with the matter said.
Reuters was unable to determine how many inverters were switched off, or the extent of disruption to grids. The DOE declined to comment on the incident.
The incident led to a commercial dispute between inverter suppliers Sol-Ark and Deye, the people said.
"Sol-Ark does not comment on vendor relationships, including any relationship with Deye, nor does it have any control over inverters that are not branded Sol-Ark, as was the case in the November 2024 situation you referenced," a Sol-Ark spokesperson said.
Deye (605117.SS), opens new tab did not respond to requests for comment.

My thoughts as a software developer are that this is concern and should be looked into seriously but probably not as organized as you think, more of a Hanlon's razor situation. Big issue I see going forward is the firmware is written by Chinese programmers and would probably be more difficult to read even if given the source code. I have run into this a few times, historically all source code was written using English characters and variable names and everyone followed this, now I am starting to see source code written using Chinese characters and is much harder to follow (still will be a standard programming language for now).

Sol-ark or EG4 or whoever probably doesn't have anyone who can understand the firmware fully even if they where given access to the source code, this is a Sino-inversion where previously they copied and used and wrote in English source now I need to learn Mandarin to keep up, I am sure this goes for hardware and manufacturing even more now days.

I now have a Sol-Ark working very well but it damn well has a manual bypass if needed and I am debating whether to keep it connected to the supposedly US cloud or firewall it or just remove the dongle and rely on local admin and solar assistant.

 

[robby]

As someone who is very wary of China I still find this article to be lacking in any detail and sounding more like a Political Hit Job.
Either Tell me what Inverters have these chips or don't bother to bring it up. It's just like the Democratic hit jobs that starts off with "An anonymous source" told CNN that...

I have seen in the past where they have made claims of hidden communication devices being found in devices when in fact it was a Bluetooth radio in a chip that was not even being used by the designer.
Lots of IC's today have all sorts of extra features built into them like Bluetooth. It does not mean that there is any code running to enable it or that an antenna is even attached to it.

 

[Will Prowse]

My YouTube email is getting spammed with these articles. None of them have evidence or brand names. Seems like an orchestrated effort. Huawei was the only brand I think that had a back door that was exploited. If anyone has proof that the other brands are doing this I would love to see it.

It's not if, but when this will happen though.

 

[Will Prowse]

Or not:

Huawei: Our inverters are not a cybersecurity threat

Huawei has defended the security of its solar inverters in the wake of calls from a group of US senators for them to be removed from use in the States.

www.pv-tech.org

Until I see actual evidence of it, I'm not believing anyone. Strange these were all posted today.

 

[Will Prowse]

You could easily hide an antenna or SIM card in these devices. First person who finds one, I'll make a video that day

 

[Steve777]

I think they are missing the point here. Sure there is some equipment that a "spy" might want to put a hidden transmitter/receiver into so that they would have nefarious access. But it's like those people that are concerned/paranoid that someone has put a tracking device on them. Why bother to go to the trouble, you pay 100s of dollars for your own tracking device, your cell phone, that you carry around all the time; no need for another.

All the internet connected inverters and devices fall into that category. No need to build in a special back door for access, the owner will plug it into their internet connection for us. And it works, as the whole Deye/Sol Ark saga showed us.

 

[aussiesam]

No need to build in a special back door for access, the owner will plug it into their internet connection for us.

Found the spy.

Jokes aside, that's how I read it as well, they have backdoor access to your inverter (and your home network) which in itself could be dangerous. If you had backdoor access to thousands of grid connected inverters and could program them to perform as a botnet you might be able to make them all send power to grid at the same time, or charge at maximum load during peak hours, significantly increasing demand / overloading the grid, which would cause a blackout.

 

[zkkxzd]

That's trivial though? You can activate a cell radio from anywhere over the Internet. It's standard practice

They'd still need a SIM, IMEI, and paid subscription with a US cellular operator.

 

[BerndL]

They'd still need a SIM, IMEI, and paid subscription with a US cellular operator.

Sims are mostly virtual now, IMEI comes with the device, and there's piles of corpo Internet of Shit device cell services.

