Google Voice Fixes Security Flaw, Almost 55
gardel writes "Google appears to have fixed a significant security hole in its two-week-old Voice calling service though some vulnerabilities remain. Until about 7pm PDT Tuesday, an unauthorized party could use a SIP device to spoof a phone number attached to a Google Voice account to call the Google Voice number, giviing the spoofer access to greetings and voicemail, and the ability to make outbound calls, including expensive international calls. Though spoofing via SIP is no longer possible, continued existence of some vulnerability was still apparent Tuesday night. Voxilla was able to set the caller ID of a PBX extension to a mobile number attached to Google Voice account and call in, using a business VoIP trunk, to gain access."
Has been true since early days (Score:3, Insightful)
Voxilla was able to set the caller ID of a PBX extension to a mobile number attached to Google Voice account and call in, using a business VoIP trunk, to gain access.
This has been true since early days of Grand Central. I really hope they would fix this, but I doubt they will. Basically, everyone knows you can't trust Caller ID, , but they chose to do so anyway. I bet this was a business decision to allow easier use of the voicemail in order to compete with cellphone provider voicemail.
-Em