Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Doors Hacked Wide Open By Own Employee (forbes.com)

Posted by msmash on from the for-the-record dept.

Last July, in Google's Sunnyvale offices, a hacker found a way to trick doors into opening without the requisite RFID keycard, Forbes reported Monday. Luckily for Google, it was David Tomaschik, an employee at the tech giant, who only had good intentions. From the report: When he sent his malicious code across the Google network, he saw the lights turn from red to green on the door to his office. Then came the satisfying thunk as the lock opened. It was the culmination of work in which Tomaschik had uncovered vulnerabilities in technology made by Software House, the creator of the office controllers managing the physical security of the California site.

Last summer, when Tomaschik looked at the encrypted messages the Software House devices (called iStar Ultra and IP-ACM) were sending across the Google network, he discovered they were non-random; encrypted messages should always look random if they're properly protected. He was intrigued and digging deeper discovered a "hardcoded" encryption key was used by all Software House devices. That meant he could effectively replicate the key and forge commands, such as those asking a door to unlock. Or he could simply replay legitimate unlocking commands, which had much the same effect. Tomaschik also discovered he could do all this without any record of his actions. And he could prevent legitimate Google employees from opening doors. "Once I had my findings it became a priority. It was pretty bad," he told Forbes. Google then moved quickly to prevent attacks on its offices, according to Tomaschik.

112 comments

  1. Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: -1

    So totes haxx0red da syst3m!!!1! HAXXXXXX!!!!!!!eleventy!

    1. Re:Haxxy haxxy haxx0rz!!!1! by BeauHD++(.)+(349) · · Score: -1

      If a Google employee literally *hacked* the doors at GOOGLE then imagine what the Russians are capable of. And I'm talking about more than just getting TRUMP in there. The Russians could probably hack into nuclear warheads and make them launch. Then they could start World War Three. And whose gonna need fair election's when we are all DEAD?

    2. Re: Haxxy haxxy haxx0rz!!!1! by tysonedwards · · Score: 2

      Americas nuclear arsenal is an offline system that relies on humans to receive a message, validate its authenticity, and then choose to act. There are decided differences between what is effectively a mechanical turk and an internet of shit device.

      --
      Thirty four characters live here.
    3. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: -1

      Yes, but as the Liberals have so clearly demonstrated, all it takes is one Russian bot army to brainwash the population to vote Trump. This could just as easily be used to convince the nuke silo officers to reprogram the nuke targets and launch the nukes at the US and its Allies.

    4. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: 0

      I can't even tell if you're joking. Anyways, if the Russians wanted you dead you would be. They have more than enough nukes themselves.

    5. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: 0

      That's why The Guard of The Nuclear Silos are inherited positions. Adapted to living in cramped quarters and nothing but American version of Netflix series, the family protects and are protected. This system will never fail to distinguish real threat from false positive events, simply because false alarms can't cancel out the TV noise in the living room.

      If all else fails, humanity survives and adapts to living in concrete bunkers, safe and protected from all evil-doers.

    6. Re: Haxxy haxxy haxx0rz!!!1! by JaredOfEuropa · · Score: 1

      Can the officers in the silo even reprogram the missiles or launch independently? That sounds like a monumentally bad idea. What would stop them from declaring the Free State of Silo 16 and threaten to nuke Washington if their demands for beer, beef and pre ban AR15 weren’t met?

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    7. Re: Haxxy haxxy haxx0rz!!!1! by Antique+Geekmeister · · Score: 1

      In theory? No. In practice? That is a very good question. These are, generally, skilled officers, educated well enough to manage a tremendous responsibility correctly and reliably. One or more of them might be clever enough to outsmart flawed security.

    8. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: 0

      They just need something old enough that can read an 8-inch floppy disk.

    9. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: 0

      Yes, but as the Liberals have so clearly demonstrated, all it takes is one Russian bot army to brainwash the population to vote Trump. This could just as easily be used to convince the nuke silo officers to reprogram the nuke targets and launch the nukes at the US and its Allies.

      Russia only brainwashed ~half the population to vote for Trump.
      The other ~half of the population was brainwashed by Russia to vote for Clinton.

    10. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: 0

      If this sounds like a slightly not terrible idea...
      Go read "Wool" by Hugh Howey or something like that.
      Good, hard SF from a few years back.

    11. Re: Haxxy haxxy haxx0rz!!!1! by phantomfive · · Score: 1

      Unlike the door, it would be hard to try the nuke over and over to reverse engineer what message was being sent.

      --
      "First they came for the slanderers and i said nothing."
    12. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: 0

      Well, the first roadblock is the fact that the people capable of targeting or launching nukes are older, well-investigated and established military officers.
      The second roadblock is the dozens to hundreds of other armed soldiers, most of whom will happily shoot anyone that tries to use the nukes to threaten the United States.

