When you stop to think about the businesses who have been hacked in recent years, there have been some quite big names under the spotlight. Organisations such as Sony and Ashley Madison are good examples of recent scandals. These companies, although working on digital platforms, were subject to some quite serious breaches that have severely affected the way they are able to operate. The reason why is simple; lack of security as a result of lack of knowledge. But although ‘Digital’ businesses, surely the same thing couldn’t happen to a company as technology leading and digitally savvy as Google. Could it?
What was incredibly interesting about the Google attack in 2013 is that it wasn’t the search engine itself that was targeted. Neither was it any of the additional services, like Google+ or analytics. In fact, Google were targeted instead through the building management system of their Wharf 7 office in Sydney, Australia. The hackers were looking to take advantage of the tens of thousands of control systems that connect everything within the building to the internet.
The ‘criminals’ in this case were nothing of the sort. Instead, they were cybersecurity researchers looking to test a theory. Having found a list online that detailed devices connected to the internet, they soon identified them as belonging to a building owned by Google. From there, they exploited a weakness in the system, gained entry and then immediately passed on information about the breach to Google themselves.
The wealth of information that they were able to obtain about the building shows how vulnerabilities in security could indeed be exploited for malicious intent. Blueprints of the floor and roof plans, images of the water pipe network and even the temperatures recorded in the building. More concerning though was the intimation that with a little further digging, which the researchers in question weren’t inclined to do, there could well have been access to security systems that would have unlocked otherwise restricted doors.
So why is this particular hack so important? Because although Google are the headline act, the infiltration of building control systems is something that has happened, and continues to happen on an unprecedented level.
The main reason that control systems are introduced is to improve efficiency and reduce energy consumption. By connecting all electrical aspects of a building through the internet, you can make sure that devices not in use are shut off, and that the heating is an appropriate level, for example. The problem, as the Internet of Things phenomenon continues to prove, is that there are very rarely effective enough security measures in place to protect this connection.
When you consider the potential consequences, the Google ‘hack’ takes on a different light. Imagine that access in a hospital, where electricity can be turned off and patients on a ventilator left without oxygen. In a bank, where doors can be opened with the simple click of a button the moment a criminal walks through the door. In a supermarket, where the temperature can be raised to excessive levels, and the fresh and frozen food completely destroyed. How about your business? How do you feel about people being able to control everything you have that is connected to the internet?
If your company uses a building management system, make sure that you have a secure password in place, and are not using the default option originally inputted by the installer. Also, ensure that if there are patches available from the provider, that you regularly apply them. One of Google’s biggest mistakes was that a vulnerability had been found, a patch produced, but that they had simply not taken the time to apply it. Most of all, if you are worried about how secure your building is, talk to us at Digital Pathways today, for more advice on keeping safe.