U.S. Officials Identify ‘Rogue’ Communication Devices in China-Built Solar Power Units
China will use “any means necessary to spy on, steal from, or strangle our nation.”
Legal Insurrection readers will recall that a sudden and unprecedented power outage struck the entire Iberian Peninsula in late April, plunging nearly all of Spain and Portugal into darkness for several hours.
The blackout, one of the largest in recent European history, also briefly affected parts of southern France and Andorra. Essential services, public transportation, telecommunications, and financial systems were severely disrupted. At least eight deaths have been linked to outage-related incidents.
While the cause was not related to a cyber-attack, such a security breach was an early consideration. There are reasons to be worried about solar power systems being hacked.
Recent investigations by U.S. energy officials have uncovered undocumented communication devices, referred to as “rogue” devices, embedded within some Chinese-made solar power inverters and related equipment.
U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.
Power inverters, which are predominantly produced in China, are used throughout the world to connect solar panels and wind turbines to electricity grids. They are also found in batteries, heat pumps and electric vehicle chargers.
While inverters are built to allow remote access for updates and maintenance, the utility companies that use them typically install firewalls to prevent direct communication back to China.
However, rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by U.S experts who strip down equipment hooked up to grids to check for security issues, the two people said.
The European energy market is even more dependent on solar power and Chinese products, and officials there are alarmed by the U.S. team’s discovery.
The European Solar Manufacturing Council (ESMC), the body which represents the interests of some Europe-based PV companies, said that: “With over 200GW of Europe’s solar capacity relying on these inverters—equivalent to more than 200 nuclear power plants—the security risk is systemic.”
In a LinkedIn post, it called on the European Commission (EC) to examine the “risk potential for sabotage and espionage” of manufacturers of components that can “significantly influence the behaviour” of the European grid. It also called for “rigorous audit and validation tools” and a fully transparent software bill of materials (BOM).
The ESMC and fellow trade body SolarPower Europe have been ramping up calls for greater cybersecurity protection for European inverters. Earlier this month, the ESMC called for a restriction for remote access to inverters from “high risk” Chinese manufacturers.
Legal Insurrection readers may recall my previous reports on Salt Typhoon, the codename for a sophisticated Chinese state-sponsored cyber espionage group, believed to be operated by China’s Ministry of State Security (MSS). The group had previously hacked into American internet provider systems, the US Treasury, and Trump-Vance campaign telephone systems.
According to a late April 2025 interview with Brett Leatherman, FBI deputy assistant director of cyber operations, Salt Typhoon remains active. The group is still considered a threat, and while affected telecommunications companies have reported that the actors have been “contained,” there is no confirmation of full eradication from all networks.
There are other “Typhoon Groups,” including Volt Typhoon, an advanced persistence threat group specializing in cyberespionage and cyberwarfare. Its primary focus is on targeting critical infrastructure in the United States and its territories.
Volt Typhoon is still active. Salt Typhoon is still active. As far as being in the networks, for Salt Typhoon, that’s a hard question for me to answer because the telcos themselves continue to look in those networks. The telcos have indicated to us, and publicly, that they’ve contained the actors. Until they’ve indicated they’ve eradicated them, there’s a presumption they could still be in the networks.
For advanced persistent threats like the Typhoons, their goal is to establish persistence. They’re very good. They’re state actors who have tremendous money and resources behind them. Once they get into an environment, they don’t want to rely on the vulnerability that got them in there all the time; they want to set up alternate ways to get in. That’s what the companies and the threat mitigation firms are doing, trying to identify were there areas of persistence that they were able to obtain for later use and stay in the environment.
Our confidence right now is that we have eliminated their ability to have a substantial impact against United States critical infrastructure. But we do know that they continue to seek positions, not necessarily in critical infrastructure, but on end-of-life legacy devices. Our goal is to prevent them from getting to the point where they amass that kind of access.
It is clear that China will use “any means necessary to spy on, steal from, or strangle our nation. Decoupling from their electronic and energy equipment is critical to our security.
DONATE
Donations tax deductible
to the full extent allowed by law.
Comments
Make sure your devices, cable modem, router, computers, phones, tablets, and anything else you have are updated with the latest patches. Don’t forget smart thermostats, appliances, lights, and such, and put those devices on a guest network (modern routers will do that) to keep them separate from your phones, tablets, and computers. If you don’t know how, ask around.
.
And USE STRONG PASSWORDS!
.
Just got a new router here. It not only has guest network capabilities, but a third set (2.4 and 5.o gigacycle) for home automation.
I bought a new router a couple months and spent a great deal of time shopping for it. It’s practically impossible to find a router that isn’t made in China today. Even the Taiwanese brands like ASUS and Synology aren’t made in TW anymore. Most are made in China. I ended up going with an Asus model primarily because it was made in Vietnam…which is probably only marginally better than China. I was really disappointed to find ‘American’ router manufacture Ubiquiti makes almost all their stuff in China.
My TP-Link ones area Vietnamese.
I am a huge fan of MikroTik routers, made in Latvia. Most of them are professional grade (originally designed to be configured by pro geeks) but they have customer-grade configuration interfaces if you’re interested in tapping only the power of a consumer-grade unit, They recently introduced a feature whereby changes to critical configuration parameters (related to things that could allow hackers access) need to be confirmed by the owner physically removing power from the router, to ensure they cannot be made remotely.
Or, eschew smart appliances entirely. I have to purchase a new refrigerator and my main requirement is no internet connectivity.
