1. browse
  2. conferences
  3. camp-NL
  4. why2025
  5. playlist
conference logo

Playlist "What Hackers Yearn 2025"

Hack the Grid. Disclosing vulnerabilities to help prevent blackouts

Chris van 't Hof, Frank Breedijk and Wietse Boonstra

The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. DIVD has been conducting research into vulnerabilities in charging stations, solar panel inverters, home batteries, and Energy Management Systems. In this talk, we will demonstrate how we could have generated power outages using these zero-days and how we prevent this by disclosing them responsibly.

The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it.

Various institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. DIVD is allowed to do this because we are volunteers and a nonprofit. By identifying devices that can form a botnet, DIVD helps to make the smart grid more secure.

DIVD has been conducting research into vulnerabilities in equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure.

With the CVD in the Energy Sector program, DIVD conducts research at its own hardware hacking lab in collaboration with the energy sector to reduce the digital vulnerability of our energy system. We also organise hack events. During WHY2025 we also give demos at the Vulnerability Disclosure Village.

In this talk, we will demonstrate how we could have generated power outages using zero-days we found in solar converters, electric car chargers and energy management systems. Still, we also did it with just one user-password combination…

Licensed to the public under https://creativecommons.org/licenses/by/4.0/