    13. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: 0

      Actually there was no brainwash at all. The issue comes down to how our electoral system is built on. Not the Electoral college itself because that worked the way it was intended to do. I am talking about the fact that our election system comes down to essentially 2 parties. Yes there are independents, green party, etc. But those parties are not formally recognized and thus nobody from those parties will ever be elected. So in the end, it comes down to who wins the primaries for each party. So at the end, there are only two candidates to vote for. Trump did well, and his intentions are solid. Hilary screwed up by allowing the DNC to rig the primaries. They essentially banked on the fact that Obama was the first Black President, so they went under the assumptions that people were willing to vote for a woman instead of a man. So they rigged the primaries to be in her favor rather than Sanders. Had they let the primaries do what they are supposed to do, Hilary had no shot against Bernie. He had more younger generation voting for him.

      Truth be told. This past election was the GOP's fault for not finding a better person to run against Trump. Hilary lost because she didn't actually want the job, she wanted to be the first woman in the chair. That's all she cared for. She didn't actually care about the Country or the people. She just wanted to be known as the first woman President.

      People are tired of the same old same old politicians in Office. If there was a vote today, there would be term limits set for both Congress and the Senate.

      Issue is the Democrats want to try to rewrite history, and trying to force people to do things they don't want to. If the Dems were smart, they would have fixed the ACA, but they didn't. Had they been really smart, they would have rejected Obama's bill and voted it down and told him to stop trying to change things, that they will find a solution that both parties are ok with.

      Problem is, now days the American people can't tell what the truth is, and what is false. All because the Media are nothing but clowns. Trump is right...the Media is out to get him. All they do is put a negative spin on everything he does....regardless of how good it is, or whether or not Obama did the exact same thing.

      The only ones that are actually brainwashed are those who follow the DNC and don't see the harm they are doing. They are the ones who are blind to the truth. Look at Hilary's email scandal and the Benghazi issue. All Hilary had to do was come clean and tell the truth, but she couldn't do that.

    14. Re: Haxxy haxxy haxx0rz!!!1! by Anonymous Coward · · Score: 0

      This is AC you replied to.
      I was mostly joking, but everything you said was mostly spot on.

      Hilary had no shot against Bernie. He had more younger generation voting for him.

      One thing though, I'm an old guy in the South. All the old (60 yrs +) people I know say they would have voted for Bernie against either Trump or Hillary.

      We old people mostly remember Trump from his early days as a a notably crooked developer, not so much his TV career. But even the ones I know that are obvious racists/sexists still said they preferred the Bernie.

  2. and then they sacked him by Anonymous Coward · · Score: -1

    amirite?

    1. Re: and then they sacked him by Anonymous Coward · · Score: 0

      Probably didn't pay a bug bounty

    2. Re:and then they sacked him by bill_mcgonigle · · Score: 0

      Google doesn't sack people for finding exploits. They sack people who say men and women aren't biologically identical.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  3. Unsure about this by proibido · · Score: 4, Interesting

    If they protect their own facilities like this imagine our own data :S

    1. Re:Unsure about this by Anonymous Coward · · Score: 1

      How a third party handles its own product doesn't seem like it could represent how Google develops their own services.

    2. Re:Unsure about this by that+this+is+not+und · · Score: 3, Insightful

      A lot of third parties do much better than Google. Google dabbles in a lot of directions, at the whim of their loose and often undirected management.

    3. Re:Unsure about this by Anonymous Coward · · Score: 1

      Oh sure, I just think it's a bad comparison. Google bought a product that it turns out has a security flaw. How some other company operates and sells their products can't really represent Google's own development practices.

    4. Re:Unsure about this by arth1 · · Score: 4, Interesting

      How some other company operates and sells their products can't really represent Google's own development practices.

      No, but it shows that they use and rely on 3rd party unverified and ill designed programs, giving it access to their networks. That does taint their own products, even if everything they themselves did were safe and secure - to misuse a metaphor, it's fruit from a poisonous tree.

    5. Re:Unsure about this by Anonymous Coward · · Score: 0

      AND do the eula google may just have to fire this worker or just pay him to quit as it will be cheaper the cost of the ETF

    6. Re:Unsure about this by Anonymous Coward · · Score: 0

      Shut your mouth. Some people are making good livings selling the stuff that falls off the back of Google's trucks...

    7. Re: Unsure about this by Anonymous Coward · · Score: 0

      Yet they were the only Software House customer tenacious enough to find the security flaw. If they have time and inclination to find flaws in 3rd party products that to me is a good sign about how they would likely treat their own products. Not saying they should be trusted 100%, just that this is not a bad look for them imho.

    8. Re:Unsure about this by swillden · · Score: 1

      How some other company operates and sells their products can't really represent Google's own development practices.

      No, but it shows that they use and rely on 3rd party unverified and ill designed programs

      So does every company. So does yours. But how many others do this sort of investigation? Software House has thousands of clients, but it was Google that found the problem -- and published it.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    9. Re: Unsure about this by arth1 · · Score: 1

      The time to check for flaws is before putting it on your trusted network, not afterwards. Someone was allowed to make the decision to put a 3rd party IP based security system on the same network as trusted resources, without first evaluating it for security. This seems like a management problem to me.

    10. Re: Unsure about this by Zero__Kelvin · · Score: 1

      You are pretty desperate to point and grunt "Google bad!". I guess your understanding of computer security is so low you don't realize that pretty much every company on the planet has at least one Windows machine on their network that regularly updates with unvetted code.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  4. Since when google became a bank? by Anonymous Coward · · Score: -1

    What you need security doors for google? To stop others from stealing employees or what?

