[VOIPSEC] Google's new service ripe for CID spoofing

J. Oquendo sil at infiltrated.net
Sat Nov 18 19:52:35 PST 2006

Thought this may interest some on the list.

Greetings. Google has made available a new "Click-to-Call" service that will automatically connect users to business phone listings found via Google search results.

In order for this feature to function, the user must provide their telephone number so that Google can bridge the free call between the business and the user (including long distance calls).

An obvious issue with such a service is that there is no reasonable way to validate the user phone number that is provided. Google says that they have mechanisms in place to try avoid repeated prank calls, but the potential for abuse is obvious. 

J. Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey 

More information about the Voipsec mailing list