Hannah Montana Crank Calls: VoIP Mischief

Crank calls have never been so easy.

As folks on Reddit have pointed out, Disney’s Hannah Montana Wake-Up Call makes getting up to no good a snap. Just enter your friend’s victim’s phone number and the delightful Miley Cyrus’s voice will wake them up or send them a reminder: “Dear [name], don’t forget that today you have [activity].”

Opening a web-to-phone system to the public without authentication or constraints may be fun — but it’s also ripe for abuse. Without authentication of the sender, users are free to enter any source phone number they want, making it look like the calls are coming from someone else. There’s no opt-out mechanism or audit trail. Even attempts to constrain the system can be circumvented: You can change the recipient’s time zone and wake them up in the middle of the night, or back-date the wake-up call to have it placed immediately.

Visitors must be over 18 to use the service — not exactly Cyrus’ fan base. But it probably won’t make the calls any more mature or limit the mischief.

As we integrate Internet, telephony, mobility and video, we can’t forget the lessons learned online. It’s too easy to let features like authentication, transparency, opt-out and masquerading prevention fall by the wayside in a land grab for names and numbers.

After just 10 hours on Reddit people were reporting the service was swamped, yielding messages like, “Sorry, that number’s already been scheduled for five calls.” Page load times were sluggish, and the fun is likely to end soon.

Now if you’ll excuse me, I have a sister who needs a wake-up call.