Google goes to a lot of effort to keep its customers private information private. But it seems it doesn't have quite the same level of focus when it comes to keeping its own building systems secure.
Researchers from security firm Cylance found that the Building Control System for Google's Wharf 7 offices in Sydney were vulnerable for attack following a search on Shodan.
From unsecure beginnings
The Cylance researchers also managed to gain copies of Blueprints for the building, including floorplans and roof plans, plus locations of water pipes.
The break in to the system also offered the duo the opportunity to spread mischief. Terry McCorkle, one of the two researchers from Cylance, told Wired, ""From that point we could have actually installed a rootkit. We could have taken over the operating system and accessed any other control systems that are on the same network as that one. We didn't do that because that wasn't the intent…. But that would be the normal path if an attacker was actually looking to do that."
While Google has patched the security hole and the Cylance researchers weren't pursuing nefarious ends, the researchers have stated that there's probably a good percentage of the 25,000 buildings using the same Tridium Niagara AX platform that haven't patched the security hole, making them vulnerable to attack.
Via: Wired