    1. Re:Since when google became a bank? by Anonymous Coward · · Score: 0

      Nah, they have contracts with competing businesses for that.

    2. Re:Since when google became a bank? by GuB-42 · · Score: 4, Funny

      I heard they have free food, and that it is really good.

    3. Re:Since when google became a bank? by omnichad · · Score: 1

      It's called a Lauer lock

    4. Re:Since when google became a bank? by Anonymous Coward · · Score: 0

      I heard the girls there giggle when you pinch their butts!

    5. Re: Since when google became a bank? by Zero__Kelvin · · Score: 1

      That's one way to let the whole world know you have never worked at a tech company in your life I guess.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  5. Internet of shit still shit by Anonymous Coward · · Score: 2, Insightful

    News at eleven.

  6. You're only supposed to blow the bloody doors off! by Anonymous Coward · · Score: 0

    Your fired!

  7. That's why google support sucks by captbollocks · · Score: 0

    They spend too much time doing their own shit rather than helping paying customers

    1. Re:That's why google support sucks by captbollocks · · Score: 1

      Like finding a solution to why our emails sent through gmail servers go to spam folders of our customers on gmail and whom we have been communicating with via email for years.

      Trying to get a support case escalated when the support muppet can't give you an answer is nearly impossible unless you start yelling at the support muppet. Then you get a manager muppet and have to go through the whole process again.

    2. Re: That's why google support sucks by Anonymous Coward · · Score: 0

      This was my take away.

      Clearly they have employees that can just do whatever the fuck they want and don't seem to be accountable for their time or actions. It doesn't sound like the employee was officially tasked by Google to send "his malicious code across the Google network" which in most places is usually considered some sort of offense, regardless of the findings.

      So what else is this guy doing, or other employees, that we don't know about?

    3. Re:That's why google support sucks by Anonymous Coward · · Score: 0

      https://support.google.com/a/answer/60751?hl=en will fix it

    4. Re: That's why google support sucks by Anonymous Coward · · Score: 0

      IIRC, Google employees (or at least developers) are allowed to use a certain percentage of their work time on personally-chosen projects (e.g. see https://www.inc.com/adam-robinson/google-employees-dedicate-20-percent-of-their-time-to-side-projects-heres-how-it-works.html).

    5. Re:That's why google support sucks by Anonymous Coward · · Score: 0

      They spend too much time doing their own shit rather than helping paying customers

      Where did you get the idea that the google employee discovering this was a support person?

  8. Open All The Doors by that+this+is+not+und · · Score: 1

    He blew it. The proper thing to do would be to have designed and introduced a trojan/worm into the security system. When it reached critical mass, it would be triggered to open all the doors, continue to reopen the doors, and defend itself against removal.

    1. Re:Open All The Doors by Joe_Dragon · · Score: 1

      just cut the power or set off the fire alarm and that will open a lot of the doors and it's part of the fire code.

  9. Kinda weird by bobstreo · · Score: 1

    Why put your door locks in an accessible network?

    My office doors weren't RFID. You had to actually insert a card into the standalone locks which needed to be programmed for access. The locks also kept a record of who/what accessed them. I like old school.

    The only downside was the magnetic strip would wear out after a few years...

    1. Re:Kinda weird by Anonymous Coward · · Score: 0

      You don't want an accessible network, but the cards need to be programmed for access, and the locks are running software to keep track of entries.

      I guess by old school you mean unsecured when no one is looking.

    2. Re:Kinda weird by OzPeter · · Score: 4, Insightful

      Why put your door locks in an accessible network?

      At some point having a centralized control increases flexibility and security over and above the effort needed to implement it.

      In your old school scenario if you were fired then Fred down at IT would have to schedule someone to physically come to your office and and re-program your door lock to stop you gaining access to not only your office but all those other sensitive places that you previously frequented. That would take time and manpower to do.

      In a connected world, run one script and *poof* you are instantly persona non grata in the entire organization. Of course the connected world scenario does require security to be correctly implemented. But that is what pen testing is all about. It is akin to the software corollary that untested software should be considered broken.

      --
      I am Slashdot. Are you Slashdot as well?
    3. Re:Kinda weird by Asgard · · Score: 1

      >accessible network

      I think the suggestion was that the locks should be on a separate network than is accessible to anyone other than building management.

    4. Re:Kinda weird by mystik · · Score: 3, Interesting

      There is a risk to fully automatic organizations like that.

      https://idiallo.com/blog/when-...

      Can be pretty scary when there are no checks and balances to the automation.

      --
      Why aren't you encrypting your e-mail?
    5. Re:Kinda weird by OzPeter · · Score: 1

      >accessible network

      I think the suggestion was that the locks should be on a separate network than is accessible to anyone other than building management.

      I was replying to the OP was reminiscing about how good disconnected locks were.

      --
      I am Slashdot. Are you Slashdot as well?
    6. Re:Kinda weird by OzPeter · · Score: 1

      There is a risk to fully automatic organizations like that.

      https://idiallo.com/blog/when-...

