Posted on September 4, 2018 at 10:21 AM
Google’s offices in Sunnyvale were found opened by a “hacker” this last July without the usual RFID keycard. Coincidentally, this “hacker” was one of Google’s own employee by the name of David Tomaschik. However, he did not have any ulterior motive for doing so.
The technology giant is among the respected tech companies in the world, and it has done a lot in securing its offices in Sunnyvale. However, with the aid of some malicious codes, one of the company’s employees was able to bypass the security protocols and get the doors opened effortlessly.
David Tomaschik achieved this feat by sending multiple malware to Google’s network such that the door light that was supposed to remain red without the requisite RFID keycard showed green. This effort by this employee is not meant to defraud the tech giant but to reveal some vulnerabilities in the company’s security architecture which was put in place by the Software House.
Some Backgrounds To The Hacking
Tomaschik first observed last summer that the encrypted messages that Software House (also known as iStar Ultra and IP-network) sent to Google for its door protection were plainly non-random. And ordinarily, messages that are termed encrypted should look random.
This caught the curiosity of Tomaschik and he began to research into the matter. To the inquisitive Tomaschik, the non-randomness of the messages meant that he could reproduce the keys and duplicate its commands if he was able to detect the codes. Surprisingly, Tomaschik found out that Software House operates a common hardcoded encryption key on all the devices it operates.
To his dismay, Tomaschik also found out that he could hack the security commands of the door without being detected while doing so. More so, he discovered that apart from gaining access, he could lock out other lawful employees of the tech giant thereby preventing them from entering their offices permanently.
No Hacking Says Google’s Spokesperson
In a swift response, a spokesperson for Google denied any malware invasion by any hacker to its security doors. He however noted that the Software House has replaced the previous encryption with a more reliable one which he pointed out to be TLS. He affirms that TLS addresses all security concerns previously identified.
The Google spokesperson also noted that for many of the vulnerable systems in its custody, it had ensured adequate security for them by having its network segmented. However, in Tomaschik opinion, other firms patronizing Software House for their door security would have shifted to TLS and have many of their hardware replaced.
In a reaction by a spokesperson to the owner of Software House Johnson noted that that the security issue has been addressed. He, however, didn’t reply to whether it was necessary to change physical devices or not.
While granting responding to Forbes, Tomaschik feared that the same faulty security software might have been deployed to other companies aside from Google as only a few companies make “such office controls.” And that means that unless a change is quickly effected, those other companies can also be at risk.