Electryone: in the land with no sun

hello everyone uh my talk today is electrion in the land with no sun which apparently I have decided to propose and present in the country in Europe that has the most sun sign in the world so why not uh this is not really relevant and you're going to see later on because uh that talk was developed to have some zero days in it but I was convinced not to include those zero days that's me H my name is m SAS I'm the CEO of Regulation Tex St T which is calledo for the time being uh I've also decided in my 40s that I want to pursue a PhD my research interest is mainly API for iot and

iot uh devices and web application security you can find me on EV stickers as e stickers home space current site and you can also visit my personal website which usually has my research I'm going to jump most of those slides this is how photovoltaic panels what is a photovolatic panel what you want to know is that the solar PV panel consists of many cell made from layers and other strange stuff that I don't really understand another don't want understand uh the solar PV panels are made of several panels they have a generating around 355 watts of energy and more stuff uh we are going to talk about the inverters in this St uh the inverter is

uh a type of power inverter which converts current DC to AC and it can also be easily attacked from the cloud I don't really understand how they work what they're doing or what's the point of everything in there uh the solar pan installation can be divided into two categories the one is the home installation which we see in greas in a lot of rooftops and they're between 1 and 10 Katt they're on the roof installations uh and the other one is plant installations which can go from 200 Kow to 20 megawatts and as with everything in a capitalist country we're trying to maximize the profit and minimize the costs in uh this is the projection that the

solar Market is going to take it's going to be uh 250 billion dollar globally by 2030 and this is uh the the reason that we see everything in the EU going uh green there's a European green deal that has uh three goals known at emission of greenhound gases by 2050 economic growth the coupl from resource use no person and no place left behind the main thing that you want to understand is that 1/3 of the 1.8 trillion Investments is going to be directed towards the green uh wave uh the solar market right now that's a little bit outdated right now it has 23 million current installation they are being used by a lot of bik

label Cloud providers that provide generic implementation that are used by Third parties we have a lot of several big players they're mainly Chinese companies and we all know that this means that they have Russ Market issues and they're trying to cut the Green Wave so we can see a lot of issues this is uh Our Generation from the net zer scenario it says that they want to reach 7 million uh GS uh per hour and this is the current uh wordage sty how they are generated how much power is generated and how much power we consume in 2021 so the solar fights uh what are the solar panels we have H generate the goal is to generate more than a terab

globally it's cheaper to produce it requires uh low to no maintenance can run on supervised but the tricky part is that as with everything in energy it's really expensive to store so it's easier to just throw it in the grid you really don't understand what means throwing to the grid because there are a lot of attack vectors that nobody really cared about they always care about Max profits let me introduce you a scenario that was anded by really nice Belgian guy that ioun his name I'm going to try my William and I'm sorry about the Tex there only text the par needs to maintain a constant balance there are certain sorts of counter measures and

what we need to take care of is that there is a maximum people value period of time if an attacker is to go beyond maximum or deep value outes will occur the thing with power GDs at least in Europe is that they are very in their be which means that if you take down the power grid of Greece or the power grid of Serbia you probably will take down all the barits of BS that's also the case for Germany if you take down the power Germany it will probably have a domino effect that will take half of Europe's power GS out this is the theoretical proof of the horror scenario you can go to the horror

scenario thatc andc and how the expected solar electric electric output H went really down on an eclipse in Germany there is also mathematical model really don't really understand what's going on it just proves that uh the German power Grint that was uh from time to time up to 50% of its power demand uh were only using uh P installation could be taken down by a single uh attack that he did uh in Greece uh the past month I saw a lot of news that were saying that uh the a renewable not only PV installations power was 100% for a couple of days so this is a really uh po scenario in GRE what uh uh William did in hor

scenario he did a lot of CVS on one uh inverter the SMA which is the rollsroyce of inverters they he chained them to get RC he got RC on those devices he could fearful with its devices to destabilize the the big issue with his uh attack is that he needed physical access to get uh that CVS now I'm presting electrion unfortunately because Cloud I cannot take any CVS but there's also no need for physical access we could break and mass around 5 million uh devices it's inverter agnostic so you could do whatever you want on whatever inverter is connected to set clouds and we are looking at a little bit over 500 GB per hour it's quite easy what I did I found

a demo account I register a new account I found the obvious web issues and then try to find a way to control the devices by exploiting uh those issues what did I get as a result uh on the left side you can see the Cloud name and on the right side you can see what what I did so solar man I only got platform I been I couldn't uh update the F this means that I couldn't take down the whole uh inverter sink Sola grat ninjacon I got platform admin and I also got a fare update which means it was game over I could take down the inverters I could make the inverters go to into flames

I could practically do anything I wanted if I had the firmware uh capability uh the ability to create a proper F it's I don't possess and I don't want to possess anything my life the other result that I had was this kind of advertisements all over my home for the past 6 months I Google and Facebook believes that I'm really interested into installing inverters so I keep seeing this disclosure so that's a tragedy unfortunately uh the disclosure had full technical information I tried really and I mean really hard to get any reaction more than 90 days P 9 months ago right now we're at the 9 months thres only one vendor responded inducted on the disclosure I tried email

