Rebadged, Relabeled, and Rooted: Pwnage via the Solar Supply Chain

Presented at DEF CON 33 (2025), Aug. 9, 2025, 2 p.m. (45 minutes).

Residential solar promises energy independence, but behind the panels lies a chaotic mess of insecure firmware, exposed APIs, and rebadged devices phoning home to mystery servers. This talk exposes how today's solar microgrids can be hijacked through unauthenticated cloud APIs, unsigned firmware updates, hardcoded root credentials, and even vendor-enabled kill switches. No custom exploits. No insider access. Just publicly documented APIs, leaked serial numbers, and a shocking lack of basic security controls. We will walk through real-world attacks, account takeover via brute-forced PINs, remote access to power dashboards with zero authentication, firmware tampering for persistent implants, and replay attacks against plaintext MODBUS traffic. Our research reveals how vulnerabilities silently propagate across cloned OEMs and shared cloud infrastructure, turning a single bug into an industry-wide risk. If you thought solar made you off-grid, this talk will change your threat model. References: - [link](https://www.shodan.io/) - [link](https://Diysolarforums.com) - [link](https://Photovoltaikforum.com)

Presenters:

• Jake "Hubble" Krasnov - Red Team Operations Lead and Chief Executive Officer at BC Security
  Jake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer, overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Senior Manager at Boeing Phantom Works, where he focused on aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at conferences including DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami.
• Anthony "Coin" Rose - Director of Security Research and Chief Operating Officer at BC Security
  Dr. Anthony "Coin" Rose is the Director of Security Research and Chief Operating Officer at BC Security, as well as a professor at the Air Force Institute of Technology, where he serves as an officer in the United States Air Force. His doctorate in Electrical Engineering focused on building cyber defenses using machine learning and graph theory. Anthony specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. Anthony has presented at security conferences, including Black Hat, DEF CON, HackMiami, RSA, HackSpaceCon, Texas Cyber Summit, and HackRedCon. He also leads the development of offensive security tools, including Empire and Moriarty.

Similar Presentations:

• DEF CON 33 (2025) / Edge of Tomorrow: Foiling Large Supply Chain Attacks By Taking 5k Abandoned S3 Buckets from Malware and Benign Software
• ToorCamp 2018 / Solar Cell workshop - Day 2: Build your solar project
• ToorCamp 2018 / Solar Cell workshop - Day 1: Theory and design of your solar project