blog The security staff at Google Australia’s flashy new headquarters in the Sydney CBD most likely spend most of their time worrying about physical breaches of the building’s security, making sure that the company’s local network routers and PCs aren’t broken into by Internet nasties and trying to keep nutbag journalists from conducting satirical exercises outside their front door. But do they spend much time worrying about the in-building network controlling functions such as air conditioning? Probably not. However, if this article by Wired is any indication, perhaps they should be. The publication reports (we recommend you click here for the full article):
Two security researchers recently found that they could easily hack the building management system for the corporate giant’s Wharf 7 office overlooking the water in the Pyrmont section of Sydney, Australia. Google Australia uses a building management system that’s built on the Tridium Niagara AX platform, a platform that has been shown to have serious security vulnerabilities.
… we could have actually installed a rootkit,” said McCorkle, who first uncovered the Google system online. “We could have taken over the operating system and accessed any other control systems that are on the same network as that one. We didn’t do that because that wasn’t the intent…. But that would be the normal path if an attacker was actually looking to do that.”
To be honest, we’re not really surprised by this kind of situation, and we’d surmise an extremely strong bet that if Google’s HQ in Sydney was this easily broken into, that many other high-rise office towers all around Australia will also be vulnerable to this kind of attack. It’s particularly embarassing for Google, as it’s a technology company, but we’re sure security would be even more lax at non-tech firms. Of course, it’s also worth noting that Google isn’t the only company in its building — management consulting, technology and outsourcing group Accenture has a few floors in the same Sydney facility. One wonders what the good folks over there made of the Wired article as well.
Image credit: Google