Phreaking
What is Phreaking?
PhreakingThe classic art of manipulating telephone systems — originally analog PSTN, now VoIP and SS7 — to make free or unauthorized calls.
Phreaking is the original telecom hacking subculture, born in the 1960s when enthusiasts noticed that the Bell System used in-band 2 600 Hz signalling on long-distance trunks. John Draper, known as Captain Crunch, found that a toy whistle from a cereal box produced the exact tone and seized trunks with it; blue boxes built by Steve Wozniak and Steve Jobs automated the trick. The magazine 2600 popularized the scene from 1984 onward. As Bell migrated to SS7, phreaking evolved into PBX hacking, calling-card fraud, IVR enumeration and modern SIP/VoIP attacks. Although out-of-band signalling killed the original whistle trick, the lineage is direct: today's SS7, SIP, IMSI-catcher and toll-fraud attacks all share its mindset of treating the telephone network as a hackable signalling system.
● Examples
- 01
Captain Crunch using a 2 600 Hz whistle to seize a Bell trunk and place free long-distance calls in 1971.
- 02
A modern phreaker enumerating IVR options on a corporate PBX to find unsecured outbound routes.
● Frequently asked questions
What is Phreaking?
The classic art of manipulating telephone systems — originally analog PSTN, now VoIP and SS7 — to make free or unauthorized calls. It belongs to the Attacks & Threats category of cybersecurity.
What does Phreaking mean?
The classic art of manipulating telephone systems — originally analog PSTN, now VoIP and SS7 — to make free or unauthorized calls.
How does Phreaking work?
Phreaking is the original telecom hacking subculture, born in the 1960s when enthusiasts noticed that the Bell System used in-band 2 600 Hz signalling on long-distance trunks. John Draper, known as Captain Crunch, found that a toy whistle from a cereal box produced the exact tone and seized trunks with it; blue boxes built by Steve Wozniak and Steve Jobs automated the trick. The magazine 2600 popularized the scene from 1984 onward. As Bell migrated to SS7, phreaking evolved into PBX hacking, calling-card fraud, IVR enumeration and modern SIP/VoIP attacks. Although out-of-band signalling killed the original whistle trick, the lineage is direct: today's SS7, SIP, IMSI-catcher and toll-fraud attacks all share its mindset of treating the telephone network as a hackable signalling system.
How do you defend against Phreaking?
Defences for Phreaking typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Phreaking?
Common alternative names include: Phone phreaking, Blue boxing, Captain Crunch.
● Related terms
- attacks№ 1050
SIP Attack
An attack against Session Initiation Protocol services, ranging from extension enumeration and password bruteforcing to toll fraud and call hijacking.
- attacks№ 1085
SS7 Attack
Abuse of Signalling System No. 7 inter-carrier messages to locate subscribers, intercept SMS or divert calls anywhere in the world.
- attacks№ 1065
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
- attacks№ 1205
Vishing
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.