James Showalter describes a pretty specific if not entirely implausible nightmare scenario. Someone drives up to your house, cracks your Wi-Fi password, and then starts messing with the solar inverter mounted beside your garage. This unassuming gray box converts the direct current from your rooftop panels into the alternating current that powers your home.
“You’ve got to have a solar stalker” for this scenario to play out, says Showalter, describing the kind of person who would need to physically show up in your driveway with both the technical know-how and the motivation to hack your home energy system.
The CEO of EG4 Electronics, a company based in Sulphur Springs, Texas, doesn’t consider this sequence of events particularly likely. Still, it’s why his company last week found itself in the spotlight when U.S. cybersecurity agency CISA published an advisory detailing security vulnerabilities in EG4’s solar inverters. The flaws, CISA noted, could allow an attacker with access to the same network as an affected inverter and its serial number to intercept data, install malicious firmware, or seize control of the whole system.
For the roughly 55,000 customers who own EG4’s affected inverter model, the episode probably felt like an unsettling introduction to a device that they little understand. What they’re learning is that modern solar inverters aren’t simple power converters anymore. They now serve as the backbone of home energy installations, monitoring performance, communicating with utility companies, and, when there’s excess power, feeding it back into the grid.
Much of this has happened without people noticing. “Nobody knew what the hell a solar inverter was five years ago,” observes Justin Pascale, a principal consultant at Dragos, a cybersecurity firm that specializes in industrial systems. “Now we’re talking abo …