Ningbo Deye solar inverter exposed, system loopholes hide hidden dangers?

【ITBEAR】According to news on August 10, the network security company Bitdefender recently released an important report, revealing a series of serious security vulnerabilities in the solar inverter system produced by Ningbo Deye (Deye) Company. Once these vulnerabilities are exploited by hackers, they may have a major impact on the stability of the regional power grid, and even cause large-scale power outages or infrastructure overload explosions, with disastrous consequences. The report shows that Ningbo Deye Company’s solar inverter systems are widely used in more than 190 countries around the world, covering up to 10 million power generation facilities, with a total power generation of 1.95 billion kilowatts, which accounts for the world’s total solar power generation. One-fifth of the volume, showing its huge market share and potential impact on global energy supply. According to ITBEAR, the vulnerabilities discovered by Bitdefender are mainly closely related to improper management of multiple credentials (Tokens). Hackers can obtain the highest management rights of the inverter system through at least four ways, and then tamper with the inverter configuration. Specific vulnerabilities include: OAuth authentication vulnerability, which allows attackers to generate valid credentials for any user and take over user accounts; credential reuse vulnerability, which means that credentials signed on one company's platform can be used on another company's platform, increasing the number of hackers The scope of the attack; the problem of excessive information exposure, where certain API endpoints of the platform leak too much organizational information, such as email addresses and phone numbers, allowing hackers to carry out social engineering attacks; and the problem of hard-coded account numbers, where there is an owner inside the device Hard-coded accounts with the highest privileges but unchangeable passwords provide hackers with direct access to all devices.

Bitdefender emphasizes:

1. The exposure of these vulnerabilities highlights the vulnerabilities in the cybersecurity of critical infrastructure such as solar power systems.
2. Relevant manufacturers and users must take immediate action to patch vulnerabilities and strengthen security measures.
3. Bitdefender has reported the vulnerability to Ningbo Deye Company, which has taken measures to patch the vulnerability. -->

Bitdefender emphasizes:

1. The exposure of these vulnerabilities highlights the weaknesses in the cybersecurity of critical infrastructure, especially in areas that are easily overlooked like solar power systems.
2. To prevent potential hacker attacks, relevant manufacturers and users must take immediate action to patch vulnerabilities and strengthen security protection measures.
3. Bitdefender has reported the relevant vulnerabilities to Ningbo Deye Company, and Deye Company has responded quickly and taken measures to patch these vulnerabilities, effectively reducing potential security risks.

The above is the detailed content of Ningbo Deye solar inverter exposed, system loopholes hide hidden dangers?. For more information, please follow other related articles on the PHP Chinese website!