Remote Firmware Injection in Popular Solar Inverters
9 hours ago
- #FirmwareVulnerability
- #Cybersecurity
- #SolarInverters
- Critical vulnerability found in APsystems solar inverters allowing remote firmware injection.
- EZ1-M microinverter hardware analysis reveals ESP32C2 and TI C2000 microcontrollers.
- Firmware analysis shows static encryption keys and predictable serial numbers for MQTT authentication.
- MQTT analysis identifies OTA topics enabling remote firmware updates.
- Exploitation possible via retained MQTT messages to force OTA updates.
- Proof-of-concept payload developed to modify firmware and prevent updates.
- Additional vulnerability found allowing patching of C2000 firmware for severe attacks.
- Potential attack scenarios include network pivoting, grid disruption, DDoS, device destruction, and data theft.
- Approximately 100,000 vulnerable EZ1-M units identified, with potential for more across product lines.
- Responsible disclosure timeline provided, with APsystems taking months to address the issue.