Just treat your refrigerator like your next-door neighbor’s PC — don’t give it your WiFi password, and it won’t get on your Internet.
EnPhase IGBT inverters are the source of controversy.
I have a sordid tale involving Granholm visiting Flex in W Columbia, SC followed by Biden visiting to promote the CHIPS program. I spoke negatively about it and was terminated.
Do a deep dive into Flex, EnPhase and Shinzen Sinvo of Guangdong, China.
I remember the hysteria when Trump put the hammer down on Huewai. Seems he was right about this stuff. I wonder how much the Brandon & Co Grifting Enterprise got paid to make the US reliant on Chinese solar panels.
If this isn’t evidence that the United States should cut off all trade with China I don’t know what is. But nope, Trump has decided to suspend the Chinese tariffs for 90 days and enter into trade negotiations with the CCP. I’m not sure what Trump hopes to accomplish with these trade negotiations but here we are and there you go.
I was about to make the very same statement. Boycotts DO work.
“Never put down to conspiracy what can be put down to incompetence, indifference, or cheapness.”
In this case the manufacturer of this chip probably has this feature built into the chip – at one point he no doubt charged a premium for that feature but it has been surpassed by better designs and so it’s become cheap. Cheap enough that inverter makers can just ignore that function.
Remember that while the first functional chip of any new design is expensive because it carries all the development costs. Once that cost is repaid through sales profits, the chips themselves only cost a few dollars each to produce.
This is why so many “cheap” cars have electronic features that were only found on luxury cars a few years ago.
So… finally to the point: I am not too worried about this as a plot. It IS a weakness that I suppose could be exploited, but think about the infrastructure required to activate a signal to turn off solar panel inverters on a national level. It would require something on a Bond-Villain scale of planning.
“From an uncharted island in the Caribbean a signal goes up to a mysterious black satellite orbiting over the United States. A panel opens on the side of the satellite and a radio antenna starts beaming a coded pulse to every solar panel in America. We see a house wife looking puzzled because her washing machine suddenly stops. And then THE LIGHTS GO OUT ALL OVER AMERICA!”
Yeah right.
Your english is amazingly good.
Play nice. Hodge has been around a LONG time. Not quite as long as I have, but few here have.
He is not a non-state actor.
I bet he sees the problem with a complete digital currency economy, too. Same thing. Hit a button and no money.
We have that now, effectively. Most of our “money” is lent into existence by records made by the lending banks. It exists only as entries into data systems.
It’s not paranoia if they ARE out to get you.
This is true. And I have said that MANY times in contexts both domestic and international. It’s EXACTLY why Kash Patel is now DIRECTOR of the FBI, when he was on e a target thereof.
But Hodge’s comment is that this is less originally conceived plot and more target of opportunity opportunism by the CCP or any other potential enemy hacking group trying to sabotage the United States.
You do know about bot networks, right? And a distributed attack is always vastly harder to stop. As for having power go out all at once–cascading failures in a fragile and low tolerance system can get the job done quite nicely all on its own.
Signals can be sent down power lines, and the devices themselves could be programmed to rebroadcast or amplify a shutdown or self-destruct signal before executing it. It is totally unacceptable to have components of the power grid with built-in trojans.
and all those who are wrong about “gutting” the qatar aircraft gift to the usa eliminating anyyyyyy possibility of wrong doing by people who hate the usa…..
this story is for you
Has anyone suggested that the Qatar aircraft not be gutted upon arrival? This will happen as a matter of course, as the aircraft is overhauled and inspected. This isn’t extraordinary, airlines do this to their own aircraft. Everything comes out and apart, is inspected, re-certified (if necessary) or replaced, before everything is put back together.
There’s a great video on YouTube about a 747 getting a D-check go-through. It is so thorough that even the coffee brewers are torn down, inspected, and rebuilt. Quite the process.
gutted re-gutted
spy sensors melded into the paint
who knows
qatar is a sworn enemy of western freedoms
you’re ok with that
I am not
“… there is no confirmation of full eradication from all networks.”
There is no ability to prove a negative. For example, that an election was not tampered with.
As others have referenced the vulnerabilities inherent in a foreign supply chain have the potential to damage the USA. Every time the faux free traders start up their ‘the sky is falling’ routine they need to explain exactly how such vulnerabilities are being ID and mitigated.
Firstly, who the heck still posts at LinkIn??
More importantly, “…undocumented communication devices, referred to as “rogue” devices, embedded within some Chinese-made solar power inverters and related equipment” needs to be nipped in the bud, Barney (nip it!), or next thing ya know them dang ChiComs will be floating ‘weather’ balloons across the entire continent in order to spy on us while our government stands around w/ their collective thumb up their bu##.
The inverter on my system is not connected to the internet. Once it was set up and working, my contractor disconnected and strongly recommended leaving it the hell alone since wifi updates had the potential to be more harmful than helpful.
Flex is a manufacturing outfit based in Salt Lake City, and they make devices for Siemens, ABB, EnPhase and several other companies. Every bit of manufacturing equipment is made by Shinzen Sinvo Automatic Machinery of Guangdong, China.
I have scans of schematics for a packaging cell that I had to use Google Translate to be able to read. I discovered that I could convert speech to text, and found that I should have been threatening them instead of thanking the chinese guys.
They think of us as cur dogs.
Prior to Granholm’s visit during her e-car calvacade to DC we were evacuated and the facility swept.
When Biden showed up, only a select few were allowed to attend.
I was the wrong color, that is all I can say.