James Showalter describes a pretty specific if not entirely implausible nightmare scenario. Someone drives up to your house, cracks your Wi-Fi password, and then starts messing with the solar inverter mounted beside your garage. This unassuming gray box converts the direct current from your rooftop panels into the alternating current that powers your home.
“You’ve got to have a solar stalker” for this scenario to play out, says Showalter, describing the kind of person who would need to physically show up in your driveway with both the technical know-how and the motivation to hack your home energy system.
The CEO of EG4 Electronics, a company based in Sulphur Springs, Texas, doesn’t consider this sequence of events particularly likely. Still, it’s why his company last week found itself in the spotlight when U.S. cybersecurity agency CISA published an advisory detailing security vulnerabilities in EG4’s solar inverters. The flaws, CISA noted, could allow an attacker with access to the same network as an affected inverter and its serial number to intercept data, install malicious firmware, or seize control of the system entirely.
For the roughly 55,000 customers who own EG4’s affected inverter model, the episode probably felt like an unsettling introduction to a device that they little understand. What they’re learning is that modern solar inverters aren’t simple power converters anymore. They now serve as the backbone of home energy installations, monitoring performance, communicating with utility companies, and, when there’s excess power, feeding it back into the grid.
Much of this has happened without people noticing. “Nobody knew what the hell a solar inverter was five years ago,” observes Justin Pascale, a principal consultant at Dragos, a cybersecurity firm that specializes in industrial systems. “Now we’re talking about it at the national and international level.”
Security shortcomings and customers complaints
Some of the numbers highlight the degree to which individual homes in the U.S. are becoming miniature power plants. According to the U.S. Energy Information Administration, small-scale solar installations – primarily residential – grew more than fivefold between 2014 and 2022. What was once the province of climate advocates and early adopters became more mainstream owing to falling costs, government incentives, and a growing awareness of climate change.
Techcrunch event Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital, Elad Gil — just a few of the heavy hitters joining the Disrupt 2025 agenda. They’re here to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $600+ before prices rise. Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They’re here to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. San Francisco | REGISTER NOW
Each solar installation adds another node to an expanding network of interconnected devices, each one contributing to energy independence but also becoming a potential entry point for someone with malicious intent.
When pressed about his company’s security standards, Showalter acknowledges its shortcomings, but he also deflects. “This is not an EG4 problem,” he says. “This is an industry-wide problem.” Over a Zoom call and later, in this editor’s inbox, he produces a 14-page report cataloguing 88 solar energy vulnerability disclosures across commercial and residential applications since 2019.
... continue reading