      Can be pretty scary when there are no checks and balances to the automation.

      I've seen that story before and its a bit disingenious. The machine didn't fire him, the non-renewal of a contract by a person fired him. The system did its job correctly.

      --
      I am Slashdot. Are you Slashdot as well?
    7. Re:Kinda weird by bobstreo · · Score: 1

      Why put your door locks in an accessible network?

      At some point having a centralized control increases flexibility and security over and above the effort needed to implement it.

      In your old school scenario if you were fired then Fred down at IT would have to schedule someone to physically come to your office and and re-program your door lock to stop you gaining access to not only your office but all those other sensitive places that you previously frequented. That would take time and manpower to do.

      In a connected world, run one script and *poof* you are instantly persona non grata in the entire organization. Of course the connected world scenario does require security to be correctly implemented. But that is what pen testing is all about. It is akin to the software corollary that untested software should be considered broken.

      Nah, the parking lots, security fence entry and building entry were on RFID which was on a separate network. Easy to revoke if needed.

    8. Re:Kinda weird by decep · · Score: 4, Insightful

      > Why put your door locks in an accessible network?

      This one is easy. One of the purposes of encryption is allowing trusted communication over untrusted networks. If the communication is properly authenticated and encrypted, who cares who can see it. The key word being "properly".

      Getting encryption and authentication right on a mass-produced, IoT product is extraordinarily difficult. Making it [reasonably] future-proof, even more so.

    9. Re:Kinda weird by Anonymous Coward · · Score: 0

      Why put your door locks in an accessible network?

      At some point having a centralized control increases flexibility and security over and above the effort needed to implement it.

      In your old school scenario if you were fired then Fred down at IT would have to schedule someone to physically come to your office and and re-program your door lock to stop you gaining access to not only your office but all those other sensitive places that you previously frequented. That would take time and manpower to do.

      That is not correct. You missed the "accessible" part of the network.
      Networks do not require someone to walk down to a device, you simply connect to it over the network.

      Accessible means *YOU* can't connect to it, but the people authorized *CAN*

      I can't access your home network, and you can't access mine.
      That doesn't mean neither of us are on a network like you claimed.
      I can VPN into my own network and access it just fine without so much as standing up, let alone this walking thing you say is needed.

      But just because I can VPN in doesn't mean you can.

      Of course the connected world scenario does require security to be correctly implemented.

      It's funny, everyone here including the person you responded to is discussing exactly that.
      Only you seem to not understand what security means in the context of a network.

    10. Re:Kinda weird by sjames · · Score: 1

      Many of those are connected by a serial protocol through their own physical wiring.

      That goes back to one or more security panels that connect via serial to a PC that may or may not have a network connection.

      Of course, for safety, many of those are fail open and the wiring isn't physically secured such that you can short the wires to the latch to open the door without leaving a record of access.

    11. Re:Kinda weird by sjames · · Score: 2

      That's exactly why for the sake of belt and suspenders you should at least use a vlan to isolate the security traffic if not a physically separated network.

    12. Re:Kinda weird by Anonymous Coward · · Score: 0

      Actually encryption is for secrecy. Authentication is for trust. Also, defense in depth is a good thing, so put those locks on a separate (virtual) LAN. And it's not extraordinarily difficult to get this right, but every cent saved on development is another bonus going to some pointy haired manager, so there you go.

    13. Re:Kinda weird by rea1l1 · · Score: 1

      >In your old school scenario if you were fired then Fred down at IT would have to schedule someone to physically come to your office and and re-program your door lock to stop you gaining access to not only your office but all those other sensitive places that you previously frequented. That would take time and manpower to do.

      This could very well be considered a feature in terms of checks and balances.

      >In a connected world, run one script and *poof* you are instantly persona non grata in the entire organization.

      Indeed. And that is a lot of power in a single tool. The power itself makes it a much more valuable target to those with malicious intent. To create such an all powerful tool and not need to worry, your developers need to be PERFECT in every way. Keep in mind, no one is perfect, which is why no one should install such an all powerful tool. There is no such thing as perfect security, so stop connecting all of these important systems together. You're asking for a collapse.

    14. Re:Kinda weird by aaarrrgggh · · Score: 1

      Not for most systems I have seen-- they work kindof like a certificate authority with a revocation list. No control communication over the IP network, just RS-485.

    15. Re:Kinda weird by swb · · Score: 1

      I have to deal with building security systems sometimes and nearly always the RFID locks (which encompasses the RFID reader, secondary keypad if there is one, and electromechanical lock mechanism) aren't ethernet enabled.

      The "locks" are hardwired to controllers which can be networked but are programmed by some software application which in turn places each keycard into whatever access groups its supposed to have. The controllers are then updated with add/deletes of card profiles. I see about half the controllers networked in these systems, and about half have some old laptop with a crossover or serial cable connected for programming.

      The network can be completely down and the card access system works just fine, the only problem is you couldn't alter the controller database or access profiles (except with the ones with a dedicated PC).

