cross-posted from: https://scribe.disroot.org/post/10061950
Security researchers from the Chaos Computer Club (CCC) have exposed critical vulnerabilities in Hoymiles solar inverters that allow attackers to remotely control, manipulate, or destroy hundreds of thousands of solar installations across Europe. The Chinese manufacturer holds roughly 20 percent of the European microinverter market, making the security flaw a widespread threat to balcony power plants and small rooftop solar systems.
…
During experimental tests, a modified handheld scanner located two dozen foreign inverters and their identification numbers within 20 minutes. In Augsburg, Hunz identified 42 hackable systems within just one hour. The radio signals can travel several hundred meters, making it feasible to mount attack equipment on drones for systematic scanning of residential areas.
Once attackers have the serial numbers, they can switch inverters on or off, alter power limits, and inject malware through an unprotected firmware update command. Tampering with sensitive network parameters or erasing bootloader memory could lead to fires, electrical accidents, or device destruction requiring physical repair.
…
The CCC informed Hoymiles [which is headquartered in China] about the vulnerability in February but received no initial response. Only after the German Federal Office for Information Security contacted the Chinese authority CNCERT did Hoymiles react at the end of June. The company announced a security update for mid-October.
…



Thats some impressive reporting from a news org utilizing an AI stock image that has no apparent ties to the content. To be fair I can’t think of any obvious choices either.
I’ll just take a peek at their publishers:
Damn. 404. (not that one)
No worries - follow the money! Let’s see who your advertisers are…
404? The plot thickens.
About us! Surely they are going to describe their attention to detail, their quest for truth, and their refreshing lack of baises at this establishment…?
There can only be one explanation for this. Obviously.
The dangerous hacker known as En Jin X. This would have never happened if everyone needed their ID online!
Did they break this story? Looks like this is a copy-paste article on hundreds of shitty sites: https://duckduckgo.com/?t=fpas&q=chaos+computer+club+solar+vulnerability+remote+chinese&ia=web
The Chaos Computer Club is real, and awesome, but I cand find anything on their site or YouTube about this yet. It was probably not in English though so thats on me: https://www.ccc.de/en/home
Edit, I just had to scroll down: https://lemmy.ca/post/67687895/24241020
I imagine the feat itself is possible and plausible - though I couldn’t speculate further without digging into the specifics.
What left me feeling wary was, at least in the US, theres been a massive push to limit the spread and use of renewables… and normally when sowing fear and doubt you generally want to tie in your preferred boogie man. Presently that would be China.
Misinformation campaigns and astro turfing frequently will rely on half truths as it is FAR easier to sow dissent in a community. A half truth becomes opinion - an easily disproven lie can backfire and unify communities.
Tons of Chinese equipment is exploitable. Most of the time its simply a product of “cheap, fast, stable/secure” pick 2. I promise you it won’t be the thing that costs time and money.
I won’t speculate further on something I noticed in passing but… very frequently the third play in the trifecta is to accuse your boogie man of something that you are doing as well. It weakens the opposing observation, true or not, by increasing difficulty in finding data (similar search terms… two different parties) and lizard brain “feels” like your arguement is weaker because its copying the opposition.
Either way - I’d hesitate to take an organization seriously if they fucked up their own.distribution platform that badly and didnt IMMEDIATELY fix it. Either they are inept or unaware… and unaware implies lack of traffic who might @ a dev.
https://www.ccc.de/de/updates/2026/blinkenlights-hoymiles
Can confirm, About Us and Advertisers is Nginx 404 error, sus site.
It read like it was laser focused on pushing an idea while ignoring too many obvious parallels. The fact that the site is basically all facade - no function … kind of provides a physical representation of this entire movement. Its practically modern art.
That said - it really does drive home how this virtual snake oil is literally sending us in the wrong direction.