Engineers in the US have uncovered previously unknown communication devices embedded in solar inverters and batteries sourced from China, according to reports.
“These unauthorized components create additional communication pathways that could bypass firewalls, potentially leading to serious consequences,” an anonymous source shared after being restricted from discussing the findings.
This discovery underscores long-standing security concerns that analysts have been highlighting since the early days of the internet. The rise of internet connectivity in everyday devices—from fridges to industrial machinery—has been rapid and, perhaps, a bit alarming.
The number of devices sharing information online has surged significantly since around 2000. This proliferation raises the possibility that some devices could be used to monitor users or compromise secure networks.
In relation to these suspicious inverters, they are designed to connect solar arrays and wind turbines to the electrical grid while offering internet capabilities for performance monitoring and software updates.
Given these risks, IT teams at solar and wind farms have implemented firewalls as a safety measure to prevent unauthorized data transmissions. They also conduct regular inspections of imported equipment, finding issues with surprising frequency.
“While the exact number of discovered inverters and batteries with additional communication features remains unclear, the presence of such devices is a new revelation. The US government has yet to publicly acknowledge this finding.
These “Rogue Communications Devices” not only monitor the power grid but also pose a broader cybersecurity threat to American infrastructure. Experts have consistently warned that these hidden connections could enable attackers to disrupt power supply or harm sensitive equipment.
This isn’t just theoretical. On November 15, 2024, users of solar inverters from the Chinese company Deye reported that their devices suddenly malfunctioned and were rendered inoperable.
Deye claimed that these units were sold outside their authorized distribution areas and that the malfunctions were due to a lack of scheduled firmware updates, not because of any remote shutdown commands.
However, some users remain skeptical of Deye’s explanation, suspecting a deliberate intervention. Regardless of the truth, this incident serves as a stark reminder for solar panel users about the vulnerabilities tied to internet control over their systems.
Representatives Carlos Guimenez (R-FL), Rick Scott (R-FL), and Maggie Hassan (D-MA) have introduced legislation aimed at reducing US reliance on batteries produced by Chinese manufacturers, citing cybersecurity risks as a significant concern.
“Currently, a significant portion of our batteries comes from Chinese-linked manufacturers, exposing us to avoidable national security risks,” Sen. Scott remarked in February.
Other nations have also enacted laws addressing the risks associated with Chinese electrical equipment. Lithuania has mandated that power plant operators implement cybersecurity measures and has prohibited Chinese companies from remote access to their systems.
In the US, some utilities, notably Florida Power & Light, have initiated efforts to reduce dependence on Chinese inverters and batteries.
China remains a dominant supplier of inverters, and despite Huawei’s exit from the US market in 2019 due to 5G hardware restrictions, it captures nearly 30% of the global market share.
