cross-posted from: https://feddit.org/post/1885722

Archived link

Here is the original article in Dutch (gated)

While wind turbines, which are highly networked and equipped with hundreds of sensors, are traditionally considered more vulnerable to outside interference than solar panels, a Dutch citizen may have proved otherwise.

A Dutch white hat hacker could have gained control of millions of smart solar panel systems, using a backdoor.

The findings confirm a 2023 report by a Dutch agency which found that converters, essential parts of solar panels that make the electricity suitable for the power grid and which are usually connected to the web, can be “easily hacked, remotely disabled or used for DDoS [Distributed Denial of Service] attacks.” DDoS is one of the most common types of attacks, which basically try to overwhelm a system.

EU industry association SolarPower Europe said the bloc “needs more robust cybersecurity rules for distributed energy sources” in a statement commenting on the hack.

The share of solar power in the European grid has surged from 1% in 2010 to 9% in 2023, and with it the disruptive potential of a cyberattack on solar panels has likewise grown.

“Devices that can be centrally co-ordinated or managed (for example, aggregated rooftop solar installations) must be subject to an EU or nationally authorised layer of monitoring,” stressed Dries Acke, deputy CEO of the lobby group.

A report by the EU’s own cybersecurity agency from 24 July found that the union is ill-prepared for a concerted attack on its energy infrastructure, whether by a foreign state or by malicious insiders.

With electricity being so essential, any attack on Europe “attracts considerable pre-positioning activity by advanced threat actors” in the power sector should they aim at “executing a destructive attack” it adds.

Solar panels were outlined as a vulnerability in several scenarios, also due to the dominance of a single country, China, in the supply chain.

The industry says that while laws like the updated EU Network and Information Security Directive, known as NIS2, and the Cyber Resilience Act are a start, more action is needed: solar panels should be classified as a critical product, which means they’d be subject to more rigorous assessments.

These concerns come as the EU’s home-grown solar industry cites cybersecurity as a reason why they should receive preferential treatment, which would help them regain market share from Chinese competitors.

“Future-looking cyber requirements should come under an EU Electrification Action Plan,” said Acke, adding that “Europe must learn from its recent lessons in energy security, and map a secure path forward.”

cross-posted from: https://lemmy.ml/post/19119747

What an unsurprising turn of events.

cross-posted from: https://lemm.ee/post/39437091

Malicious hackers can take over control of vacuum and lawn mower robots made by Ecovacs to spy on their owners using the devices’ cameras and microphones, new research has found.

Security researchers Dennis Giese and Braelynn are due to speak at the Def Con hacking conference on Saturday detailing their research into Ecovacs robots. When they analyzed several Ecovacs products, the two researchers found a number of issues that can be abused to hack the robots via Bluetooth and surreptitiously switch on microphones and cameras remotely.

“Their security was really, really, really, really bad,” Giese told TechCrunch in an interview ahead of the talk.

The researchers said they reached out to Ecovacs to report the vulnerabilities but never heard back from the company, and believe the vulnerabilities are still not fixed and could be exploited by hackers.

cross-posted from: https://reddthat.com/post/23732818

cross-posted from: https://lemmy.ca/post/26292451

cross-posted from: https://lemmy.world/post/18112704

During a recent episode of The Verge’s Decoder podcast, Logitech CEO Hanneke Faber shed some possible insight into the company’s view on one of its most important products. Saying that “the mouse built this house,” Faber shares the planning behind a Forever Mouse, a premium product that the company hopes will be the last you ever have to buy. There’s also a discussion about a subscription-based service and a deeper focus on AI.

For now, details on a Forever Mouse are thin, but you better believe there will be a catch. The Instant Pot was a product so good that customers rarely needed to buy another one. The company went bankrupt.

cross-posted from: https://lemmy.zip/post/19621480

UK school reprimanded for unlawful use of facial recognition technology

An English school has been reprimanded by U.K. regulators after it used facial recognition technology without getting opt-in consent from students.

cross-posted from: https://lemmy.smeargle.fans/post/195613

HP discontinues online-only LaserJet printers in response to backlash

HN Discussion

cross-posted from: https://lemmy.world/post/17360350

“Immensely disappointing”: Nike killing app for $350 self-tying sneakers

It is hard to imagine that there was not someone inside of Nike that lost their faith in humanity when the pitch for these things was originally taking off.

cross-posted from: https://lemmy.world/post/16955080

LLMs certainly hold potential, but as we’ve seen time and time again in tech over the last fifteen years, the hype and greed of unethical pitchmen has gotten way out ahead of the actual locomotive. A lot of people in “tech” are interested in money, not tech. And they’re increasingly making decisions based on how to drum up investment bucks, get press attention and bump stock, not on actually improving anything.

The result has been a ridiculous parade of rushed “AI” implementations that are focused more on cutting corners, undermining labor, or drumming up sexy headlines than improving lives. The resulting hype cycle isn’t just building unrealistic expectations and tarnishing brands, it’s often distracting many tech companies from foundational reality and more practical, meaningful ideas.

cross-posted from: https://lemmy.ml/post/17105433

cross-posted from: https://lemm.ee/post/34636917

cross-posted from: https://lemmy.world/post/16542196

cross-posted from: https://lemmy.world/post/16179767

Everything must be a subscription service

cross-posted from: https://lemmy.zip/post/16008490

The company’s only hardware product will soon be e-waste.

cross-posted from: https://sopuli.xyz/post/12982041

cross-posted from: https://lemmy.zip/post/14585736

Car Tracking Can Enable Domestic Abuse. Turning It Off Is Easier Said Than Done

Internet-connected cars allow abusers to track domestic violence survivors after they leave

cross-posted from: https://mstdn.social/users/tekkie/statuses/112037167186333009

Image description: Installation progress bar running for software upgrade of the Under Armour running shoes

(Originally published earlier today on mstdn.social)

Og post: https://infosec.exchange/@dmgedgoods/112003888626019907

cross-posted from: https://lemmy.world/post/11706956

No, 3 million electric toothbrushes were not used in a DDoS attack::A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.

cross-posted from: https://lemmy.smeargle.fans/post/118264

Three million malware-infected smart toothbrushes used in Swiss DDoS attacks

HN Discussion

I learned of this thing's existence about a year ago when someone with this thing asked for help in reddit.

It's a ceiling lamp. With a bluetooth speaker. It's in constant pairing mode allowing anyone to connect whenever.

The person complained about hearing the neighbours' cooking instructions and that their teenager cranks the music to max volume while figuring out why there's no sound.

[archived reddit link in Finnish]

All the protections in software, what an amazing idea!

Some 5 years ago I used the toilet in a mall. Their urinals all had screens showing Android (4?) home screen. The screens were replaced with printed ads later.

Picture is from internet as I have lost mine since, but the product is same