Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday September 10 2018, @04:56AM   Printer-friendly
from the do-not-enter dept.

Submitted via IRC for takyon

A Google engineer found that he was able to hack the supposedly secure doors at the search giant's Sunnyvale offices. He was able to unlock doors without the RFID key, and even lock out employees who did have their key ...

Forbes reports that David Tomaschik found what turned out to be a completely inexcusable vulnerability in the Software House devices used to secure the site.

Last summer, when Tomaschik looked at the encrypted messages the Software House devices (called iStar Ultra and IP-ACM) were sending across the Google network, he discovered they were non-random; encrypted messages should always look random if they're properly protected.

He was intrigued and digging deeper discovered a "hardcoded" encryption key was used by all Software House devices. That meant he could effectively replicate the key and forge commands, such as those asking a door to unlock. Or he could simply replay legitimate unlocking commands, which had much the same effect [...] And he could prevent legitimate Google employees from opening doors.

Worse, the hack left no trace in the security logs, so there would be no evidence of whether or not the exploit had ever been used.

The same Software House tech is widely used by other companies, meaning that any number of businesses could be left vulnerable.

Source: https://9to5google.com/2018/09/03/google-doors-hacked/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.