Berlin, 08 July 2026
The Chaos Computer Club (CCC) and security researcher Benedikt Heinz, alias Hunz, have publicly disclosed serious security vulnerabilities in inverters made by Chinese manufacturer Hoymiles, affecting hundreds of thousands of photovoltaic systems in Europe.
Affected devices and market reach
The vulnerabilities affect the HM, HMS, and HMT series inverters from Hoymiles, which, according to the company's own statements, serves around 20 percent of the European market for microinverters. The CCC warns of a systemic risk and calls for binding minimum standards as well as a ban on feed-in devices in the EU that accept firmware updates via wireless without cryptographic authentication: „Die Hacker fordern verbindliche Mindeststandards und ein Verbot von Einspeisegeräten in der EU, die Firmware-Updates ohne kryptografische Authentifizierung via Funk akzeptieren".
