Google’s Doors Hacked By its Own Employee
Last July, a Google employee at Google’s Sunnyvale office, figured out how to trap entryways into the opening without the essential RFID keycard.
Fortunately for Google, it was David Tomaschik, a representative at the tech mammoth, who just had good intentions.
Doors at the Sunnyvale office are controlled by RFID keycards and doors can be opened using these cards only. But the bug which Tomaschik discovered can let anyone control the door even without any keycards.
What David Tomaschik did was that he sent malignant code over the Google network, then he saw the lights change from red to green on the way to his office. And the result was surprising as the doors opened.
It was the apex of work in which David had revealed vulnerabilities in technology made by Software House, the designer of the workplace controllers dealing with the physical security of the California site.
Here’s the full explanation of flaw detection given by Forbes:
“Last summer, when Tomaschik looked at the encrypted messages the Software House devices (called iStar Ultra and IP-ACM) were sending across the Google network, he discovered they were non-random.”
While according to Tomaschik, properly encrypted messages should always look random in nature. This made Tomaschik to dug deeper and figured out the Software House devices use “hardcoded” encryption key which can be easily replicated and new commands can be forged so as to change the functionality and this all can be done without any record of actions.
Davis Tomaschick notified this flaw to the Google’s Officials and the patch to the security flaw is stepped up by both Google and Software House so that no-one can advantage of the vulnerability.