Google Voice Mail searchable by ANY random user?
Results 1 to 6 of 6

Thread: Google Voice Mail searchable by ANY random user?

  1. #1
    OcaNyc is offline BlackBerryOS Inspired
    Join Date
    Jul 2009
    Device
    9630
    OS
    Too Many :/
    Posts
    171
    Liked
    0 times

    GoogleVoice Voicemail Flaw?

    This isnt good.

    "Holy crap. It seems that Google is going to have some pretty serious explaining to do this morning, as one of our readers has sent us in a tip that reveals a major security flaw involving Google Voice. After entering “site:https://www.google.com/voice/fm/* ” into Google, our reader was shocked and discouraged to be greeted by 31 voice mail messages belonging to random Google Voice accounts. Clicking on each revealed not only the audio file and transcript of the call, but it also listed the callers name and phone number as it would if you were checking your own Google Voice voice mail. We’re not too sure if this flaw is something new or if it has been around since Google Voice started, and could just be test messages, but needless to say the matter has to be fixed if it’s legit. Some censored screenshots are after the jump.
    Thanks, Brian!"


    Random users Google Voice mail is searchable by anyone? : Boy Genius Report




  2. #2
    TemperamentalMan's Avatar
    TemperamentalMan is offline BlackBerryOS Addict Follow TemperamentalMan On Twitter
    Join Date
    Aug 2009
    Location
    Raleigh, NC
    PIN
    's and nee
    Device
    9550
    OS
    5.0.0.607
    Posts
    937
    Liked
    6 times

    Google Voice Mail searchable by ANY random user?


    It was initially being reported that there is a MAJOR security issue with Google Voice Mail. Readers at BGR are stating that a trip to https://www.google.com/voice/fm/* in Google revealed over 30 voice mail messages belonging to various Google Voice accounts. Each revealed link showed the voice mail transcript, audio file, and even the caller's name and phone number.

    However, after a little digging it seems these voice-mails were publicly posted online and have been indexed by the Google service. Here is the official word from Google:

    "Since the initial idea behind posting a voicemail, was precisely to share it with others, we did not restrict crawling of those messages that users post on the web, but we can certainly understand that users would want to make them public on their sites but not necessarily searchable directly outside of their own website. We made a change to prevent those to be crawled so only the site owner can decide to index them.”

    Remember, if you don't want it known, don't put it on a computer!

    Last edited by sunkast; 10-19-2009 at 03:29 PM.

  3. #3
    cj100570's Avatar
    cj100570 is offline BlackBerryOS Inspired Follow cj100570 On Twitter
    Join Date
    Jul 2009
    Location
    Planet Earth
    PIN
    306051B3
    Device
    Storm 9530
    OS
    .328
    Posts
    132
    Liked
    0 times
    Quote Originally Posted by TemperamentalMan View Post

    It was initially being reported that there is a MAJOR security issue with Google Voice Mail. Readers at BGR are stating that a trip to https://www.google.com/voice/fm/* in Google revealed over 30 voice mail messages belonging to various Google Voice accounts. Each revealed link showed the voice mail transcript, audio file, and even the caller's name and phone number.

    However, after a little digging it seems these voice-mails were publicly posted online and have been indexed by the Google service. Here is the official word from Google:

    "Since the initial idea behind posting a voicemail, was precisely to share it with others, we did not restrict crawling of those messages that users post on the web, but we can certainly understand that users would want to make them public on their sites but not necessarily searchable directly outside of their own website. We made a change to prevent those to be crawled so only the site owner can decide to index them.”

    Remember, if you don't want it known, don't put it on a computer!


    Yeah, I was reading the big deal that was being made over this and remembering that when my Grand Central account fully switched over to being Google Voice I was prompted to choose if I wanted my messages indexed or not. It's amazing how people will take a story and run it as a big security issue without checking 1st.
    [SIGPIC][/SIGPIC]
    "Semper Paratus"

  4. #4
    cj100570's Avatar
    cj100570 is offline BlackBerryOS Inspired Follow cj100570 On Twitter
    Join Date
    Jul 2009
    Location
    Planet Earth
    PIN
    306051B3
    Device
    Storm 9530
    OS
    .328
    Posts
    132
    Liked
    0 times
    Quote Originally Posted by OcaNyc View Post
    This isnt good.

    "Holy crap. It seems that Google is going to have some pretty serious explaining to do this morning, as one of our readers has sent us in a tip that reveals a major security flaw involving Google Voice. After entering “site:https://www.google.com/voice/fm/* ” into Google, our reader was shocked and discouraged to be greeted by 31 voice mail messages belonging to random Google Voice accounts. Clicking on each revealed not only the audio file and transcript of the call, but it also listed the callers name and phone number as it would if you were checking your own Google Voice voice mail. We’re not too sure if this flaw is something new or if it has been around since Google Voice started, and could just be test messages, but needless to say the matter has to be fixed if it’s legit. Some censored screenshots are after the jump.
    Thanks, Brian!"


    Random users Google Voice mail is searchable by anyone? : Boy Genius Report


    It isn't a flaw and BGR should have done it's homework before reporting it as such. They've now updated their site. The messages were indexed with the owners approval.
    [SIGPIC][/SIGPIC]
    "Semper Paratus"

  5. #5
    OcaNyc is offline BlackBerryOS Inspired
    Join Date
    Jul 2009
    Device
    9630
    OS
    Too Many :/
    Posts
    171
    Liked
    0 times
    Quote Originally Posted by cj100570 View Post
    It isn't a flaw and BGR should have done it's homework before reporting it as such. They've now updated their site. The messages were indexed with the owners approval.
    I see that now. Thought I noticed the dates on some of those from months ago.

  6. #6
    cj100570's Avatar
    cj100570 is offline BlackBerryOS Inspired Follow cj100570 On Twitter
    Join Date
    Jul 2009
    Location
    Planet Earth
    PIN
    306051B3
    Device
    Storm 9530
    OS
    .328
    Posts
    132
    Liked
    0 times
    Quote Originally Posted by OcaNyc View Post
    I see that now. Thought I noticed the dates on some of those from months ago.

    Some other readers noticed it too. I posted over there how when my Grand central account became Google Voice there was an option to have my messages indexed or kept private. Being paranoid, I opted for private. Lol. I've noticed that the option is no longer there at all so I assume it's private by default now.
    [SIGPIC][/SIGPIC]
    "Semper Paratus"

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •