Vulnerabilities / Threats
01:47 PM
Connect Directly

Google Maps Listings Marred By False Information

Businesses complain that Google Maps inaccurately lists them as being closed, an attack that reduces customer visits and diminishes online traffic.

Top 15 Google Apps For Business
Slideshow: Top 15 Google Apps For Business
(click image for larger view and for full slideshow)
Internet observers often extol the wisdom of the crowd, but appear to be less keen to consider the malice of the crowd. Thus, Google, ever optimistic about leveraging free labor to organize online information, has allowed Google users to police map data without adequately planning for the possibility of abuse.

In recent weeks, Google has been getting an earful from businesses listed on Google Maps and Google Places. Many business owners are reporting that their businesses appear to be "permanently closed," the result of presumably deliberate attempts by rivals to scare off customers.

Google Maps place markers, when clicked on, open a pop-up pane that includes a "more" link. One of the options in the "more" link drop-down menu is "Report a problem." And one of several possible problems that can be reported is "Place is permanently closed." Used correctly, this is a public service; used in error or in a deliberate attempt to mislead, it's a public nuisance and economic sabotage.

Google calls the problem "spam." F-Secure security advisor Sean Sullivan calls it "a subtle (and ingenious) 'denial of service' attack."

Google has been accepting such reports without adequate skepticism or safeguards. There's a "Not true" button that appears when a place is designated as closed, but those complaining about the problem suggest that's not enough because the virtual vandalism just continues.

"I have a business on Google Maps that someone keeps marking our business as closed, and we keep getting calls asking if we are going out of business," writes a user identified as "iloveshells" in a Google Places help forum post. "It has been happening for over a week now, and good customers keep re-marking our business as open. I own this listing in my Google Places account. I would love to find a solution to stop this and it would be great if I could get the IP address to the user that is harassing us."

Google did not immediately respond to a request to explain what disciplinary action, if any, it might take when it detects abuse. In general, the company does not provide a user's IP address without a valid court order. But Google says it plans to introduce new tools to prevent abuse.

"About two weeks ago, news in the blogosphere made us aware that abuse--such as 'place closed' spam label--was occurring," wrote Google senior product manager Ethan Russell in a blog post on Monday. "And since then, we've been working on improvements to the system to prevent any malicious or incorrect labeling. These improvements will be implemented in the coming days."

It appears, however, that the problem has been going on for more than two weeks. One post in a series of posts about the problem dates back to June, 2010. It concerns a hospital emergency room inaccurately marked closed.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.