Hass and Associates International Reviews
Two security researchers recently found that they could easily hack the building management system for the corporate giant’s Wharf 7 office overlooking the water in the Pyrmont section of Sydney, Australia.
Google Australia uses a building management system that’s built on the Tridium Niagara AX platform, a platform that has been shown to have serious security vulnerabilities. Although Tridium has released a patch for the system, Google’s control system was not patched, which allowed the researchers to obtain the administrative password for it (“anyonesguess”) and access control panels.
The panels showed buttons marked “active overrides,” “active alarms,” “alarm console,” “LAN Diagram,” “schedule,” and a button marked “BMS key” for Building Management System key.
There was also a button marked “AfterHours Button” with a hammer on it.
The researchers did not test the buttons or disrupt the system, which was running off of a DSL line, but reported the issue to Google.
“We didn’t want to exercise any of the management functionality on the device itself. It’s pretty fragile, and we don’t want to take that thing down,” said Billy Rios, a researcher with security firm Cylance, who worked on the project with colleague Terry McCorkle.
hass and associates international reviews
Further Info:
http://www.wired.com/threatlevel/2013/05/googles-control-system-hacked/
154 views • 3 slides