A security firm Cylance has recently hacked Google Wharf Australian unit 7. The hack was possible because of the vulnerability in the building's heating and cooling systems.
Google's offices at the waterfront Wharf 7 in Sydney run on a system called Tridium Niagara, which can monitor and control a variety of devices over the Internet.
Cylance representatives retrieved a configuration file config.bog from the device Tridium, which runs operating system QNX. The file contained usernames and hashed passwords of all users, including administrator.
After that, the data was decrypted, which allowed the attackers to get the full access to the building, including the logs of staff movement, alarm systems, metering, floor plans, etc:
Almost immediately after the hack Cylance representatives have applied for compensation under the program Google Vulnerability Rewards Program. The information about the hack was published only after the system has gone offline.
Cylance notified Tridium of the vulnerability last year. The fix of the bug was provided in August 2012.