Researchers gain access to building control system in Google's office
Security researchers from Cylance stumbled across system vulnerabilities in one of Google's offices in Sydney, and could have gained root access for persistent control over a software system used for managing control systems in buildings.
In this instance, Cylance simply extricated a configuration file containing authentication details from the Niagara industrial control system, and successfully decrypted the passwords with the use of custom tools. The Niagara industrial control system is one of the most widely used around the world.
The company has since informed Google (NASDAQ: GOOG) of its findings, and Google promptly pulled the system offline. As reported by Computerworld, a Google spokeswoman said, "we're grateful when researchers report their findings to us. We took appropriate action to resolve this issue." Google added that the researchers would only have been able to manipulate the building's heating and cooling.
Regardless of the scope, the incident does illustrate the dangers of networked devices and their vulnerability to remote attackers. Zero-days or novel security vulnerabilities aside, it is evident that even a slightly out-of-date system can present a substantial security risk. As technology continues evolving and even more control systems and appliances get wired to the Internet, enterprises can certainly expect the problem to worsen.
- check out this article at Computerworld