In this article:
- Phreaking began as a hack for getting free phone calls by tricking phone companies back in the ’60s to ’70s.
- The hack worked by manipulating or mimicking the dial tones heard on phones. Those tones once served as unique signals indicating every phone function to the telephone company.
- Today, phreaking boxes are used to make phreaking easier and better especially with more complicated systems.
In the early days of telephones, phreaking was a method that allowed people to make free phone calls by exploiting loopholes and hardware vulnerabilities in those early telecommunication systems.
Phreakers would use special devices called phreaking boxes to generate tones and manipulate signals that fooled telephone companies into thinking they were making a legitimate call when the phreakers are really making free phone calls or maybe even disrupting the service for others.
The tactic peaked in the ’70s and companies have since developed more advanced systems that can’t be manipulated as easily. But its story remains popular among hackers and tech enthusiasts even today.
What Is Phreaking?
If phreaking was a hack to make free phone calls, how and why did it work? The short answer: phreaking is all about manipulating telephone systems in different ways to not only make free phone calls, but also to make anonymous and untraceable calls.
You could even use it to answer your phone without the telephone company knowing, that way you wouldn’t get billed with the call. Of course, all of this was especially prevalent and easy to do in the early days of telephones when the system was much less secure.
But why is phreaking even called โphreakingโ? I mean, it’s a weird word. But it’s actually just a combination of three words: Phone, Free, and Freak.
It’s already obvious why the words “phone” and “free” are in there, but the reason behind including “freak” requires a bit more backstory about the history of dial tones and how phreaking is done.
A Brief History of Dial Tones
If you’re a millennial or younger, grab your phone right now and open the dialer. If you tap some of the numbers, you’ll hear tones specific to each key. These unique tones don’t really serve a function anymore, but they’re a legacy from early telephone systems.
In the earliest days of the telephone, when you wanted to make a phone call, you would first call the telephone company and tell the operator who answered what number or street address you wanted to call. The operator would then connect your line to that of the person you requested.
This method worked fine but it was definitely inefficient and tedious, which made it tiring both for the caller and especially the operators who had to connect hundreds of calls each day.
To solve this, in 1887, Almon Strowger invented an automatic telephone exchange.
The automatic exchange allowed callers to dial the number of their called parties directly without having to go through an operator. It was a pretty big deal at the time since it greatly improved the efficiency of telephone systems.
In order for the automated system to recognize what number you were dialing, it used a technique called multi-frequency signaling to identify and connect calls. To get a unique frequency signal for each number, phones were built with rotary dials.
Rotary phones use “pulse dialing,” where the spring-loaded rotary dial signaled the number selected by emitting a series of clicks (or pulses). The further down the number was, the more clicks it produced, signaling to the exchange what number was selected.
Like any piece of tech, pulse dialing had its disadvantages, the main one being that you had to wait for the dial to reset before inputting the next number. To give you an idea, if you were to dial 911 on a rotary dial, it would take about five seconds (compared to less than a second on a more modern push-button phone).
So, in the early ’60s, the standard rotary dialing system was replaced by Dual-Tone Multi-Frequency (DTMF) which generated a special tone unique to each number that the system could then recognize and translate into a destination for your call.
Since it featured buttons instead of a dial, you no longer had to wait for the dial to reset before putting in the next number.
These same DTMF tones are what we still hear today when we tap the dialer keys on our phones.
Modern smartphones don’t rely on multi-frequency signaling anymore, but those tones have been part of dialing for so long that manufacturers continue to add them โ sort of like how the floppy disk is still our symbol for saving a file even though the disks themselves have long fallen out of use.
So, How Do You Phreak?
Soon after push-button dialing arrived on the scene, someone discovered that the signaling and voice channels inside the telephone arenโt separated. They’re both on the same channel, more simply known as in-band signaling.
