Hacking solar energy systems using Google Maps and weak links in the supply chain. 🪫☀️🔋😈♨️

Security researchers Anthony Rose and Jake Kranov presented a talk last year about cybersecurity vulnerabilities in solar power systems. At the time of the talk, the authors already had 14 confirmed findings and CVEs.

Modern solar setups (microgrids) rely on many internet-connected smart devices like inverters, batteries, and monitoring systems. Supply chain issues here are serious: many “US-made” solar products are actually Chinese-made and just relabeled.

In one case, a solar device the authors tested had a hidden “magic number” backdoor - if you sent the correct secret value, it would quietly enable remote SSH access for the manufacturer.

Especially interesting was seeing how Google Maps can be used to identify vulnerable microgrid setups and tailor the attack. Crazy cool idea :)

Enjoy the presentation! And please share it if you have people in industry among your friends and colleagues.

More details:

Rebadged, Relabeled, Rooted: Pwnage via Solar Supply Chain

Slides [PDF]: https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Anthony%20Rose%20Jake%20Krasnov%20-%20Rebadged%2C%20Relabeled%2C%20and%20Rooted%20Pwnage%20via%20the%20Solar%20Supply%20Chain.pdf

Presentation [Youtube]: https://lnkd.in/d3DY3CPU