News

Employee finds leaks in Google office software security vendor

By admin
Spread the love

A Google employee, David Tomaschik, has found vulnerabilities in the software of a security vendor at the Google office in Sunnyvale, California. These gave him control over the doors in the building.

The employee tells Forbes that at one point he had further investigated the encrypted network traffic of the devices from supplier Software House. He determined that the messages were not random, which should be the case with properly applied encryption. That’s how he found out that the software used a pre-programmed encryption key. That meant he could forge and repeat commands. For example, he was able to control all doors in the building and thus gain access without denying the necessary rfid card or other Google employees access without leaving traces.

Google tells Forbes it has found no indications that the vulnerability has been exploited. It is unclear whether this could have been exploited by an outside attacker. As a result of the discovery, the company has decided to apply network segmentation to protect vulnerable devices. Software House says it has since taken measures by applying tls. However, according to Tomaschik, this intervention requires a hardware change on the part of the customer, because the Software House systems do not have enough memory to be able to update the firmware. The company declined to comment.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

Exit mobile version