Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Voice Mails Found In Public Search Engine

Posted by timothy on Monday October 19, 2009 @09:55AM from the wouldn't-mind-being-able-to-put-some-there dept.

bonch writes "Google Voice Mails have been discovered in Google's search engine, providing audio files, names, and phone number as if you were logged in and checking your own voice mail. Some appear to be test messages, while others are clearly not. Google has since disabled indexing of voice mails outside your own website."

1 of 145 comments (clear)

Min score:

Reason:

Sort:

The Real Problem is ... by itzfritz · 2009-10-19 10:25 · Score: 5, Interesting

The real problem, IMO, is that Google Voice voicemails are world-readable to begin with. The only security is the URL scheme. If that can be reverse engineered, the privacy of all google voice users will be in danger. (fyi I have tested this myself. The url scheme is "https://www.google.com/voice/fm/20-digit account id/long b64 encoded binary string", and these urls can be viewed by unauthenticated users. Note the use of https; while no man in the middle will read my voicemail, the man on one end can ;)