The Chinese solar inverter company Deye remotely bricked without warning upfront inverters at 15/11/2024 installed in UK, USA and Pakistan remotely with a message to contact the domestic dealer and return the devices.
Deye is the contract manufacturer for Sol-Ark hybrid inverters.
What's going on is unclear; Sol-Ark itself has no idea, but it is a big issue in terms of security. Deye itself has not given a public statement yet.
Sol-Ark is also telling they are unable to resolve that block. Their idea of resolving the issue is to offer new inverters to affected customers at a discount price.
From the report it looks like grey market imports are affected only.
"Deye is the contract manufacturer of the Sol-Ark hybrid inverters, and Sol-Ark have the exclusive right to sell the inverters in the US since 2018, as shown in
several lawsuits over the years ⤤. Deye-branded inverters have been sold for installation by several companies (seemingly in breach of Sol-Ark’s exclusivity agreement with Deye), and Sol-Ark has exercised its right to exclusivity through the court system.
It’s unclear what the impetus is for this reported shutdown, why it’s happening now, and why it didn’t happen sooner. As many people in the DIY Solar Power Forum have noted, it seems unfair to bring innocent consumers into the fight, who probably have no idea what their inverter brand even is.
[...]
This situation is not only concerning because people may be without their solar production and backup power right now, but also because it seemed incredibly easy for a company in China to flip this switch on their inverters that brought power production to a halt. It brings to mind the mind-boggling amount of solar installed in the US that’s producing power using Chinese-manufactured inverters. As tensions and trade wars escalate with China, it’s an uncomfortable level of leverage that China may hold over our country.
Plus, country-level politics aside, the internet-connectedness of all solar installed over the last 5-10 years is a huge potential problem, illustrated by this exact situation. By default, most inverter manufacturers have ways to remotely configure inverters, and those internal systems pose large targets for cyber attackers. If any of the big manufacturer’s systems are breached, that’s gonna be a real bad time.
It’s easy to start running down the cliff of assumptions, but our takeaway here as installers is to be very careful what inverters we install (making sure there is official and direct support in the US), and even start thinking about more secure networking structures for the systems we install, especially if they’re used for backup power in the case of an outage, or used as off-grid inverters entirely.
It’s unknown what the resolution for this will be for the affected customers. It truly is shitty that Deye didn’t run this geographical check at the initial installation of these inverters. This will likely penalize the wrong people as a result."
Seemingly, at the drop of a hat the morning of Friday, Nov 15th, Deye-branded inverters across the US were intentionally bricked.
solarboi.com