Security alert over unexplained comms devices in Chinese power inverters

Solar panels, wind turbines, batteries, heat pumps and vehicle chargers all potentially affected

Unexplained communications devices, not listed in product documentation, have been found in Chinese-made solar power inverters in the USA.

While currently found in US solar panels, inverters are used in a range of appliances, including wind turbines, batteries, heat pumps and vehicle chargers.

The findings were first reported by Reuters, quoting unnamed security specialists in the US involved in stripping down equipment intended to be used on the power grid.

The devices, the specialists say, are undocumented and have the ability to circumvent firewalls and other security measures. They are also built in to the device, enabling them to be controlled remotely.

The specialists fear these devices could be used to destabilise the grid and trigger widespread blackouts, similar to the day-long blackout in Spain and Portugal at the end of April, which was traced to destabilisation caused by solar and wind power perturbations. Power grids need to be balanced, second-by-second, between supply and demand to remain stable.

The sources did not name the tainted inverters’ suppliers. While Huawei is the market leader in this space with a 29% share, followed by Sungrow and Ginlong Solis, it is unlikely to be the source, as it withdrew from the US market in 2019 following the 5G telecoms equipment ban. The UK also introduced a similar ban, and questions have long been raised over the security of Huawei hardware in national infrastructure.

Nevertheless, one solar developer – Germany’s 1Komma5 – openly avoids Huawei because of its links with the Chinese state and opaque ownership structure.

The security issue could be a major headache in the UK and across Europe due to the drive to roll out renewable power technology, much of which is developed and manufactured in China. More than 200GW out of Europe’s 338GW of installed solar capacity contains inverters linked with China, according to the European Solar Manufacturing Council.

The news comes as the US leads a crackdown on Huawei’s Ascend AI processors. It claims these contain US-developed technology and are therefore a potential violation of export controls.

Using any Huawei Ascend-series processor will be contrary to US export controls, and the companies involved sanctioned accordingly.

The US Bureau of Industry and Security, which oversees export controls, claims that the Ascend 910B, 910C, and 910D parts were either designed with US technology or manufactured using equipment running US-made software. However, these parts are largely used solely in computers bounds for customers in China, at the moment.

At the same time, the US administration has relaxed Biden-era restrictions on the export of powerful AI processors to a range of countries, including Portugal and Mexico, while tightening restrictions on countries like Russia and China.

Chinese state-controlled threat actors have long been linked with serious security breaches in systems across the world, with tensions escalating in recent months.