Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Voice Fixes Security Flaw, Almost

Posted by samzenpus on from the almost-got-it-that-time dept.

gardel writes "Google appears to have fixed a significant security hole in its two-week-old Voice calling service though some vulnerabilities remain. Until about 7pm PDT Tuesday, an unauthorized party could use a SIP device to spoof a phone number attached to a Google Voice account to call the Google Voice number, giviing the spoofer access to greetings and voicemail, and the ability to make outbound calls, including expensive international calls. Though spoofing via SIP is no longer possible, continued existence of some vulnerability was still apparent Tuesday night. Voxilla was able to set the caller ID of a PBX extension to a mobile number attached to Google Voice account and call in, using a business VoIP trunk, to gain access."

2 of 55 comments (clear)

  1. Comment removed by account_deleted · · Score: 2, Interesting

    Comment removed based on user account deletion

  2. The problem is Caller ID can't be trusted... by sam0737 · · Score: 4, Interesting

    It's just some data that can be faked. As long as you have a trunk line like T1 to the Telco, or something similar, you are responsible to generate the Caller ID instead of the Telco.

    So what's so surprising here? It just doesn't work to use it for authentication.