Vulnerabilities in the Smart Core of Green Infrastructure

The global adoption of renewable energy, particularly solar power, is rapidly increasing. However, this accelerated digitization has also opened up new attack surfaces—especially in developing nations where cost-effective, Chinese-manufactured inverters and communication devices dominate the market. Our research focuses on a real-world investigation into the cybersecurity posture of solar plants that rely on Chinese inverters and RS485-to-Ethernet couplers. These devices, while enabling efficient communication and monitoring, introduce serious national security and privacy concerns. In this paper, we present our findings from a live production solar plant where these devices were installed. We uncovered critical vulnerabilities across communication channels such as Bluetooth, Wi-Fi, and USB, all used by the inverter to interact with gateway couplers and mobile applications. During reverse engineering and traffic inspection of the associated mobile apps and firmware, we discovered that sensitive plant operational data—including voltage readings, device health, and control commands—were being exfiltrated to remote servers located in China. The inverters we examined were capable of being remotely switched on or off via the mobile application. The implications of this are severe: an attacker who exploits these interfaces or hijacks app traffic could effectively disrupt plant operation or induce cascading failures in grid stability. Our discovery also includes poorly secured or hardcoded credentials within the firmware, unsecured Bluetooth pairing modes, and lack of proper authentication mechanisms in the couplers converting RS485 (Modbus) to Ethernet. This paper is the first part of an ongoing investigation. In future releases, we will focus on firmware implants, radio communication tampering, and active exploitation techniques. This initial part lays the groundwork by exposing systemic risks, insecure data flows, and geopolitical implications.