RESEARCHERS have managed to easily hack the building management system of Google's Sydney headquarters.

The researchers from security firm Cylance were able to obtain the password for the control system for the waterfront Pyrmont office, where it could access the system that controls alarms and other building services.

They also accessed blueprints of the floor and roof plans of building, a clear view of water pipes and the location of a kitchen leak.

The researchers, Billy Rios and Terry McCorkle were able to hack the system because security flaws in the system that Google uses, Tridium Niagara AX, had not been patched up, despite fixes being available.

In a blog post, Mr Rios said they had already discovered 25,000 similar systems on the internet.

"If you have a corporate campus or a modern building of any sort … you’re likely running similar systems someplace on your network," he said.

"If Google can fall victim to an ICS attack, anyone can."

"We could have taken over the operating system and accessed any other control systems that are on the same network as that one," Mr McCorkle told Wired.

"We didn’t do that because that wasn’t the intent … But that would be the normal path if an attacker was actually looking to do that."

A Google spokesman told Wired it was aware of the breach and had disconnected the system from the internet.

He said the system accessed could only control heating and air conditioning, but not electricity, lifts, door access or other building automation.

The Tridium systems are used at the FBI, Changi Airport, Four Points Sheraton in Sydney and a British Army training facility.