Even established companies such as Google are not protected from tampering. Moreover, the trouble can come from where no one is waiting. For example, the Australian division of Google clearly complied with the rules of information security towards computer networks and broke them through the industrial management system of the building , which houses the office.
It is an office of Google Wharf 7 – the building of industrial design with large open spaces, which is not even very much and it looks like an office.
Hacker Cylance company undertook the attack, taking advantage of vulnerabilities in the system of management of the building Tridium Niagara. Hackers managed to extract the configuration file “config.bog” of devices of Tridium, running under the operating system QNX. In this file were names and password hashes for all users, including the administrator.
It was not easy to decrypt Administrator security password.
After that, the hackers gained full access to the building, including the movement of staff logs, alarm systems, metering, floor plans, etc.
Naturally, hackers immediately applied for the program rewards Google Vulnerability Rewards Program (VRP). They have published information in the public domain only after the system has gone offline.