A network engineer recently alerted federal agencies to a serious security risk in Google Maps by tapping calls to the Secret Service and recording them.
White-hat hacker Bryan Seely, a network engineer and former Marine, used a loophole in Google Maps to record calls to the FBI and Secret Service this week, ValleyWag reported.
Seely set up false listings for the San Francisco FBI office and the Secret Service in Washington, D.C., on Google Maps. When callers dialed the numbers he set up, Seely patched them through to the correct offices but recorded the calls.
The people reached the offices and spoke to real federal agents without anyone realizing the calls were being recorded. Hackers can easily put similar fake listings for any location on Google Maps, according to Seely.
"Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it's completely unwarranted and it's completely unsafe," Seely told ValleyWag.
"I could make a duplicate of the White House and take every inbound phone call from the White House. I could do it for every Senator, every Congressman, every mayor, every governor--every Democratic, every Republican candidate. Every office."
Seely told ValleyWag that he visited the Secret Service office close to his Seattle residence this week and was finally "taken seriously."
The engineer told ValleyWag that while he was at the office, he got a notification on his phone about an intercepted call.
"It was a Washington, D.C., police officer calling the Secret Service about an active investigation," ValleyWag reported.
"After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room."
He was released a few hours later, and according to Secret Service emails, the special agent in charge named him a "hero" for pointing out the security flaw.
Seely said that he had earlier tried to persuade Google to mend the loophole, but company officials weren't willing to work with him.
When it came to the fake government listings, Seely said, "I made these ones carefully, I made these ones special.
I have a feeling I know how they search, with their own backend tools, I have a feeling I know how they're searching for spam and how to get around it, because they didn't catch these," he told ValleyWag.