Wherever you go, whichever place it may be, how strong may be you are, you are still vulnerable. The same law applies to the search Giant Google. Google has given a lot of effort to keep the data of customers safe and secure but, it seems, it doesn’t have quite the same level of focus when it comes to keep its building systems secure.
Researchers from security firm Cylance found that the Building Control System for Google’s Wharf 7 offices in Sydney were vulnerable for attack following a search on Shodan ( I have already said about that search engine here. Use the link to make sure your system is safe).
The building, which used an unpatched version of the Tridium Niagara AX platform for its building controls, was compromised when the researchers managed to gain access to an administrator’s password to the system and access control panels.
Fortunately for Google Australia, the researchers didn’t decide to start playing games with the building’s alarms or lights, but instead notified Google of the security flaw, allowing the search giant to fix the problem.
The Cylance researchers also managed to gain copies of Blueprints for the building, including floorplans and roof plans, plus locations of water pipes. The break in to the system also offered the duo the opportunity to spread mischief. Terry McCorkle, one of the two researchers from Cylance, told Wired, ““From that point we could have actually installed a rootkit. We could have taken over the operating system and accessed any other control systems that are on the same network as that one. We didn’t do that because that wasn’t the intent…. But that would be the normal path if an attacker was actually looking to do that.”
While Google has patched the security hole and the Cylance researchers weren’t pursuing nefarious ends, the researchers have stated that there’s probably a good percentage of the 25,000 buildings using the same Tridium Niagara AX platform that haven’t patched the security hole, making them vulnerable to attack.
Via : Techradar