We reported this issue to the Google Vulnerability Rewards Program (VRP). After much heckling from my former colleagues at Google, they quickly pulled this system offline. We also applaud Google for creating a program like the VRP and giving us the chance to share our story with a wider audience. At the time of this blog post, this exact issue affects tens of thousands of devices on the Internet and thousands of different organizations. Thank you Google for helping us raise awareness on this issue! I asked that any proceeds from the VRP be donated to the Wounded Warrior Project, but apparently this issue doesn’t qualify for VRP rewards.
If you have a corporate campus or a modern building of any sort… you’re likely running similar systems someplace on your network. We’ve already discovered over twenty five thousand of these systems facing the Internet… one down, twenty four thousand, nine hundred, ninety nine to go 🙂
If Google can fall victim to an ICS attack, anyone can.
Hacking systems that control a building infrastructure.