Solar Heat, Cybercriminal Entry Fits: 35,000 Solar Devices Exposed to Botnet Risk
- Javier Conejo del Cerro
- hace 3 días
- 2 Min. de lectura

When solar energy meets poor cybersecurity hygiene, the result is a perfect storm.
New research by Forescout’s Vedere Labs reveals that over 35,000 solar power devices—including inverters, data loggers, and gateways—are currently exposed to the internet with default credentials, outdated firmware, and open management interfaces. These vulnerable systems, spread across 42 vendors, represent an urgent threat to the stability of modern power grids.
The Victims: From Rooftops to Regional Grids
Most of the exposed devices are concentrated in Europe, particularly in Germany and Greece, where solar adoption is high. The victims include:
Residential installations using uncertified devices.
SMEs powering operations with solar gateways.
Solar farms with unsegmented, internet-accessible components.
Devices such as the SMA Sunny WebBox and CONTEC SolarView Compact are especially prominent. The latter saw a 350% increase in exposed units and was even exploited in Japan in a real-world bank theft incident. Many run outdated firmware, often carrying known, exploitable vulnerabilities such as CVE-2022-29303, a command injection flaw actively targeted by botnets.
The Breach Procedure: Shodan is Enough
No zero-days. No sophisticated APTs. Just Shodan, misconfigurations, and bad defaults.
Attackers scan for web interfaces left exposed online—interfaces often protected by default passwords or no segmentation. Once located, they exploit:
Command injection flaws
Remote access portals
Unpatched firmware
From there, attackers drop malware, move laterally into internal networks, or integrate compromised nodes into botnets. Some targets become proxies for DDoS attacks; others serve as footholds into larger energy infrastructures.
The grid itself is increasingly fragile due to inverter-based systems lacking traditional mechanical inertia. Any destabilization—especially a coordinated one—could lead to outages like the recent blackout in the Iberian Peninsula, which disrupted transport and payment systems.
How Goldilock Neutralizes the Threat
Goldilock’s FireBreak™ offers a radically different approach to defending critical infrastructure—by physically removing it from harm’s way.
While most security tools only monitor threats or attempt to block them through software controls, FireBreak™ physically disconnects exposed assets from the internet—instantly, remotely, and without relying on IP-based communication.
Goldilock provides:
Out-of-band control via non-IP SMS commands.
Physical disconnection and reconnection at the port level, in seconds.
Protection for any IP-connected asset, including SCADA, PLCs, solar inverters, and gateways.
No need for patches, upgrades, or training.
It combines the security of cold storage with the speed of hot storage, drastically reducing the attack surface without compromising operational flexibility. And because FireBreak™ operates outside the IP layer, it remains invisible to attackers scanning for reachable devices.
תגובות