Christy Philip Mathew, an Indian Information Security Instructor and Hacker demonstrated Phone Phreaking using Bluebox in his lab. This time we have something really special that would remind us the phone phreaking. Actually Phone Phreaking reminds us about the life of Kevin Mitnick, Steve Wozniak and John Drapper, mean the olden times when they used to play around with the bluebox.
What is Blue Box: This device is certainly one of the most unique pieces of electronic equipment that I have been able to collect so far. It is essentially a hacking tool disguised to look like a common 1970's Texas Instruments hand held electronic calculator. Basically a real calculator was sacrificed and modified to produce audio frequency signaling tones which allowed the user to freely (and illegally) access the Bell Telephone System long distance network.
The origin of the name "blue box" was due to the fact the some of the earliest home built versions were actually housed in blue boxes. Below is a 1970's photo found on the web showing a happy phone phreak in action with such a device.
That was just awesome and worked in the times of Mitnick. Christy Philip Mathew always used to explain these to his students but never got a chance to prove it.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
One day he was just checking up his bank accounts and he came across a deduction of some amount without any reason. So he thought to call up the customer care department to make sure what exactly is going around with his account. They said bla bla bla .... Hell out of excuses. So he used to call up the customer care department more than 3 to 4 times a day to know the status of my account deduction. Every time he had to verify his Customer Identification Number and the Mobile Number before he get connected to the Customer care department. This way, He had been repeating the steps the same time again and again. In simple terms tones gets generated every single time and he was completely tired with it. So he thought of having fun around and test up something what if he record the tones generated for his mobile number and customer identification number and play it when it ask him for.
Yes, He is talking about the blue-box kind of Application via Android Phone with the help of it. So here he use ToneDef, is a small, but powerful tone dialer application featuring DTMF, bluebox, and redbox tone generation.
Next day he dialed up the customer care and when they asked him to verify by dialing my mobile number he just played the recorded tones using an android application. Finally Customer Care system got it accepted that instant and now they ask him for Customer Identification Number, So again he played the second recorded tone respectively.
On the very next day Christy Philip Mathew contacted me ( Mohit, Founder - The Hacker News ) and we decided to try this on a Public Booth to check the idea that weather we are able to call from Public booth without inserting the coin or not ? Sudden Christy plan to buy a coin operated phone terminal from eBay. It took around like 8 to 10 days to get his package.
At last Christy demonstrate the Concept and Here below in the video you can see Proof of Concept:
1.) Coin Operated Phone Terminal
2.) Customer Care Department:
3.) Land Line Phone