      I was literally at a facility Friday that was setup this way when it was built to manufacture fentanyl patches, so I'm assuming the DEA considered it secure. My customer took over the building and it had zero network, the old tenant literally programmed a dozen "master" keycards and left them to new ownership right before they yanked all the switches.

      The main security control panel was in the computer room with a dedicated PC for card access management, but since the new owners only make soap and not fentanyl, they decided to network the card access PC so HR and facilities management could alter card profiles remotely. Obviously this is something of a security weakness, since you can ultimately hack accounts to get to the management PC and reprogram access card profiles, but you can't actually work the locks themselves as far as I can tell.

      The bigger problem, IMHO, is that companies are cheap and look at the card access systems as a fixed system that needs no upgrading and no maintenance contract. The software is shitty with poor OS portability, the ancient management PC dies and nobody can reprogram cards for a couple of weeks until the vendor is tracked down, a maintenance agreement signed and a bunch of software updates installed.

    16. Re:Kinda weird by swillden · · Score: 1

      That's exactly why for the sake of belt and suspenders you should at least use a vlan to isolate the security traffic if not a physically separated network.

      The Google network is heavily segmented, though Google has shifted to consider that more of a management feature than a security feature. Google relies primarily on the BeyondCorp zero trust model to provide security, because network segmentation really doesn't. Segmentation isn't useless, but it provides no protection against adversaries who get access to the wires.

      I'm sure the badge readers were on a separate VLAN. But Google doesn't trust network segmentation and obviously chose to investigate potential vulnerabilities. Which is a good thing, for Google, for its users and customers, and for other Software House customers (and, almost certainly, customers of Software House's competitors, because I'd be very surprised if the whole door access industry weren't at least this bad).

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    17. Re:Kinda weird by Calydor · · Score: 1

      And the system apparently had permissions somewhere up around CEO level seeing as NO ONE was able to stop what it was doing.

      I'm curious what would have happened if they'd told the machine the CEO had been fired.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    18. Re:Kinda weird by sjames · · Score: 1

      According to TFA, they segmented the network in response to the hack. And yes, VLAN isn't perfect. That's why you want belt AND suspenders, not belt OR suspenders.

    19. Re:Kinda weird by swillden · · Score: 1

      According to TFA, they segmented the network in response to the hack.

      Okay.

      And yes, VLAN isn't perfect. That's why you want belt AND suspenders, not belt OR suspenders.

      Except that VLANs are more like wearing suspenders made of a few, thin threads. It's almost nothing. Proper cryptographic security is the right solution here, and once you have that, a VLAN provides nothing -- other than traffic management, which is what it's really good for. VLANs were never intended to be used as a security measure, and shouldn't be applied with any expectation that they're adding significant security.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    20. Re:Kinda weird by ebvwfbw · · Score: 1

      For a door lock? Ever set some of this "IOT" which is really "ICT" or Internet Connected Technology? Some of the crap requires windows and explorer for the controls. Vlan, they barely meet minimum requirements as it is.

      If you want to keep people out, use a good old commercial door lock. That'll keep almost all the lock picks out. They an also put spools, other things in to make it a lot harder.

    21. Re:Kinda weird by sjames · · Score: 1

      There are many reasons you might want centrally controlled access control with cards. For example, if 1000 people have legitimate access, how long do you suppose it will be before a copy of THE key goes missing somewhere?

    22. Re:Kinda weird by ebvwfbw · · Score: 1

      There are many reasons you might want centrally controlled access control with cards. For example, if 1000 people have legitimate access, how long do you suppose it will be before a copy of THE key goes missing somewhere?

      I run into this all the time. That's not what the problem is. The problem was his office. For central places it's not nearly as much of a concern. There is usually a guard there, CCTV, other people. They can also piggy back in. Then they filter people down by floor, then often by other key card access areas. Most of these places today if you have an actual office, whatever you do is worth protecting. Otherwise you're usually out in a bull pen at a half desk.

      I remember even over 20 years ago I had to use a card to get to the floor, then a card to get out of the elevator area where the elevator lobby was. Then I could get to my office, which had a commercial cylinder. This was not a government building.

      I know the thing a lot of auditors love to see today is centralized control. I can lock employee 10013 out with one mouse click! Computer access, office access, even the coffee club and bathroom is off limits to him now (release the hounds)!

  10. What, no network isolation? by Slashdot+Junky · · Score: 2

    Clearly, the door access/lock system has or had design problems and needs these properly addressed. It's presence was made worse by poor network security. It should have been on a dedicated network and certainly not on the general LAN/VLAN. This guy had access to the network and shouldn't have unless the poking around was blessed.

    --
    .
    Landfill Mining Co.
    Managing the (Un)natural Resources of Tomorrow
    1. Re:What, no network isolation? by ledow · · Score: 1

      Agreed.

      VLAN. With RADIUS. Or the very least MAC-based RADIUS and blocking any unknown devices.

    2. Re:What, no network isolation? by Anonymous Coward · · Score: 0

      "Security Engineer @Google Red Team & Security Assessments. Security Researcher. " if you believe github self descriptions are true

    3. Re:What, no network isolation? by WaffleMonster · · Score: 1

      Clearly, the door access/lock system has or had design problems and needs these properly addressed. It's presence was made worse by poor network security. It should have been on a dedicated network and certainly not on the general LAN/VLAN. This guy had access to the network and shouldn't have unless the poking around was blessed.

      Physically securing wires is a fools errand. You can't protect wires that go everywhere.

      Every dime spent on a fools errand is a dime not spent securing what is attached to those wires.

    4. Re:What, no network isolation? by Slashdot+Junky · · Score: 1

      Physically securing wires is a fools errand

      Correct. Wires are pretty easy to sufficiently protect through physical barriers that aren't easily breached without noise and adherence to smart policy. Like most things in need of securing, network and network attached devices require a multi prong approach. And similarly to all security implementations, the one that Google may have employed along this with door lock/access management solution would have been defeated by those sufficiently motivated even without its bad design.

      --
      .
      Landfill Mining Co.
      Managing the (Un)natural Resources of Tomorrow
    5. Re:What, no network isolation? by viperidaenz · · Score: 1

      Google don't have dedicated networks full of systems that blindly trust everything, as they're on "trusted networks".
      They have one massive network, with devices that are supposed to be secure.

    6. Re:What, no network isolation? by swillden · · Score: 2

      This guy had access to the network and shouldn't have unless the poking around was blessed.

      "The guy" is a member of Google's Red Team, which is the group tasked with finding internal security problems. He was "blessed".

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  11. Weird by Anonymous Coward · · Score: 0

    Surprised he wasnâ(TM)t fired and arrested for his efforts. Guess he might still be sued by Software House. Good deeds rarely go unpunished if they embarass wealthy corporations.

    1. Re: Weird by tysonedwards · · Score: 2

      I am surprised the door locks were on the same network as workstations. Actual traffic isolation would have prevented someone from finding this flaw unless they start tearing holes in their walls.

      --
      Thirty four characters live here.
    2. Re: Weird by shess · · Score: 1

      I am surprised the door locks were on the same network as workstations. Actual traffic isolation would have prevented someone from finding this flaw unless they start tearing holes in their walls.

      Is it clear that it was on the same network as workstations? I left Google in 2017, and for many years the internal networks had been heavily segmented. I'd be very surprised if any random RFID node or printer could have communicated directly with my workstation. In fact, I don't think my machines could talk to each other from physically adjacent Ethernet ports without requesting a network change.

    3. Re: Weird by Antique+Geekmeister · · Score: 1

      Oh, my. It's very easy to ask why someone else did not spend several times the amount of money in capital costs and support costs for an infrastructure change. What is the return on investment?

    4. Re: Weird by tysonedwards · · Score: 1

      At what point did vlan tagging become DLC?

      --
      Thirty four characters live here.
    5. Re: Weird by Antique+Geekmeister · · Score: 1

      Ideally, the doors would be on a physically distinct network with its own switches, not a VLAN tagged distinct network. That means physically distinct wiring all the way back to the wiring closets, and no plain repeaters or shared switches all the way back to any central switch for the door controller system. In practice, a few facilities bother to set up tagged VLAN's on shared switches. But unless the switches are also programmed to only communicate with specific MAC addresses on specific ports, anyone can plug in a device on such port and access any of the relevant devices on any of the VLAN's, simply by network programming of the client device, even with an appropriately tagged virtual IP address. It's possible to do that kind of restriction of access: but developers in most networks will _despise_ the security people for doing this, because it tends to cause far more failures for the developers than it prevents. Even simple wiring practices such as "the red socket is for internal security, and non-registered devices plugged into it will make us turn off the port" will upset people.

      The "internally open" network, including the infrastructure devices, is very common. Indeed, it is part of the core design of the "Internet of Things" approach to network design were all devices should be accessible at all times. Without testing, I'd not insist that Google does this. But the approach of "don't worry about the internal network, just leave it open" is very commonplace.

    6. Re: Weird by N1AK · · Score: 1

      Ideally, the doors would be on a physically distinct network

      Ideally, they wouldn't be on any network at all if you fixate only on theoretical security threats... but in the real world both your suggestion and this was have passed well beyond the point where the inconvenience exceeds to the additional security benefit. If you can compromise VLAN security to the extent that you could directly access and exploit an access control unit you could almost certainly do the same thing to access and compromise far more valuable things.

  12. WhatCouldPossiblyGoWrong by PPH · · Score: 1

    Particularly if you are Turing testing a hot looking android named Ava.

    --
    Have gnu, will travel.
    1. Re:WhatCouldPossiblyGoWrong by Anonymous Coward · · Score: 0

      Particularly if you are Turing testing a hot looking android named Ava.

      Realistic pen-testing of android pussy. Now with integrated Fleshlight!

  13. He's a Google employee by Bruce66423 · · Score: 1

    This means that they will be dealing with the legal side, and will have ensured that there are no issues. One of the advantages of being an employee.

    1. Re:He's a Google employee by Anonymous Coward · · Score: 0

      Google actively encourages employees to find vulnerabilities in their systems. If you think you've find a vulnerability, then you fill out an internal form explaining what you're trying to do and if there might be any service disruptions for trying it out or researching it. Getting approval is only an issue if whatever you're doing might disrupt productions systems. In most cases it'll just wake up some SRE who wonders what the heck is happening...

