Home Business IT Security Google's Sydney HQ under attack

Google's Pyrmont HQ Google's Pyrmont HQ Featured

A team of US researchers have hacked into the building management system of Google's Sydney headquarters, according to reports today.

The group of researchers from security firm Cylance were able to snatch the password for the control system for Google's Pyrmont office, where they could access controls to alarms and other building services.

This includes things like the heating and air conditioning.

The group also obtained blueprints of the floor and roof plans of the headquarters, along with water pipe maps and the location of a kitchen leak.

It seems they didn't actually do anything with the access, however.

The researchers Billy Rios and Terry McCorkle were seemingly able to carry out the hack due to unpatched security flaws in Tridium Niagara AX, the system Google uses for its buildings.

In a blog post, excerpts below, Mr Rios and Mr McCorkle described the hack as "easy."

A quick interrogation of the Tridium device yields a wealth of information about the specific platform version (a slightly outdated version) and OS specifics (QNX running on an embedded device). Armed with a few pieces of data, we utilized a custom exploit to extract the most sensitive file on a Tridium device, the config.bog file. The config.bog file contains the specific configurations for this particular device, but more importantly, it also contains the usernames and passwords for all the users on the device.

We reported this issue to the Google Vulnerability Rewards Program (VRP). After much heckling from my former colleagues at Google, they quickly pulled this system offline. We also applaud Google for creating a program like the VRP and giving us the chance to share our story with a wider audience. At the time of this blog post, this exact issue affects tens of thousands of devices on the Internet and thousands of different organizations.

Thank you Google for helping us raise awareness on this issue! I asked that any proceeds from the VRP be donated to the Wounded Warrior Project, but apparently this issue doesn’t qualify for VRP rewards.

If you have a corporate campus or a modern building of any sort… you’re likely running similar systems someplace on your network. We’ve already discovered over twenty five thousand of these systems facing the Internet… one down, twenty four thousand, nine hundred, ninety nine to go :-)

If Google can fall victim to an ICS attack, anyone can.

WEBINAR 26/27th May

Thinking of deploying Business Intelligence (BI)? So are your competitors.

And the most important, fundamental, tool for delivering your BI information to your users? Dashboards.

THIS IS ONE NOT TO MISS SO REGISTER NOW

DON'T MISS OUT - REGISTER NOW!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

David Swan

David Swan is a tech journalist from Melbourne and is iTWire's Associate Editor. Having started off as a games reviewer at the age of 14, he now has a degree in Journalism from RMIT (with Honours) and owns basically every gadget under the sun.

Connect

 

 

 

 

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities