Anyone can add new listings to Google maps and, usually, this is a good thing™. Unfortunately spammers have discovered this, and some categories (such as locksmiths) are overrun with fake listings. There’s a new twist now that may have very serious consequences: anyone can add government agencies to Google Maps with almost no spam filtering on Google’s part. One hacker added fake entries for the FBI and Secret Service with phone numbers under his control. If you called one of those fake numbers you were automatically rerouted to the right number, but the hacker in the middle was recording your call.
Brian Seely is the hacker who first reported this flaw. In his report he said:
Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it’s completely unwarranted and it’s completely unsafe. I could make a duplicate of the White House and take every inbound phone call from the White House. I could do it for every Senator, every Congressman, every mayor, every governor—every Democratic, every Republican candidate. Every office.
While Seely’s remarks may be a bit over the top, the problem cannot be overstated. There is a problem with how Google gets its local data, and, given how people rely on Google for phone numbers (and especially with the new dialler introduced in Android 4.4 that encourages searching instead of dialing), this is a serious problem. Google, so far, has been more-or-less silent on the matter.
More on how this works can be found on Valleywag: How a Hacker Intercepted FBI and Secret Service Calls With Google Maps
