leaks in software security provider from Google office




Employee finds leaks in software security provider from Google office
A Google employee, David Tomaschik, found vulnerabilities in the software of a security vendor from the Google office in Sunnyvale, California. These gave him control over the doors in the building.

The employee told Forbes that at a certain point he had investigated the encrypted network traffic of the devices of supplier Software House. He determined that the messages were not arbitrary, which should be the case with correctly applied encryption. In this way he learned that the software was using a pre-programmed encryption key. That meant that he could forge and repeat commands. For example, he was able to control all doors in the building and gain access without denying access to the necessary rfid card or other Google employees without leaving traces.

Google tells Forbes that it has found no indication that the leak has been misused. It is unclear whether this could be exploited by an attacker from the outside. As a result of the discovery, the company has decided to use network segmentation to screen off vulnerable devices. Software House says it has taken measures by applying tls. According to Tomaschik, however, this operation requires a hardware change on the part of the customer, because the Software House systems do not have enough memory to be able to update the firmware. The company did not want to respond to this.


In: A Technology & Gadgets Asked By: [23266 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »

Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]