Modernizing Authentication — What It Takes to Transform Secure Access
"A quick interrogation of the Tridium device yields a wealth of information about the specific platform version (a slightly outdated version) and OS specifics (QNX running on an embedded device)," Rios wrote in a blog post. "Armed with a few pieces of data, we utilized a custom exploit to extract the most sensitive file on a Tridium device, the config.bog file."
The config.bog file, Rios explains, contains all user names and passwords for the device, which the researchers were quickly able to decode, giving them administrator access to the device itself.
"We reported this issue to the Google Vulnerability Rewards Program (VRP)," Rios writes. "After much heckling from my former colleagues at Google, they quickly pulled this system offline. ... If Google can fall victim to an ICS attack, anyone can."