Cloud Security, Vulnerability Management

Researcher accidentally sent solar development device, says he can shut down electricity generation facilities

Security researcher Fred Bret-Mounet found vulnerabilities affecting the management unit (MMU) on his home's solar array, a device that monitors solar panels over the internet. According to a Forbes report, Bret-Mounet discovered an open Wi-Fi access point in the Tigo Energy TSR-4 retrofit that allowed anyone within range of the Wi-Fi connection to connect to the solar array.

He found that the device sent unencrypted personal information over an HTTP connection. Bret-Mounet was able to use a brute force attack to guess the default username and password required by the server.

He told Forbes that he then could have made configuration changes to other users' panels that could have been exploited to shut down their solar power.

When notified of the flaws, Tigo Energy told Bret-Mounet he had mistakenly been sent a development device. Approximately 1,000 other customers received the same device, the solar energy equipment company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.