Stay Safe On­line

What’s been both­er­ing us this fort­night

Web User - - Contents -

Se­cu­rity ad­vice for PC and mo­bile

So­lar panel hack could take down the grid

Hack­ers could ex­ploit a re­cently dis­cov­ered flaw in so­lar pan­els to over­load en­ergy grids and cause power cuts, ac­cord­ing to new re­search. Dutch re­searcher Willem Wester­hof found 17 vul­ner­a­bil­i­ties in so­lar power in­vert­ers – the hard­ware that con­verts the en­ergy gath­ered by so­lar pan­els into elec­tric­ity that the main grid can use.

Many of these in­vert­ers are con­nected to the in­ter­net, which means hack­ers could po­ten­tially tar­get them and con­trol the flow of power re­motely. Wester­hof was able to demon­strate the hack on two in­vert­ers pro­duced by Ger­man sup­plier SMA dur­ing a field test near Am­s­ter­dam. “If an at­tacker does that on a large scale, that has se­ri­ous con­se­quences for the power grid sta­bil­ity,” Wester­hof told the BBC.

SMA said that the vul­ner­a­bil­i­ties af­fected only four of its mod­els, and that all its other de­vices ad­here to the lat­est se­cu­rity stan­dards. It urged users to change their de­fault pass­words when the de­vices are in­stalled. bit.ly/so­lar430

Another Chrome ex­ten­sion in­jected with ad­ware

The de­vel­oper of a pop­u­lar Chrome ex­ten­sion has warned users to up­date to the lat­est ver­sion af­ter hack­ers man­aged to hi­jack the plugin, in­ject­ing ads and po­ten­tially run­ning ma­li­cious scripts on the vic­tim’s browser.

Chris Ped­er­ick, author of the Web De­vel­oper for Chrome ex­ten­sion ( bit.ly/ web­dev430) warned users that he’d fallen vic­tim to a phish­ing scam, and that his ad­min cre­den­tials had been stolen. Hack­ers were able to mod­ify the ex­ten­sion to a ver­sion con­tain­ing a bun­dled script com­mand and send it to more than a mil­lion users.

Once in­stalled in a user’s browser, the ex­ten­sion would run Javascript code to in­ject ad­verts into web pages. It’s thought that this was the main pur­pose of the at­tack, but the author ad­mits that the mal­ware could have per­formed more sin­is­ter ac­tions, such as read­ing pass­words en­tered into web fields. There is cur­rently no ev­i­dence of this hap­pen­ing, how­ever.

The hack fol­lows a sim­i­lar at­tack on the Chrome ex­ten­sion Copy­fish, which was also hi­jacked by ad­ware. bit.ly/chrome­hack430

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.