Secura, a specialist in the field of critical system security, has released a detailed analysis of vulnerabilities impacting the Omnik PV inverter.This inverter is widely used in the Netherlands, Germany and Belgium. As the vulnerable WiFi module is used by many vendors, these vulnerabilities may probably impact a large number of devices. In addition, the article shows that using these vulnerabilities on a large scale allows to design attacks that can act arbitrarily on a smart grid.

The vulnerable module

Named HF-A11, it embeds an eCos RTOS operating system providing several communication services such as HTTP, FTP, TELNET and network discovery features. A mobile app is available to communicate with the device via a Chinese web backend.

Two OTA (Over The Air) configuration protocols, HF AT Interface, and IOTService / IOTManager are available on UDP port 48899. This service is only protected by a hard-coded password in the firmware and is not re-configurable. For example, it allows to update the firmware, WIFI settings, HTTP service identifiers or to control the GPIOs of the chip.Some manufacturers change this password, however the extraction from different firmware could easily be automated.

Research in the field shows that the stability of the electrical network might be affected by the firmware modification of an equipment. An attacker might try to control the UPS output power to cause a drop in the overall power supply or to inject excessive power to amplify unwanted network conditions. In addition to bypassing network protection systems, such an attack would require scale, coordination, and a significant degree of sun penetration into the sources of power generation.

The Sentryo experts’ report

This analysis shows that communicating solutions originating from the IOT world are beginning to gain a significant foothold in systems directly related to the energy sector. On the one hand, this integration brings the traditional security issues of the IOT domain back to the energy sector, which can have large-scale implications. On the other hand, it raises issues of resilience of infrastructure related to the dependence and control of these by communication services located in foreign countries.

Sources:
https://www.secura.com/blog-iot-solar-inverter-and-trickle-down-vulnerabilities
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7805366