Google Engineer Was So Bored At Work That He Broke Into Every Single Locked Door On Campus Using Code That He Wrote In His Spare Time
Source – It’s widely known Google has some of the best software engineers on the planet. Last July, one of them — a Google engineer who works in the company’s Sunnyvale offices — decided to put his skills to the test. Er, against his employer.
David Tomaschik found a software vulnerability that allowed him to hack open doors on campus that you were supposed to need an RFID keycard for. He hacked up some code, sent it across the company’s network, and quickly saw the light on the door to his office turn from red to green.
Last summer, the publication goes to explain, Tomaschik was looking at the encrypted messages the Software House devices called iStar Ultra and IP-ACM were sending across the Google network. He discovered they were non-random, whereas encrypted messages “should always look random if they’re properly protected.
That meant all he needed to do was copy the key and either write commands like asking a door to unlock or replay legitimate commands. Tomaschik found that he was able to do this without leaving any digital trail of his actions, and he could also fix it so that Google employees were prevented from opening doors they should have been able to get into. “Once I had my findings it became a priority. It was pretty bad,” he told Forbes.
Google, naturally, has taken steps to fix all this. For one thing, the company has segmented its network to prevent people on its properties from doing something like this.
Look, everyone gets bored at work. People with normal jobs combat that boredom by sitting on the toilet and playing candy crush or taking extra-long lunches. Some even read Barstool. Then there are the people at Google, who apparently function at such a high level that not only are they writing code in their spare time, they’re actively applying it to “expose security risks” within their own company.
It’s always fascinating listening to people like David Tomaschik talk because they’re so cavalier about what they do. He probably didn’t even get excited about unlocking all those doors. He just thought he was solving a puzzle. Which in fairness is true, but when you think about how much damage he could’ve done is terrifying. What’s more terrifying is that company is filled with people just like him. A bunch of nerdy geniuses who decide to use their brainpower for good not evil. All it takes is one rogue employee to expose some information or start erasing stuff and we’re all screwed. To be honest, I don’t understand why more people with the technical know-how of David Tomaschik don’t commit crimes in the first place. If I could unlock every door in New York from my iPhone chances are I’d get myself into some trouble.
Anyway, I’m not sure how this guy didn’t get fired considering it became “his priority,” but I’m not surprised he didn’t. All you have to do at a tech company is say you were exposing security risks and you get immunity. Crazy story regardless. Hopefully they give him a raise so he doesn’t go rogue and start fucking things up more than he could have already.