Hackers could exploit solar power equipment flaws to cripple green grids
-
-
The list of vulnerabilities seems to go on forever. . . why would they not hire anyone to look at the code before releasing the product?
Is there even a way to update the code remotely. . .
-
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
The list of vulnerabilities seems to go on forever. . . why would they not hire anyone to look at the code before releasing the product?
Is there even a way to update the code remotely. . .
Because why would you need QA for equipment that SUPPLIES POWER. -_-. That or their QA is astronomically terrible.
Just to be safe, I am being sarcastic.
-
Oh thank god...
"CVE-2017-9860: An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. References"
Meaning the firmware can be upgraded remotely. . . . by the hackers!
-
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
Oh thank god...
"CVE-2017-9860: An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. References"
Meaning the firmware can be upgraded remotely. . . . by the hackers!
I love it. This is so bad that it's verge awesome.
-
And the part that matters (besides the finger pointing).
"In the end, SMA patched the vulnerabilities in its kit, fixes are rolling out, energy grid bosses agreed to get the matter onto the agenda at their next security conference, and governments agreed to coordinate to harden up their systems, we're told. "
So hopefully they've got patches coming, but damn guys. . .
-
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
The list of vulnerabilities seems to go on forever. . . why would they not hire anyone to look at the code before releasing the product?
Is there even a way to update the code remotely. . .
Because IoT.
-
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
And the part that matters (besides the finger pointing).
"In the end, SMA patched the vulnerabilities in its kit, fixes are rolling out, energy grid bosses agreed to get the matter onto the agenda at their next security conference, and governments agreed to coordinate to harden up their systems, we're told. "
So hopefully they've got patches coming, but damn guys. . .
If they don't, I guarantee someone will
You know, since it is open for public patching.
-
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
And the part that matters (besides the finger pointing).
"In the end, SMA patched the vulnerabilities in its kit, fixes are rolling out, energy grid bosses agreed to get the matter onto the agenda at their next security conference, and governments agreed to coordinate to harden up their systems, we're told. "
So hopefully they've got patches coming, but damn guys. . .
If they don't, I guarantee someone will
You know, since it is open for public patching.
That's the most insane part. You can change the firmware on the device, just by being on the same LAN! wtf. . .
-
Maybe a white-hat will "hack" in and patch it... why not?
-
@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:
Maybe a white-hat will "hack" in and patch it... why not?
Because... better things to do
And it still gets you arrested, so not worth the risk. -
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:
Maybe a white-hat will "hack" in and patch it... why not?
Because... better things to do
And it still gets you arrested, so not worth the risk.If you're on the network and you haven't hacked your way onto that, how could they claim you broke in and did something illegal?
-
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:
Maybe a white-hat will "hack" in and patch it... why not?
Because... better things to do
And it still gets you arrested, so not worth the risk.If you're on the network and you haven't hacked your way onto that, how could they claim you broke in and did something illegal?
Have you ever been to the US?
-
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:
Maybe a white-hat will "hack" in and patch it... why not?
Because... better things to do
And it still gets you arrested, so not worth the risk.If you're on the network and you haven't hacked your way onto that, how could they claim you broke in and did something illegal?
Have you ever been to the US?
I have, just have never had to deal with the "law" personally.
-
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:
Maybe a white-hat will "hack" in and patch it... why not?
Because... better things to do
And it still gets you arrested, so not worth the risk.If you're on the network and you haven't hacked your way onto that, how could they claim you broke in and did something illegal?
Have you ever been to the US?
I have, just have never had to deal with the "law" personally.
Hacking doesn't require breaking into anything. Hacking includes bullying a receptionist to let you into a building. Hacking includes going through a private trash. Hacking includes looking at sticky notes for passwords. You touch something you aren't "supposed to" and you can go to jail for hacking. And ask Mitnick, it doesn't require a computer, having done anything nefarious or a trial.
-
@dashrender said in Hackers could exploit solar power equipment flaws to cripple green grids:
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
The list of vulnerabilities seems to go on forever. . . why would they not hire anyone to look at the code before releasing the product?
Is there even a way to update the code remotely. . .
Because IoT.
Crawl back in your damned hole.
-
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:
Maybe a white-hat will "hack" in and patch it... why not?
Because... better things to do
And it still gets you arrested, so not worth the risk.Yeah - Steve Gibson claimed that he went to the FBI and asked about making a virus that would find Code Red machines and patch them. He was told no, it's illegal.
-
@jaredbusch said in Hackers could exploit solar power equipment flaws to cripple green grids:
@dashrender said in Hackers could exploit solar power equipment flaws to cripple green grids:
@dustinb3403 said in Hackers could exploit solar power equipment flaws to cripple green grids:
The list of vulnerabilities seems to go on forever. . . why would they not hire anyone to look at the code before releasing the product?
Is there even a way to update the code remotely. . .
Because IoT.
Crawl back in your damned hole.
clearly you didn't see it as the joke it was meant to be.
-
@dashrender said in Hackers could exploit solar power equipment flaws to cripple green grids:
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:
Maybe a white-hat will "hack" in and patch it... why not?
Because... better things to do
And it still gets you arrested, so not worth the risk.Yeah - Steve Gibson claimed that he went to the FBI and asked about making a virus that would find Code Red machines and patch them. He was told no, it's illegal.
Just showing why you should not listen to him. He actually asked that? How out of touch is he?
-
@dashrender said in Hackers could exploit solar power equipment flaws to cripple green grids:
@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:
@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:
Maybe a white-hat will "hack" in and patch it... why not?
Because... better things to do
And it still gets you arrested, so not worth the risk.Yeah - Steve Gibson claimed that he went to the FBI and asked about making a virus that would find Code Red machines and patch them. He was told no, it's illegal.
More importantly it would make it that much more difficult for the FBI and other agencies to hack into those machines. . .