Since DTMF keypads produce audible tones, the only thing you would need to do to imitate a dial tone is to play a recording of tones or even use a musical instrument to play a specific tone.
From there, a phreaker by the name of John Draper discovered that a toy whistle included in a Cap’n Crunch cereal box produces a 2600Hz tone. That particular frequency when played over a telephone, would signal to the exchange to hang up a trunk line โ a line that connects your local telephone exchange to other networks in order to make a long-distance call.
Long-distance calls were expensive. But if you had a Cap’n Crunch whistle, they didn’t have to be. Here’s how the hack worked:
- Step 1: Dial a toll-free 1-800 number to get through a trunk line without getting charged.
- Step 2: Once the call goes through the toll-free number, play a 2600Hz tone from your handy Cap’n Crunch whistle (or the “blue box” device you’ll learn about later, or really anything that produces a 2600Hz tone).
- Step 3: The 2600Hz tone will cause the trunk to hang up but it won’t drop the call completely. As far as the telephone exchange knows, you’re still on call with that toll-free number.
- Step 4: Dial the number you actually want to call. Since the telephone exchange thinks you’re still on a toll-free call, you won’t get charged.
Now, this can get finicky and you’ll need a bit of timing to retain control of a trunk line. But to get things done easier, you could use a phreaking box.
Phreaking Boxes
Phreaking Boxes were for the advanced phreakers because using these devices took a bit of technical expertise โ especially if you want to make one yourself. Some notable advanced phreakers who were up to such a task included Steve Wozniak and Steve Jobs (yes, those Steves).
There are a lot of phreaking boxes but I’ll only cover the more popular ones, all of which are named after colors โ though that didn’t necessarily mean the box was that color.
Blue Box
The blue box generates DTMF tones. It was used to imitate the tones that a telephone keypad would produce. It’ll generate the 2600Hz tone to hang up the trunk line and then produce the tones for any number you programmed.
Basically, it just automated the process so you didn’t have to fumble around with a Cap’n Crunch whistle anymore.
Red Box
A red box is a phreaking device that generates tones at a specific frequency, mostly around 1700Hz and 2200Hz. These are coin denomination tones that signal to the exchange that a payphone has received coins. By playing a coin denomination tone, you could trick the payphone into thinking you inserted coins.
As you can imagine, after you’ve “inserted coins” you can freely dial anyone you want. Of course, there was a limit to this hack. If you used the red box to imitate inserting more than about $100, the company would have to send police to investigate because a standard payphone can’t hold that many coins.
With local calls during the ’60s and ’70s costing about 10 cents for around five-10 minutes of time, though, it was unlikely you’d ever need imitate amounts anywhere near that limit.
Black Box
Back in the day, you could get billed just for answering a phone call. To prevent friends or family from running up their phone bill by calling too much, a phreaker would install a black box into their home telephones.
A black box has a circuit consisting of resistors and capacitors that basically prevent the exchange from starting a billing timer. Without that timer running, calls don’t get billed.
Why Did Phreaking Stop?
Phreaking pretty much died out by the late ’70s as a result of technological advances rendering the hacking strategy obsolete.
First, payphones stopped using coin denomination tones and started using intelligent controllers with memories that tracked how many coins were inserted and compared that to how long the person was on the phone โ making the red box useless.
Next, telephone companies switched from in-band signaling to out-of-band signaling which made phreaking a trunk line more difficult. Out-of-band signaling uses separate channels for control signals and voice lines so phreakers couldn’t replicate tones without tapping into the telephone itself. Now, blue boxes are useless.
Even with the new technology, phreaking didn’t completely stop, though. It just became harder to do.
The phreakers of the world also moved on to bigger and better hacking exploits on different systems. The personal computer, for example, was becoming more popular in households which led to an influx of a new generation of hackers. These hackers were less interested in free calls and more interested in hacking into government computers to steal sensitive information.
Would you have phreaked back in the day? I definitely would have (but let’s keep that one between us).