 

[Andrewr05]

I will preface this by saying that I do not fully understand anything that I'm about to say.

But I would imagine if you are already "illegally" planting cellular devices into a piece of electronics that you really aren't going to care about right and wrong.

I'm willing to bet that in this case since you don't really give a shit about the legality I wouldn't be that hard to piggyback off the device even with no service.

The US has a requirement that all cellular devices retain the ability to still operate to contact emergency services even with no SIM card and no plan attached to the device.

Especially if all you're doing is just sending a "kill" command or something like that.

 

[teal95]

They used the cell network to get all the data from the spy balloon that Biden refused to shoot down until it had crossed the entire US.

 

[RzrProR]

You could easily hide an antenna or SIM card in these devices. First person who finds one, I'll make a video that day

We all appreciate the fact that you have been tearing this stuff down for years now to give us half chance of knowing anything regarding these matters. I wish that more would to spur more generous offers such as the above.

 

[RzrProR]

The US has a requirement that all cellular devices retain the ability to still operate to contact emergency services even with no SIM card and no plan attached to the device.

Yeah I'd like someone up here to explain how this does not apply to all units with the only other missing piece needed yet already built in... a battery. And how small is that little widget?
Great point.

 

[EPicTony]

LOL, the extra semiconductors must be to brick the inverter in case of an emergency. LOL

This is easy to do with an unsecure internet connection. There is no way to "inspect" inverter software for security issues or self destroying code. This is why my wifi dongles are not used or connected. 485 all day for me.

 

[DPC]

Huawei was the only brand I think that had a back door that was exploited

That company is a security risk.
Nortel was so deeply penetrated by Chinese gov and Huawei spies they were introducing copies and modified version of stuff that Nortel had not even started to sell.

These are not back doors these are intentional built in devices that allows China to penetrate communication systems.
They didn't invent this type of spying, they just got better at it than people expected, and they got caught doing it.

The story of the photo copier for example

How did the CIA work with copier maker Xerox to snoop on Soviet confidential documents?

During the Cold War, when the Western countries' capitalist/liberal camps and the Eastern countries' communist/socialist camps clashed with each other, intelligence agencies in each country were working to collect information on the enemy camps. The Central Intelligence Agency (CIA) , an...

gigazine.net

Literally everyone spies and looks for ways to penetrate and manipulate other governments.
You don't think of Canada as source of industrial espionage.
But this shit happens all the time.

Canada caught spying on mining companies in Brazil - The Navigator

Danilo Barba & Karen Nickel The Dialog Toronto (CUP)—The mining sector in Brazil is estimated to bring in over $1.5 billion for Canadian mining companies per year according to the Canadian International Development Platform, which tracks Canadian investments by commodity and country. This might...

thenav.ca

 

[HighDesertDrifter]

(Putting on my thin tinfoil hat...) Senario: two of the world's largest trading partners. One has the heaviest industrial base on the planet, sells inexpensive products the other wants to buy with it's dwindling wealth base. Both are also potential enemies.

If a real war broke out between the two, it would be highly advantageous for the seller to have secret poison pills buried in infrastructure they sold to that potential enemy. Especially if that electronic cyanide could be remotely activated.

(Removing my thin tinfoil cap)

That's not a tin foil hat idea, but a well planned scenario bit of preparation for superior military capabilities, if a war ever broke out in reality. imho

Watch for proxies to get it all going, as the two big boys don't want fingers pointed directly at them.

Or, we may all sit around the campfire one day and sing Kumbaya.
Really, which do you think is more likely?

 

[jeeptj12]

They don't need to rely on the US cellular network to communicate. They could use a direct to satellite. This was this concern with Huawei using Beidou short messaging. Iridium 9603 was the smallest module available.

Iridium 9603 Module

The innovative Iridium 9603 module combines the global coverage of the Iridium satellite constellation with the low latency of Iridium Short Burst Data.

www.iridium.com

You also have globalstar.

Business IoT Asset Tracking Devices | Globalstar | US

www.globalstar.com