The Dutch Institute of Vulnerability Disclosure (DIVD) has reported that two Dutch hackers have discovered six new vulnerabilities in Enphase IQ Gateway devices, formerly known as Enphase Envoy.
Wietse Boonstra and Hidde Smit of DIVD reported vulnerabilities to Enphase on April 17, 2024. Enphase responded the next day and began collaborating with the researchers. The vulnerabilities are being addressed and are expected to be resolved in the next product version.
DIVD said it continues to work with Enphase to identify the remaining vulnerable and exposed Envoy IQ gateways throughout the world, in order to facilitate the patching process. However, it said that a device is only vulnerable if the Enphase equipment is exposed “to an untrusted network, such as the public Internet or a home network.”
On Aug. 12, the Netherlands Enterprise Agency (Rijksdienst voor Ondernemend Nederland) released a report on vulnerabilities in Dutch solar energy systems. The study outlines three potential cyberattack scenarios on solar installations, involving actors ranging from hackers to malicious companies. It also evaluates mitigation strategies to prevent or reduce the impact of such attacks.
The three scenarios are summarized as follows:
- A ransomware gang could exploit cloud portals to take over accounts of large installers and extort solar park operators.
- Criminals might access and damage inverters through an online software update, especially if tens of thousands of inverters with default passwords are compromised by a botnet.
- A state-run entity could target supply chains, using cyber-weapons to attack vital infrastructure by seizing equipment amid rising geopolitical tensions.
“At DIVD, we sincerely hope that preventive measures will be taken to address vulnerabilities and weaknesses before a disaster occurs. We have already discovered and reported numerous vulnerabilities in charging stations and their backends,” said researcher Harm van den Brink. “And according to a study on the impact of a hack of the charging infrastructure by Berenschot, a power outage would cost us at least several billion euros per day in the Netherlands.”
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.