512-bit RSA key in home energy system gives control of “virtual power plant”

Ryan Castellucci, a GivEnergy customer, found a vulnerability within the energy system’s API which granted access to GivEnergy’s administrative account. Castellucci therefore gained access to an estimated 60,000 energy management systems and potentially sensitive customer data. GivEnergy fixed the flaw which was due to a weak 512 bit RSA key, within 24 hours of its notification. Castellucci blamed the vulnerability on the makers of code libraries upon which developers rely and warned against the use of weak 512 bit RSA keys.