TÜV Rheinland exposes inverter, battery hacking vulnerabilities

2017 saw concerns arise about residential battery storage systems and safety concerns regarding whether they are suitable for installation within the home. While these regulatory issues seem to have been resolved, TÜV Rheinland has now demonstrated that vulnerabilities exist within PV and distributed battery inverters.

The testing and quality assurance laboratory performed a series of experiments where it looked at whether inverter software could be accessed by hackers. The results even surprised the TÜV team, with hackers being able to penetrate battery systems with relative ease, and change critical settings.

“We found that it is possible to hack the PV inverter [within the storage system] in about half a day,” said TÜV Rheinland’s solar and fuel cells laboratory head Roman Brück. “This means getting into the software, changing that parameters, and the phasing between voltage and current.”

Hacking of inverters could also have serious implications for grid operators, the TÜV team reports. Not only could hackers mask the charge status of a battery system, it could cause inverters to feed power into the grid when it should not, or equally switch off when power is needed.

In a worst case, such manipulation of electricity feed-in could force grid frequency to spike or dip, potentially causing blackouts – TÜV warns.

TÜV Rheinland presented its findings earlier this month at the Energy Storage Europe conference. Brück reports that some attendees at the presentation were “shocked” by the findings.

Inverters and battery management systems (BMS) include communication hard and software that facilitates communication between a PV array or battery system and the grid. These systems can be a point of vulnerability, if hackers are able to gain access.

The TÜV Rheinland tests applied a number of approaches when hacking the PV and battery inverters. It first used “brute force” to attack the inverter software. It then sought to access the software systems by “stealing” passwords. A third approach, that it is still investigating, is to log onto the FTP server – which could then be used as an access point to introduce malware.

While the third approach may take a number of weeks to complete, the TÜV team was struck by how quickly the other approaches were effective.

“To hack the entire system would only require one day, the firewall [within the home] and the software of the inverter,” said Brück.

“At the end of the day you can bring the battery management system to a status that is very critical, in terms of battery safety,” Brück told pv magazine. “It can be manipulated to show that the battery is full, when actually it is very low. When you rapidly charge an exhausted lithium-ion-battery, it can become is like a ‘bomb’.”

Brück says that as battery software and hardware configurations vary between manufacturers, it is unlikely that all systems are as easy to hack and control. He suggests that some systems have a higher degree of protection built in, although it is too early to say at this early stage of investigation.

While TÜV Rheinland is currently formulating its service offering to test for vulnerabilities to hacking, one manufacturer has already expressed interest. “But it needs to be checked on a case-by-case basis, because of the structure of the [individual] battery systems,” said Brück.