Home · Security · Hackers Penetrate Google’s Building Management System

Hackers Penetrate Google’s Building Management System

With more sophisticated controls and software overlays, buildings are getting a lot smarter. Unless there's a hacker out there smarter than your building, in which case your building could become a bumbling, hypnotized fool -- or even dangerous.

Google found that out (the easy way) when two cybersecurity experts hacked into its Wharf 7 office in Sydney, Australia through a building management system controlled by Tridium, a company owned by Honeywell.

According to an account of the hack published yesterday by Billy Rios and Terry McCorkle of the security firm Cylance, the two were able to penetrate Google's facility through an unpatched version of Tridium's Niagara AX, a building management platform that was exposed in February by Rios and McCorkle as having serious security holes.

In this most recent hack, Rios and McCorkle found a login page for "GoogleWharf7" in a database they compiled of Tridium systems connected to the internet. A simple web search showed that Wharf 7 is Google's 10,700-square-foot "warehouse-style" office building in Sydney. Because Google was running an outdated version of Tridium Niagara, the hackers were able to access the config.bog file containing usernames and passwords. By using a tool to decode the administrative password, Rios and McCorkle entered Google's building management system and were able to see the floor and roofing plan, piping systems, alarms, and equipment schedules.

Along with getting access to all this information, the hackers said they could have overridden the system to control the building automation system and gain access to any other systems on the same network: "We did not do this… but we could have!" they wrote. More...

05-09-2013 15:54