UPDATE
I just received my Vonage hardware, everything is up & running. Unfortunately the story gets worse - Vonage immediately begins reporting the ported number to third party carriers via caller ID. Yes, you can also make calls as the number you hijacked. The recieving party will have absolutely no clue where the call came from.
/UPDATE
I've discovered what I believe to be a relatively severe problem with Vonage. While it seems to be intentional on their part (their reps know about it), it essentially allows a Vonage user to hijack a phone number they have no rights to.
In short, Vonage begins internally routing calls to vonage hardware immediately after the port request (to transfer a phone number to Vonage) is placed - BEFORE they receive a letter of authorization (LOA) or a copy of your phone bill to verify that you have rights to the number. Vonage users then have absolutely no way to reach the correct recipient (on the current carrier), any calls made from their Vonage phone goes straight to the account that initiated the port request on that number. This allows anyone to intercept phone calls from Vonage users to a number of their choice, without the true number owner or the current carrier knowing anything.
Note that this only affects Vonage users, it does not affect routing from a normal carrier. If you are legitimately porting a number (as I was when I noticed the problem) Vonage users will not be able to call you. All calls placed to your number will ring on your Vonage equipment, regardless of the port status. Users on any other carrier will still be able to reach you as normal.
I have tested this on two numbers, my own cell phone number (that I intended to port) and a cell phone number provided to me by my employer. Less than 5 minutes from the time I placed the order all Vonage users trying to reach my company cell phone are directed to my Vonage line.
I've edited this for those of you with short attention spans. My full original post remains below.
So I signed up for Vonage two days ago. My intent is to port my current cell phone number to them to hold it, get a new number local to where I am right now (so I can share a family plan with the g/f), then port it back to T-Mobile whenever I return to Oregon.
As of tonight nobody with a Vonage phone can call my T-Mobile cell phone. I have not even returned the LOA (letter of authorization) for number portability.
I called them up, so far I am horrified.
I've been on the phone for 15 minutes arguing with them.
First complaint: Extremely unprofessional phone handling. She picked up the line without IDing herself or the company, just rustling sounds & then "Hello? Can you hold for a minute." She picked back up with "How can I help you?" Again, no company ID.
Second complaint: I've been on the phone for 15 minutes & she has yet to get any uniquely identifying info from me. Not even my name, let alone an account name or phone number.
Third complaint (service related): According to her when I requested the number port the change was effective immediately in the Vonage system. Anyone with a Vonage phone can ONLY call my vonage device (which has not yet arrived) whether they dial my virtual number (that vonage assigned) or my actual cell number. Their system will not route to my current provider even though they do not yet have a LOA to pull the line via WLNP. Their suggestions were to 1) forward calls to another number (which I don't have) or 2) Cancel the port request & re-initiate when my vonage hardware arrives. This allows people to call me, but only to a phone connected to the vonage hardware. So until the port process completes (they say 20 business days) nobody with a vonage phone can call me.
Currently waiting for a supervisor to tear into.
Now, the promised security flaw:
They start routing calls when the port request is received, prior to having the LOA + current phone bill. Does anyone else see the problem with this?
Let's say I want to intercept some phone calls to someone I don't like. Or even someone I do like, the motive doesn't matter. I submit a port request for their number, & don't bother to fill out the LOA or a copy of the current phone bill (which I obviously don't have). The actual number owner is none the wiser since Vonage can't contact the real provider without the LOA. Meanwhile I get all calls to that number from Vonage customers.
Nifty, eh?
I finally got my supervisor, they're going to "make an exception" & try to have calls to my cell phone routed outside the vonage network. As for the potential for number hijacking, she said (and I quote) "I believe there is a workaround for that."
Total time spent on the phone? 30 minutes.
Number of minutes before they got my account number? 23
Number of people I talked to: 2
Number of times I had to explain the problem? 5 (I think, 3 to the first tech + 2 to the supervisor)
Un freaking believable.
Should I just bail now, or should I continue to give them a chance?
Viper GTS
I just received my Vonage hardware, everything is up & running. Unfortunately the story gets worse - Vonage immediately begins reporting the ported number to third party carriers via caller ID. Yes, you can also make calls as the number you hijacked. The recieving party will have absolutely no clue where the call came from.
/UPDATE
I've discovered what I believe to be a relatively severe problem with Vonage. While it seems to be intentional on their part (their reps know about it), it essentially allows a Vonage user to hijack a phone number they have no rights to.
In short, Vonage begins internally routing calls to vonage hardware immediately after the port request (to transfer a phone number to Vonage) is placed - BEFORE they receive a letter of authorization (LOA) or a copy of your phone bill to verify that you have rights to the number. Vonage users then have absolutely no way to reach the correct recipient (on the current carrier), any calls made from their Vonage phone goes straight to the account that initiated the port request on that number. This allows anyone to intercept phone calls from Vonage users to a number of their choice, without the true number owner or the current carrier knowing anything.
Note that this only affects Vonage users, it does not affect routing from a normal carrier. If you are legitimately porting a number (as I was when I noticed the problem) Vonage users will not be able to call you. All calls placed to your number will ring on your Vonage equipment, regardless of the port status. Users on any other carrier will still be able to reach you as normal.
I have tested this on two numbers, my own cell phone number (that I intended to port) and a cell phone number provided to me by my employer. Less than 5 minutes from the time I placed the order all Vonage users trying to reach my company cell phone are directed to my Vonage line.
I've edited this for those of you with short attention spans. My full original post remains below.
So I signed up for Vonage two days ago. My intent is to port my current cell phone number to them to hold it, get a new number local to where I am right now (so I can share a family plan with the g/f), then port it back to T-Mobile whenever I return to Oregon.
As of tonight nobody with a Vonage phone can call my T-Mobile cell phone. I have not even returned the LOA (letter of authorization) for number portability.
I called them up, so far I am horrified.
I've been on the phone for 15 minutes arguing with them.
First complaint: Extremely unprofessional phone handling. She picked up the line without IDing herself or the company, just rustling sounds & then "Hello? Can you hold for a minute." She picked back up with "How can I help you?" Again, no company ID.
Second complaint: I've been on the phone for 15 minutes & she has yet to get any uniquely identifying info from me. Not even my name, let alone an account name or phone number.
Third complaint (service related): According to her when I requested the number port the change was effective immediately in the Vonage system. Anyone with a Vonage phone can ONLY call my vonage device (which has not yet arrived) whether they dial my virtual number (that vonage assigned) or my actual cell number. Their system will not route to my current provider even though they do not yet have a LOA to pull the line via WLNP. Their suggestions were to 1) forward calls to another number (which I don't have) or 2) Cancel the port request & re-initiate when my vonage hardware arrives. This allows people to call me, but only to a phone connected to the vonage hardware. So until the port process completes (they say 20 business days) nobody with a vonage phone can call me.
Currently waiting for a supervisor to tear into.
Now, the promised security flaw:
They start routing calls when the port request is received, prior to having the LOA + current phone bill. Does anyone else see the problem with this?
Let's say I want to intercept some phone calls to someone I don't like. Or even someone I do like, the motive doesn't matter. I submit a port request for their number, & don't bother to fill out the LOA or a copy of the current phone bill (which I obviously don't have). The actual number owner is none the wiser since Vonage can't contact the real provider without the LOA. Meanwhile I get all calls to that number from Vonage customers.
Nifty, eh?
I finally got my supervisor, they're going to "make an exception" & try to have calls to my cell phone routed outside the vonage network. As for the potential for number hijacking, she said (and I quote) "I believe there is a workaround for that."
Total time spent on the phone? 30 minutes.
Number of minutes before they got my account number? 23
Number of people I talked to: 2
Number of times I had to explain the problem? 5 (I think, 3 to the first tech + 2 to the supervisor)
Un freaking believable.
Should I just bail now, or should I continue to give them a chance?
Viper GTS