  14. I think Bart Simpson said it best... by StandardCell · · Score: 2

    when he said this...

    1. Re:I think Bart Simpson said it best... by TechyImmigrant · · Score: 1

      when he said this...

      Static encryption keys are fine as long as you keep them secret and randomize the protocol. It's when you set about inventing key update protocols that it all goes to shit, Eh TLS?

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  15. Frist 4sot by Anonymous Coward · · Score: -1, Flamebait

    I'll h4ve offended

  16. Learn to spell "its" without an apostrophe by Anonymous Coward · · Score: 0

    Damn.

  17. And then David was fired by bettodavis · · Score: 1

    As a reward for being such a trouble maker.

  18. Disclose the zero day by Anonymous Coward · · Score: 0

    Google should live by their own standards and disclose the hack is soon as itâ(TM)s found. Letâ(TM)s see what happens then.

  19. I'm curious... Is this product viable at all? by Anonymous Coward · · Score: 0

    Is it actually possible to build a secure, computer based door locking system?

    I've watched several DEFCON / Blackhat presentations of pen-testers finding all sorts of vulnerabilities in computer based door locking systems that i cant help wonder if it's actually possible to do it right. Those same pen testers often finished their presentations by claiming to have been unable to find such a lock that they were unable to circumvent, and the 3rd party that provided google with this system is no exception.

    I have to assume that while developing their product the 3rd party company did at least try to make it secure. The product design specification for such a product must surely have had security as it's number one selling point (if it's not secure, then no customers would want to buy it) and yet they completely failed to achieve that goal.

    This feels like a major failing of the product development team. How could they allow a defective security product into the market place? Didn't they have any pen-testers of their own, or at lease a rock-solid set of design criteria and security principles to follow to prevent such a failing. I'm no IT expert but judging by the comments of fellow slashdotters, it seems the use of static encryption is well recognised as a bad idea, and yet they did it anyway.

    So I find myself having to ask the question: Is a secure computer based door locking system just too complex to get right, and therefore impossible?

    1. Re:I'm curious... Is this product viable at all? by Anonymous Coward · · Score: 0

      Suppliers to the construction industry compete on price, and the customers are uninformed.

      The supplier with the lowest cost implementation wins even if it doesn't work.

  20. #DEFCON by Anonymous Coward · · Score: 0

    Wow. Sounds like the doors at some of the @CaesarsEnt hotels. . .

    1. Re:#DEFCON by Anonymous Coward · · Score: 0

      Or their casino at the Linq. Or elevators at Bally's.

    2. Re: #DEFCON by Anonymous Coward · · Score: 0

      I wonder if they have found and figured out all the little gifts that were left for their trespassing security shitheads at the end of DEFCON 26 a few weeks ago. Donâ(TM)t use your eye in the sky nonsense to figure out when people are out of their rooms and use that as an opportunity to illegally break into rooms and go through stuff and steal whatever you feel like.

      Caesars Palace did you find all the fish yet? Might want to bring in a clowder of cats to track it down before it gets so rank that even they can pinpoint where they are.

    3. Re: #DEFCON by Anonymous Coward · · Score: 0

      There are a few rotting cans of tuna in a few of their elevator shafts.

    4. Re: #DEFCON by Anonymous Coward · · Score: 0

      I suggest that for Defcon 27 a partially opened can of fish be hidden somewhere in their properties for each person who their security violates. Four people in a suite? Three days times four people times one can fish per person per day = 12 cans of maggots and smells hidden randomly.

  21. Lack of security not a hack by FeelGood314 · · Score: 2

    You need to be able to review and understand the commands being sent on a network. Often just a one hour review will reveal that there is no real security. There are 3 levels of lack of security:

    1)Static keys, no replay attack prevention, sending the session key with a static key are all things that happen all the time.

    2)Authorization: The next level of security fuck-up for many small devices like these is a complete lack of authorization. Any device that is in radio range or has access to the LAN during the joining window can join the network. (think of WiFi or Blue Tooth as an example).

    3)Identification: Most devices have no means to prove they really are who they say they are. Thus an attacker who takes one device apart and extracts its keys can impersonate almost any other device. Many networks don't even care what device joins, as long as it has a static piece of information and they have no defense against man-in-the-middle attacks. This is also the case where a single device connecting to a network can see everything. When you log into a website and pull up your information and then change the query string to another user's ID and see their information, that isn't a hack. The site is performing as designed.

    I call these lack of security, they aren't bugs or vulnerabilities, the system was simply was never designed to be secure. You aren't hacking a system that didn't have security*.

    *Disclaimer: If you live in a certain country where pointing out something has no security embarrasses people with money you are likely to get charged with unauthorized use of a computer, lose all financial resources, be threatened with 10^20 years in prison and have to take a plea deal. Don't ever do security research in that country.

    1. Re:Lack of security not a hack by phantomfive · · Score: 1

      Good post.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Lack of security not a hack by Anonymous Coward · · Score: 0

      I made a system with static keys.

