Speech impediment
Google claims to
have fixed a significant security hole in its two-week-old Voice calling
service though some vulnerabilities remain.
The flaw enabled an
unauthorised person to use a SIP device to spoof a phone number attached to
a Google Voice account to call the Google Voice number. The spoofer
would get access to greetings and voicemail, and the ability to make
outbound calls, including international calls.
However reports are coming
in which suggest that SIP access to a Google Voice account is no longer
possible in such a manner. Our hacker chums say that there is still some
vulnerabilities in Google voice. One was able to set the caller ID of a PBX
extension to a mobile number attached to Google Voice account and call in,
using a business VoIP trunk, to gain access.
VoIP service providers
permit users to set their own caller ID and ANI so it is possible to spoof a
number attached to a particular Google Voice account, unless the Google
Voice account holder changes the default account setting to require entry of
a PIN.
A recent post in the Google Voice support forum indicated that
Google knew of the flaw.