Skip to main content

Microsoft engineer exploits Google Maps openness to intercept FBI & Secret Service calls

maps

It’s not just fictitious towns you have to look out for on Google Maps: Microsoft engineer and former Marine Bryan Seely demonstrated to ValleyWag how he was able to exploit the open nature of the product to intercept phone calls to both the FBI and Secret Service.

[soundcloud url=”https://api.soundcloud.com/tracks/136881011″ params=”color=ff5500″ width=”100%” height=”166″ iframe=”true” /]

The technique Seely used was incredibly simple … 

Seely simply added fake entries on Google Maps – something anyone can do – listing his own phone number instead of the correct numbers. He then answered these calls and immediately connected them to the correct number, so callers got to speak to the FBI and Secret Service, leaving Seely free to listen in and record the calls. Neither the caller nor the government agencies would have any way of knowing the interception was taking place.

Seely did it to make a point: that there are risks to the kind of crowdsourced information Google Maps and other sites allow.

Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it’s completely unwarranted and it’s completely unsafe. I could make a duplicate of the White House and take every inbound phone call from the White House. I could do it for every Senator, every Congressman, every mayor, every governor—every Democratic, every Republican candidate. Every office.

Seely reported the problem to Google, who he said had not responded. It was only when he walked into the Secret Service office in Seattle to report what he’d done that the matter was taken seriously, he said.

After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a “hero” for bringing this major security flaw to light. They let him go after a few hours.

Google has since confirmed to Gizmodo that it had responded, but it does demonstrate that a certain amount of caution is required when using any form of crowd-sourced information. Especially if you’re trying to call the Secret Service.

The Secret Service says that it always encourages people to go to its own website to obtain accurate contact information.

Of course, a map provider can go too far in the opposite direction. 9to5Mac‘s own Zac Hall reports that he has advised Apple of a number of errors in Apple Maps, from closed businesses to incorrectly located or missing points of interest, none of which have yet been acted on.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel