How A Long-Standing Google Maps Loophole Let This Man Put Edward Snowden In The White House

google-maps-app-mobile-ss-1920

Does the name Bryan Seely ring a bell? He’s the guy last year who managed to create fake listings for the US Secret Service and the FBI in Google Maps that some people fell for. Seely did it to demonstrate a weakness with Google Maps, one that still exists and allowed him to recently make another fake listing — this time putting Edward Snowden in the White House.

Edward's Snow Den

Google Maps Shows Edward Snowden In The White House is our Marketing Land story from yesterday that explains how the listing for “Edward’s Snow Den” was shown by Google Maps to exist within the White House, complete with Google verification. Tonight, Seely got in touch to explain how he did it.

Bryan Seely

Bryan Seely

Seely claims to have done it, and he’s going to forward proof my way. But after our phone conversation, I have little doubt it was his work. It was a demonstration, he explained, that he put together for a Tedx Kirkland talk he gave last week.

The FBI & Secret Service Fake Listings

The video of the talk — “Wiretapping The Secret Service Can Be Easy & Fun” — hasn’t been posted yet. That should happen in about a week, and we’ll do a follow-up story when it appears. But in it, Seely says he covers long-standing weaknesses with how Google handles local listings, which he demonstrated dramatically last year when he created fake listings for the FBI and the US Secret Service — listings that some people actually called.

When those listings came to light, Google quickly removed them and said that it would be much harder to do such things in the future. In reality, Seely said Google blocked the telephone verification option that was involved for about six weeks, then allowed it to resume. Still, he said he was surprised that a year after all this happened, he was still able to do the same thing to create the Snowden / White House listing.

Faking A Verified Listing

What’s involved is simple and at this point an open secret enough that Seely was happy to explain it to me. I debated writing it up in detail, but I figure doing so won’t cause a flood of new fake listings. There’s a time delay to create these. Plus, Google’s apparently known about this for over a year. When Google finds a public vulnerability in security with other companies, it gives them 90 days to issue a patch before going public. Google’s had over a year to do the same for itself, in this case.

You create a business in Google Maps at an address where you can receive mail and with a phone number you can receive calls to. You get Google to send you a verification postcard to the address. Once the business is verified, you delete it from your account. Then you use another Google account to claim this now orphaned business. You gain control over it by doing verification via phone. Once that’s happened, you’re free to move the business to anywhere you want, change the name and alter other details.

That’s how “Edward’s Snow Den” ended up in the White House with a Seattle-area phone number. The temporary number that Seely used couldn’t be changed — but everything else could.

Failure To Patch The Loophole

Seely said that he described this problem to Google before doing his FBI and Secret Service fake listings, which came about to show that things hadn’t been fixed. He explained it again to Google, he said, after those listings came to light. Clearly, the problem has been allowed to continue. Seely’s concern is that it can both be used to mislead people about prominent businesses and services, as well as being used by others who seek to benefit in various ways by flying under-the-radar.

“They didn’t take steps. They didn’t take action, Seely said. “What’s to stop me from doing this to a congressman?” Seely said, or any number of other prominent figures or services that he named.

Overall, Seely said he likes Google, praising it for having great vision and products. “Google as a company as a whole, with their top level leadership, is a great company.” But when it comes to the details, in particular what he’s seen with Google Maps and how it can be exploited, he’s disappointed. “It’s disheartening. It’s like finding out your favorite company is a piece of sh**.”

By the way, Google has had problems with fake listings dating back to 2008. So six years on, this is still an issue.

We’ll check again with Google to see if it has a fresh comment on all this. Yesterday, the company described this type of thing as something that is relatively rare — a view that Seely strongly disagrees with.

The post How A Long-Standing Google Maps Loophole Let This Man Put Edward Snowden In The White House appeared first on Search Engine Land.