Google Australia headquarters building vulnerable to remote attack

Researchers have managed to hack the building management system of Google’s Sydney headquarters in Australia.

According to researchers from the security firm Cylance, the Tridium Niagara AX system used by Google has security flaws, which had not been fixed up, despite fixes being offered.

The researchers from security firm Cylance reported that they were able to obtain the administrative password for the use of the system and were able to access control panels that that it used for managing alarms and other building services.

The panels displayed buttons that are marked as ‘active overrides,’ ‘active alarms,’ ‘alarm console,’ ‘LAN Diagram,’ ‘schedule,’ and a ‘BMS key’ button for Building Management System key.

Additionally, researchers accessed blueprints of the floor and roof plans of building, as well as a clear view of water pipes and the location of a kitchen leak.

Cylance researcher Billy Rios said: "If you have a corporate campus or a modern building of any sort… you’re likely running similar systems someplace on your network."

"If Google can fall victim to an ICS attack, anyone can," Rios said.

Google revealed that it was aware of the security flaw and had disconnected the system from the internet, while the system accessed could only control heating and air conditioning, but not electricity, lifts, door access or other building automation.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up