Date: September 25, 2025 (GMT +8)

Time: 16:10

The global adoption of renewable energy, particularly solar power, is rapidly increasing. However, this accelerated digitization has also opened up new attack surfaces—especially in developing nations where cost-effective, Chinese-manufactured inverters and communication devices dominate the market. Our research focuses on a real-world investigation into the cybersecurity posture of solar plants that rely on Chinese inverters and RS485-to-Ethernet couplers. These devices, while enabling efficient communication and monitoring, introduce serious national security and privacy concerns. In this paper, we present our findings from a live production solar plant where these devices were installed. We uncovered critical vulnerabilities across communication channels such as Bluetooth, Wi-Fi, and USB, all used by the inverter to interact with gateway couplers and mobile applications. During reverse engineering and traffic inspection of the associated mobile apps and firmware, we discovered that sensitive plant operational data—including voltage readings, device health, and control commands—were being exfiltrated to remote servers located in China. The inverters we examined were capable of being remotely switched on or off via the mobile application. The implications of this are severe: an attacker who exploits these interfaces or hijacks app traffic could effectively disrupt plant operation or induce cascading failures in grid stability. Our discovery also includes poorly secured or hardcoded credentials within the firmware, unsecured Bluetooth pairing modes, and lack of proper authentication mechanisms in the couplers converting RS485 (Modbus) to Ethernet. This paper is the first part of an ongoing investigation. In future releases, we will focus on firmware implants, radio communication tampering, and active exploitation techniques. This initial part lays the groundwork by exposing systemic risks, insecure data flows, and geopolitical implications.

Key Findings
1. We reverse-engineered the mobile app associated with the inverter and found hardcoded IP addresses linked to Chinese cloud servers. All monitoring and control data—including ON/OFF commands—were being silently transmitted to these endpoints without user consent.

2. The inverter’s Bluetooth interface was found to be in continuous discoverable mode with no pairing key enforcement. An attacker within range could connect and manipulate the device without authentication.

3. The mobile application stored Wi-Fi credentials in plaintext and transmitted them during device setup. This flaw allows adversaries to sniff Wi-Fi credentials during setup or app interaction phases.

4. A USB port on the inverter was found to expose debug access without proper access controls. We were able to mount the file system and extract configuration data, including private keys and logs.

5. The RS485-Ethernet converters (acting as gateways) had no authentication for Modbus communication and were susceptible to traffic injection. A rogue device on the network could easily spoof inverter commands.

6. The inverter processed received commands without verifying the data integrity or sender authenticity. This makes command spoofing trivially easy for attackers.

7. All mobile app communications to the inverter and Chinese servers were over HTTP and unencrypted Bluetooth. This opens a door for MITM (Man-in-the-Middle) attacks in public or compromised networks.

8. The inverter relied on cloud-based decision-making for major actions like remote shutdown or firmware update checks. In case of a hostile takeover or DNS poisoning, the attacker could push false updates or shut down the plant.

Speaker

Arun Mane
A Trailblazer in Security, Innovation, and Education Arun Mane, a visionary leader and luminary in the field of cybersecurity, wears many hats. He is not only the Founder and CEO of Amynasec Research Labs, but also the co-Founder and CEO of UnoAcademy, a distinguished training provider. With a resolute focus on Vehicle/IoT/ICS/IoMT security, Arun is also a recognized Hardware, IoT, and ICS Security Researcher, shaping the future of digital protection.Arun's passions encompass a spectrum of technological domains. He delves into Hardware Security, SCADA systems, Automotive Security, Fault Injection, RF protocols, and the intricacies of Firmware Reverse Engineering. His inquisitive mind thrives on unraveling complex systems and identifying vulnerabilities that safeguard the digital landscape. Arun's expertise extends to performing Security Audits aligned with ISO 62443, ISO 21434, NIST frameworks, catering to both government and private clients. His insights have proven invaluable in fortifying digital infrastructures against ever-evolving threats. His prominence shines brightly on the international stage. Arun has delivered captivating talks at an array of prestigious conferences, leaving a lasting impact on audiences worldwide. Noteworthy appearances include nullcon in Goa from 2016 to 2018, GNUnify 2017, Defcamp in Romania from 2017 to 2019,2023, Hacktivity in Budapest 2019,2023, Rootcon 2020 in the Philippines, BsidesDelhi 2017, c0c0n x in 2017 and 2019, BSides Ahmedabad 2021, EFY 2018, x33fcon from 2018 to 2021, BlackHat USA 2018, Defcon USA 2018, OWASP Seasides 2019 in Goa, and HITB Red Team Village 2020,Phuket 2023. These platforms serve as a testament to his remarkable insights and thought leadership in the cybersecurity realm

Omkar Mali
Omkar Mali is a Security Researcher and seasoned Infrastructure and Cloud Security expert, leveraging his expertise in safeguarding digital assets for clients. With a keen focus on Hardware and IoT Security and Automotive Cybersecurity, he serves as a dedicated researcher in these domains, ensuring robust protection against emerging threats. Omkar's areas of specialization encompass Hardware Security, Automotive Security, RF Protocols, and Firmware Reverse Engineering, demonstrating a comprehensive understanding of complex security landscapes. In addition to his professional roles, Omkar Mali assumes leadership as the head of The Marathi Hackers Group, a testament to his commitment to fostering collaboration and knowledge sharing within the cybersecurity community. His extensive experience includes conducting Security Audits for both governmental and private entities, showcasing his ability to navigate diverse environments and deliver tailored solutions to mitigate risks effectively.

« Back