What is a Blue Box?

You know the little tones that play when you press a key on a phone? Have you ever wondered what they’re for? Nowadays they don’t really do anything. One argument for them could be as an aid for the visually impaired. Many phones, however, play the same tone for each key rather than a key-specific tone. Originally though, they were designed to help route phone calls.

When phone systems were first being deployed, to call a number you needed to call the operator and ask to be put through to the person you were calling. Obviously, this is a slow and inefficient method of making phone calls. It also can’t scale well at all and requires well-trained operators. To improve the system basic automation was implemented. This system signalled the number being dialled by adding pulsed resistance on the phone line. The extra resistance would reduce the voltage on the line and could be decoded at the local exchange.

The system worked well but had a flaw, it didn’t work for long-distance calls. The long cable lengths between exchanges at either end simply weren’t sensitive enough to the rapid voltage drops to detect the signal and put the call through. Instead, to get around this control tones were played on the trunk lines. The problem with this was that the trunk line was the same line the phone call audio was played down. The signalling was “in-band”. This meant that an unlucky caller could play the “disconnect call” tone by accident. A savvy operator could do far more than that.

Tuning in

To make a long-distance call, a user would first press the “1” key. This would then engage a secondary mode designed to handle long-distance calls. The local exchange would identify the necessary remote exchange and connect to a trunk line to that exchange.

When a trunk line was not in use, both sides played a 2600Hz control tone. To connect the trunk, the calling side dropped its tone, the receiving side, “heard” this, dropped its own tone, and played a “supervision flash” tone to indicate it was ready to receive the phone number to connect. The phone number would be encoded in a quick set of specific tones. This is how the system worked to connect long-distance calls in the 1940s, 50s, 60s, 70s, and some of the 80s. When one party hung up the handset, their exchange would play the 2600Hz control signal down the trunk. The other exchange would hear this tone, and do the same, disconnecting the call.

Because all of these signalling tones were played down the same trunk line that was used for the audio of the phone call, the tones were open to misuse. One of the first people to discover this was  Joe Engressia, known as Joybubbles. Born blind and with perfect pitch, he discovered at age seven that whistling the 2600Hz control tone would disconnect a long-distance call. This sparked his interest in the field and made him one of the earliest phreakers.

Tip: Phreak is a sensationalised spelling of “freak” using the “ph” from the word “phone”. It refers to a culture of people that study, experiment with, or explore telecommunication systems, primarily phone networks. Phreaking culture is fairly closely related to early hacker culture.

Hitting the right notes

With lots of practice and research phreakers were able to work out the details of the system. Amusingly, they were actually aided by the telephone network providers themselves who actively advertised and published very detailed documentation about the tone system, not realising it could be abused.

The first step was using the 2600Hz tone to disconnect the call, but just disconnecting the call isn’t much use. Interestingly, disconnecting the call isn’t the end of the story. The 2600Hz tone was played automatically when a handset hung up. If, however, someone whistled, or otherwise played the tone, their own end doesn’t actually hang up, it doesn’t even disconnect from the local end of the trunk. This is because the only way to close the connection between the phone and the local end of the trunk is to actually hang up, which changes the resistance, closing the connection.

So, by playing the 2600Hz tone, it’s possible to disconnect the other person from the exchange but stay connected to the exchange at the other end of the trunk. At this point, if you play the specific tones for another number, local to the remote exchange, it will put you through.

Tone deaf

This may sound mostly useless but there are some other important details. First of all, most long-distance calls of the day were charged at a high rate because they made use of the limited trunk resource. Secondly, some long-distance calls were free. Specifically ones to 1-800 numbers. (1 being the long-distance call identifier and 800 numbers being toll-free, once that system was introduced in 1967). Finally, for billing purposes, activity was tracked from the local exchange. Incidentally, the exchanges were not designed to detect when calls were not hung up properly and a second number was connected.

Knowing this phreakers worked out that they could make a free long-distance call to a 1-800 number, then play the 2600Hz tone to disconnect the free number, play the tones corresponding to the long-distance number they wanted to call, and get put through. All this happened with the phone company only being able to see the call to the toll-free number. This meant that the phreaker didn’t get charged for the call.

Boxing it up

Most of this was initially discovered due to whistling. All of it could be done through whistling. It wasn’t easy though. The tones were precise frequencies and needed to be played in succession. Phreakers with some electronics skills instead created a machine to do it for them. this machine was called a blue box. It was typically comprised of a set of keys to dial as well as to play the control tones. These keys connected to a speaker that played the tones which would then be picked up by the microphone on the phone.

At first, all of these blue boxes were hand-made by phreakers for their own use. Some may have shared with their friends while others may have recruited their electrical engineer friends to make the boxes for them. Generally, the phreaking community was small and grew slowly.

The phenomenon became significantly more widely known when Esquire magazine covered it in October 1971. Throughout the 70s  number of articles were published in a few magazines that provided many details to the wider public. At this time, blue box kits became available. Some enterprising individuals even started selling pre-made blue boxes. The most notable people to do this were Steve Jobs and Steve Wozniak, yes the very same people that later founded Apple Inc.

Toning it down

Of course, with long-distance calls being an expensive service, and phreakers and blue boxes being able to bypass the fees to make free calls, the telephone companies were not happy. They implemented a number of features including logging in order to identify unusual calls where the 2600Hz tone was played. They would also implement wiretaps in order to gather evidence of what was happening. This led to a number of lawsuits and convictions of phreakers.

With the small size of the phreaking community, the actual loss of income wasn’t that great. Of course, with blue boxes becoming more widespread this could easily have changed and applied financial pressure to resolve the issue. Instead, the real pressure to solve the issue came from the need to scale. As more and more people wanted to make more and more calls, the system of having only a few trunk lines just wasn’t cutting it.

While more trunk lines were installed, other upgrades happened. First of all the signals were digitised and multiplexed, allowing multiple calls to be run down a single wire at once. Additionally, to minimise the use of the trunk line, a secondary cable was implemented specifically for signalling to set up and tear down the call.

The multiplexing required that the control tones were filtered from the individual audio streams. In many cases, this prevented the audio tones from being picked up. The secondary cable used for signalling also took the actual process of configuring the call, “out of band”. This meant that no matter what tones were played, they didn’t actually affect the system used to make calls. Combined, these started reducing the success rate of the blue box in the early 70s and eventually killed it off entirely by the late 80s.

Conclusion

The blue box was a, now obsolete, tool made by phreakers. It played the control tones used by the in-band long-distance calling system used in the US telephone network. It featured the ability to play a set of control tones as well as the tones related to dialling. Through careful use, it was possible to trick the network into making free long-distance calls that should have been charged. It relied on the in-band audio signalling used by the trunk system. Their use eventually died out as that system was upgraded.