Undocumented Radios Found in Solar-Powered Devices

Summary

The US Department of Transportation warned that solar-powered highway infrastructure — including chargers, roadside weather stations and traffic cameras — should be scanned for hidden or undocumented radios secreted inside batteries and inverters. The advisory (reported by Reuters) did not name a specific manufacturer or nation-state, but it comes amid growing concern about inexpensive imported hardware that may include unused cellular or radio modules.

Experts say undocumented radios are not necessarily malicious by themselves but create avenues for exploitation. Radios are widely used across distributed infrastructure for legitimate communications, yet OEM-supplied modems or Bluetooth modules can be left undocumented and active, allowing remote access, data leakage or manipulation of device behaviour (for example, a battery management system that can change charge settings).

Key Points

The DOT advisory recommends scanning solar-powered roadside equipment for hidden radios embedded in batteries and inverters.
Undocumented cellular and radio modules are often included by OEMs for maintenance or future use but not always disclosed.
Such radios may be exploited to access adjacent systems or move laterally across networks, increasing OT attack surface.
Bluetooth-enabled battery management systems (BMS) in LiFePO4 batteries can, in some cases, allow changes to sensitive settings that disable or discharge power assets.
Radio-frequency vulnerabilities already affect transportation — e.g., end-of-train/head-of-train devices can be manipulated via RF packets.
Asset discovery and hardware bills of materials (BOMs) are essential to identify undocumented components and assess risk.
Long-term mitigations include requiring suppliers to provide least-functionality devices, better SDLC practices and monitoring east-west network traffic for lateral movement.

Context and Relevance

This advisory sits at the intersection of supply-chain risk and operational technology security. Radios are the backbone for many remote communications in critical infrastructure (pipelines, power, water, transport), so undisclosed wireless modules expand the attack surface beyond what operators typically expect. The issue also ties into broader geopolitical and economic pressures: cheap imported hardware can undercut branded vendors, making it harder for purchasers to insist on secure-by-design products.

For security teams and infrastructure owners, the practical takeaways are straightforward: scan hardware, demand BOMs from suppliers, and monitor network and RF-enabled device behaviour. These steps help find hidden paths before an adversary can exploit them.

Why should I read this?

Look — a dodgy radio hidden in a solar battery might sound niche, but it can be a quiet backdoor into bigger systems. If you run or protect infrastructure, this is exactly the sort of thing that trips up risk assessments. We’ve done the legwork: this story flags a simple but overlooked supply-chain risk with real operational consequences. Read it so you can ask vendors the right questions and start scanning hardware before someone else turns a road sign into an entry point.

Author’s take

Punchy and direct: this is not fantasy threat modelling. Undocumented radios are a practical gap you can do something about today — insist on BOMs, test hardware, and monitor for unexpected wireless activity. If you care about resilient infrastructure, this matters.