      Of course it was used to authenticate static data, which was time-stamped, and older data would never overwrite newer. And it required write access to the site with the data, on a company site. And the data was JSON and had was parsed in an untrusted fashion. And the data didn't really affect how the program ran, as it was just a coder ring for what the data you saw meant. And the target was so low value that all of this was probably overkill.

  22. When it comes to physical building security... by Xnet+Project · · Score: 1

    Security automation measures such as RFID scanners, card insert readers, IP Security cameras, etc should always been kept on its on closed-loop network and redundant power source as a best practice. Opening security systems for buildings on a main network can, and will always result in major flaws to the physical security of an infrastructure of a housed facility, and will almost always result in vulnerability points whether it's from a localized or external source.

  23. Here's Johnny by Anonymous Coward · · Score: 0

    When I want to hack a door open, I use an axe.

  24. Serious Linux security & maintenance question by RogueWarrior65 · · Score: 1

    Let's say that you have built a Linux-based "appliance" and it's deployed in numerous places around the world. Let's also say that you need to make some changes to system libraries for new versions. AFAIK, the only way to do this is to have root access. So how would you build some sort of updating software that a user with no Linux experience could run that would allow for installation of new system components? If you have to have root/superuser access, how do you keep it secure? Is there another way to do this?

  25. Re:Serious Linux security & maintenance questi by _Sharp'r_ · · Score: 1

    You don't need the end user to have root access, you just need to have an update process running which can acquire root access, or at least access to the files which need to be updated.

    So you give each appliance a private/public keypair and the public key of your update server. The process which has access to update would then only accept encrypted updates both designated for that appliance's specific key and signed using the update server's private key. Mutual authentication.

    You can do that online via a TLS session, or offline using USB sticks or whatever. It's easy enough to automate either process, although the USB version would require someone to physically plug something in.

    Another way to increase the security of the process is to require a reboot before any system files can actually be updated. It's more disruptive, but presumably if you have any sort of proper monitoring setup, an unplanned reboot shouldn't be missed.

    --
    The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
  26. Re:Serious Linux security & maintenance questi by Anonymous Coward · · Score: 0

    A sudo rule to run a program that will verify that an update bundle is GPG signed by the intended author then execute it. The non-privileged user just needs to place the GPG signed update bundle in the expected location and run the expected sudo command to check and run the update bundle. The author of the update bundle, you needs to GPG sign the bundle you provide to the end user.

  27. I broke in too by Anonymous Coward · · Score: 0

    In the 1970s I used to break into my high school to use the computer after hours . But I only needed a piece of plastic. Or screwdriver.

    (eventually the math teacher just loaned my friend and me his key...)

  28. Door security theatre? by Latent+Heat · · Score: 1

    What is the mission of the security system at Google?

    What I figure it is for at Google and many other tech companies is to satisfy a legal requirement, for I.P. protection and especially to satisfy the U.S. Patent Office.

    If you make a public disclosure, it sets a clock ticking for a U.S. Patent and it may prevent issuance of a patent in other countries. If you make a confidential disclosure, you are protected against tripping that clock, but how do you guarantee that when you are talking to other Google employees you are making a confidential disclosure? It appears that two conditions establish a "safe harbor" on legal confidential disclosure -- that the employees you are talking to have all signed the corporate patent agreement and that there are locks on the doors and guards at the entrance to the facility.

    So Google doesn't need Minuteman Missile Base level of security, it only needs to go through the motions of security to satisfy the lawyers. However hackable their door locks were, they were satisfying the legal requirement, that is, until Genius Google Employee hacked them. Now that this vulnerability has been disclosed, Google has to rework their door locks as does every other fine user of that particular door system.

    Great job, Genius Google Employee!

  29. Port Mirroring by SirSmiley · · Score: 1

    How could he even see the traffic unless he was mirroring a switchport and sniffing traffic he shouldnt be doing in the first place? He obviously had access to the door swipe VLAN and access to the network switch

  30. pre-authorized only by Anonymous Coward · · Score: 0

    This only works due to him having pre-authorized access to the network, an outsider would not be able to do this. Simple fix is to put the security/door/facilities equipment on a restricted VLAN. Sounds like Google outsourced their networking to India rather than hire full-time IT staff to manage their network infrastructure. That's what you get for outsourcing anything involving IT other than the person that answers the phone for the Help Desk.

  31. Re:Serious Linux security & maintenance questi by ebvwfbw · · Score: 1

    As long as it can get out to the internet that's not a problem. I used to do this two decades ago with Linux firewalls I used to set up in Washington. Lot of NPOs. As long as they kept up their payment it would keep updating the machine. Sometimes I'd have to hoof it out there and do an in person upgrade. The bitch ran into it when they had no trouble so they'd cut the support contract. Then call me about a year or so later because someone broke in.

    I don't do any of that anymore. Sold that business off. However it's not hard. All you need is a cron job that updates every day. Set up a reboot schedule so kernels will get updated. That's very simple. The bitch is when you upgrade remotely and something goes wrong. One time I had to get on a plane to fix that. Machine was many miles away.