In a troubling new development, U.S. engineers have discovered undocumented communication devices embedded in some Chinese-made solar power inverters and batteries, raising alarms over potential security risks to critical infrastructure. According to sources reported by Reuters, these devices provide hidden communication channels that could potentially allow remote access to American power grids, bypassing firewalls meant to protect against cyberattacks.
The findings illustrate a long-standing issue in the era of the Internet of Things (IoT) — where an increasing number of devices are becoming connected to the internet, often without sufficient security measures in place. As the global reliance on networked technology grows, so does the risk of foreign adversaries exploiting vulnerabilities to compromise national security.
The solar power inverters and batteries at the heart of the investigation are designed to connect solar panel arrays and windmills to the national power grid. These devices offer the convenience of remote performance monitoring and software updates via the internet, but that same connectivity creates a potential security loophole. Firewalls and other security protocols are often put in place to protect against unauthorized signals, but according to sources familiar with the situation, rogue devices embedded in the equipment are still able to communicate undetected.
“The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with potentially catastrophic consequences,” one anonymous source told Reuters.
These rogue components were uncovered during routine inspections by IT teams at solar and wind farms, which had become aware of the growing risks of foreign-made technology. Despite their precautions, bugs and hidden devices have been discovered regularly in Chinese-sourced equipment, raising questions about the full extent of the issue. The exact number of affected devices has not been disclosed, nor have the specific manufacturers been named.
While some might dismiss this as a hypothetical threat, the discovery underscores the vulnerability of U.S. infrastructure, particularly given growing concerns over foreign cyberattacks. Cybersecurity experts have long warned that hostile nations are likely to target critical infrastructure, and the risk is becoming more tangible as more foreign-made equipment is integrated into power grids and other essential services.
In fact, a real-world incident further highlighted the dangers of internet-enabled devices. Users of inverters made by a Chinese company called Deye reported that their devices unexpectedly displayed pop-up error messages and became “bricked,” or unusable. Deye claimed the malfunction was due to unauthorized sales outside of their distribution agreements and that the devices failed to receive critical firmware updates.
However, some users suspect that remote kill commands could have been issued, pointing to a potential flaw in the company’s explanation. Whether intentional or not, the incident served as a harsh reminder of how vulnerable solar equipment — and by extension, entire power grids — can be to remote manipulation via the internet.
The discovery of these hidden communication devices has prompted a wave of action on Capitol Hill. Rep. Carlos Gimenez (R-Fla.), along with Senators Rick Scott (R-Fla.) and Maggie Hassan (D-N.H.), have introduced legislation to decouple American companies from Chinese-made batteries and power equipment.
The legislation would seek to limit U.S. reliance on Chinese suppliers of critical energy infrastructure, such as solar inverters, which China dominates as the largest supplier globally. The concerns are not limited to the U.S., however. Other countries are also taking action to mitigate the risks posed by Chinese-made energy equipment.
In November 2024, Lithuania passed a law requiring power plant operators to implement cybersecurity defenses to protect against tampering with Chinese-manufactured hardware. The law also banned Chinese manufacturers from remotely accessing the equipment they supply, directly addressing concerns raised by the Deye incident.
One Chinese company, Huawei, once dominated the solar inverter market, accounting for almost 30% of global supply. However, the company was banned from the U.S. market in 2019 after its telecom hardware was linked to security concerns in 5G infrastructure.
The revelations about hidden communication devices in Chinese-made solar equipment shine a light on the security vulnerabilities that have long been present but perhaps overlooked in the rush to embrace renewable energy technologies. As the global economy transitions to cleaner energy sources, it’s essential that governments and companies consider security as a top priority, especially when sourcing critical components from foreign suppliers with questionable oversight.
READ NEXT: Democrat Victory Shocks Red Stronghold — GOP Dynasty Falls
Am I smart because I find this obvious?