I tried twit I tried phone calls nothing solar one was the only one that responded and fixed in 5 days sunn I got no response at all Sol responded on my emails and sent some Twitter DMS after 5 months and then L of Silence gr asked me where I'm from and that's the only thing so the respon was where are you from I said grece and then I didn't care I guess and did they had no response at any point so as I said in the previous slide this was supposed to have a lot of things yesterday and the day before yesterday I had several calls with people who I totally trust and respect in uh in the industry people like our

King speaker and they convinced me in both CS in their emails that as we had a war in Europe it wouldn't be a good idea to handun to a lot of people ways to take down pards of the Europe so sorry not sorry but that deserves an Applause

at have the providers act on the reported vulnerabilities for once prove that you can control gab of power effectively destabilizing C power GDs help avoiding Global outages I don't know World P make work a safer place and convince Chinese vendors that they need to fix their things what did I found idor idor RCA broken authentication broken authorization Ider and missing the whole concept of authorization certain CL what did I get as a result from data lots and I mean lots of personal data access to administrative accounts and panels ways to manipulate and break panels ways to make the pan to make inverters go up in flames and access to internal networks because as you can

understand those were network devices so once I had a cell in that device I also was able to access in Networks which I did not but I had that uh opportunity what uh the power generation the of the cloud claim so what they are claiming to generate solar one is on 160 GBS sans6 is 110 SX 140 grat is big elephant in 300 GBS and none is really small on 30 G but just as a as a thing 30 GB is what Larisa is is needs so this is not the small uh amount of power I also know that I have missed several clouds uh my goal was not to own everything that was there

my goal was to prove that we have an issue as uh as an industry all together and not own everything first one is solar man they are really big uh they have the N door on the user ad functionality you could add a user with any privilege on any group uh groups and organization were consecutive integers so as from I understand you could add anywhere anywhere uh you could have full functionality of the application you could access all the data OB show poal gdbr violation and you could get the Inon plans and power generation the disclosure and that's the only one that is good they had an excellent response they fixed in 5 days and they

chase verification so that they could know that they did something wrong but they fixed it next is Sing Sing is probably the biggest white label you will see their backing used by a lot of third party companies so you might have something like solar gr or solar.com they they have Sun as their backend and I have ID pretty much everywhere I'm not going to present but if you want go take a look you're going to see the iders [Music] everywhere uh what I could have it's full functionality of the application potential cdpr info interact with the plants firmware update back to the network platform world domination I don't know you can do whatever you want

and we are talking about 2 million installations I think you can see here this is Gateway firmware this is notification so you could send the notification to everyone and saying I don't know your inverter is huged and uh that's the disclosure I dried really hard I sent emails I I even phon them I didn't really understand what I was saying so yeah uh next one is the big one is gat unfortunately uh they didn't provide a demo account uh they didn't provide uh they he didn't provide you a way to register an account but then they wanted your C member uh my CFO is here and she really disagreed with me buying uh an inverter just to hack it so I had to

bring the big guns and use Google so I used Google I found the serial number I attached it that that guy was selling his uh PV I then removed him he was okay so I found the PV I installed I added it to my account and then I had full functionality to of the application and I mean for everyone's Inver there now there's potential gdpr violation in the r of the pl or domination take down everything etc etc so that's their thing dear customer due to the spring festing holidays we can reply anything in time thanks for your understanding that's on 26th of January my first email was I think in October so they had enough time I don't

think that it was the festive holidays and that's the thing would you advise which country you're from because if you from Greece I don't really care but if I was from Germany I guess they would answer again disclosure nothing solux is uh really unlucky because they're really good all the things were together where their city was together really secure really everything they only had one idle but that Idol was really really critical so full functionality of the application you seeing the same slide over and over again because they having the same vulnerability over and over again uh you can see here it's 21,000 pages so that's a lot of inverters uh you can also see some more

inverters I don't know I don't I really lost count of what's going on again in here thank you for conducting solx we are extremely busy they are extremely busy the past year because I've trying for a year to uh to communicate with them I never answer so I reached out in Twitter I'm going to see in here which email I have sent several emails which emails blah blah blah this emails let me check that was let me check on February he he or she still checking intin was a really interesting one there are missing the basic concept authorization so you could do whatever you want with whereever want they just wanted to be for you to be able to have

an account but you can register and then you could just say now I'm the owner of ID number five and you are the owner of ID number five all IDs are consecutive IND so you can obviously enumerate again the same slide sorry about being repetitive and over and over again but it's the same thing I could do whatever they want wherever I want and it was really really good you can you can see here run storage they also have a really really interesting thing that says terminal and you open up a terminal from the web interface that you can install whatever you want because it's Dean uh devices yeah I really tried with them they're just dead they didn't answer

with anything they didn't do anything I don't care what could you do as a prevention uh you could go with the provider that we LA on props you don't know what you're going with but there are strong indications of what is going to happen when a vulnerability is on because vulnerabilities will happen I'm not saying that there are vendors that are not going to do uh vulnerabilities they're not we need to uh pursue going with people and with vendors that do care about the vulnerability try I devices on their own Fons but let's be honest if I could uh get your inventor on fire you wouldn't care about without being on their own how can you help and that's where I

really want your help if you have a Twitter account those four are the people are the companies that never ever responded or they just IGN please tweet to them and tell them that you have a vulnerability in your system please act on it please fix it please reach out to me I have reached out more than uh 10 times a which so they should have my email and we should be able to we should want to fix it all together thank you

and h