Every time you make a call or send a text, you're giving the recipient your phone number. This can be quite the security vulnerability, opening yourself up to scammers, spammers, and the feds. In this how-to, we'll look at what a burner phone is, why you might want one, and how to get started using a free second phone number on your regular smartphone.
At the very word "burner," people start envisioning their favorite spy drama or criminal thriller such as HBO's The Wire, where we often see these phones used for a handful of calls before the actor yanks out the battery, breaks the SIM card in two, and throws the whole thing in a dumpster somewhere.
A burner phone, or frequently just "burner" for short, is criminal jargon for a prepaid phone. A burner is intended to be used for a short period of time, or for a specific task (normally a nefarious transaction) and then "burned" (disposed of) when too many people have the number.
Criminals use these phones for a number of reasons, such as how cheap they are and how hard they are to trace when used properly. Even the NSA can have trouble tracking them reliably because they can be purchased with cash. This only works because mobile virtual network operators (MVNOs) don't require a cellular contract and don't ask for any identifying information. When they do, they often don't verify it. Thus, government agencies can't go ask the phone company who you are because even they don't know.
All mobile devices can be tracked while you are using the device. If you're interested in how this is actually done, you can read about how triangular phone tracking works.
The problem that arises for those attempting to track you is twofold; Since the MVNO can't tell them who you are, it becomes difficult to pinpoint which phone to look for. Even if they do figure out which number to look for, it's very easy for you to reset the game by burning your old number and getting a new phone. You can do so without too much trouble since they normally only cost around $20.
Criminal use made burner phones notorious, but there are much more legitimate reasons one might want to have a burner phone. "Wait!" you say, "Hoid, I can just dial *67 before the number, and it shows my number as private on the other end." While this is true, there are some major limitations to this plan, with the biggest practical one being that people can't call you back.
Furthermore, that doesn't help when you need to publicly list your number for a job or some other purpose, nor does it protect your privacy from the government or physical access to your phone. Additionally, we see the growing trend of our phones being targeted for confiscation and search, such as at US borders where we are now seeing "digital strip searches."
Border agents carry out these invasive searches without any warrant or even suspicion, going through text messages, social media accounts, and photos, while asking the owner about the people they are interacting with, their religious affiliations and travel patterns.
With the Department of Homeland Security (DHS) telling The Guardian that "searches of mobile phones by US border agents grew from fewer than 5,000 in 2015 to 25,000 in 2016," there is a clear and imminent need to increase the privacy of our mobile phones.
Now you have an option to maintain your privacy when you travel abroad or visit the US — leaving your regular smartphone at home and buying and a burner. Just throw it away before you go through customs.
Beyond that, there are more mundane daily uses for a burner phone or second number. Take, for example, using it to separate personal and business contacts. In places such as Asia, it is common for people to have two phone numbers; one for work and one social situations.
Consider this: while selling an old laptop on Craigslist, do you really want to put your phone number on the internet for everyone to see? Potentially getting spammed with texts and calls from all sorts of unknown people are just one of the risks of doing this. With a burner, you can get a line just for Craigslist or even just that particular transaction. Afterwards, just burn that number once you sell your laptop. If you own several small businesses, you can have one number for each business, label them, and sound much more professional by answering "Joe's hacking service" instead of "Joe speaking, errrm ... what are you calling about?"
Imagine you meet someone on Tinder and maybe you like them, but you're not quite comfortable giving out your real number or personal information yet. Using your burner phone means that if they turn out to be crazy, clingy, or not getting the message that you're just not into them, all you have to do is, you guessed it, burn that number. This is especially valuable if your Tinder date is the kind that knows how to search your number on Facebook, because if you're not using a burner, you may have a Facebook stalker now. Have fun with that.
You probably get the idea by now, burners can be a great tool for privacy and separate your work and personal life. Let's take a quick look at the different types of burners.
Two primary kinds of burners exist: physical and virtual. First, let's look at the physical burner phone, which can be further broken up into two categories. There are phones locked to a particular MVNO's service, such as TracFone, and then there are SIM cards that can be inserted into an unlocked device.
The major difference between the two types of physical burner phones are the radio systems they are using for cellular communication. For CDMA (Code Division Multiple Access), think Sprint and Verizon Wireless, and then for GSM (Global System for Mobiles), think AT&T and T-Mobile. You can learn more about CDMA vs GSM here. CDMA carriers mostly sell phones, and GSM carriers generally sell SIM cards, however, this isn't always the case. Straight Talk offers CDMA SIM cards, and all of the GSM carriers sell phones. What this means for us is that if we want to anonymously change our phone number, then we only have to replace the SIM card on a GSM device, but with CDMA, we have to burn the entire phone.
The second type is the virtual burner. In this case, we use an application on our regular phone, and then thanks to some computer magic and servers, the app is able to route our calls and text through a different number. This way, we can manage it as if it were a completely different phone. A few examples are Burner, Hushed, Sideline, Line2, and TextMeUp.
Some of those even have really useful extras, like self-destructing messages, and the ability to use multiple virtual phones. That being said, they are less than perfect because of the connection to our smartphones, and the link to us that they create. These apps are good enough for many of the use-cases listed above, just remember to use a physical burner when you're worried about the bigger threats, such as government tracking and going through the US border.
Now that we've gone over the differences, let's get started with a virtual burner and download the one that has been in the game the longest — Burner.
Once you install the app and opened it, you will be prompted to sign up. It's unclear if your choice on the scrolling list has any real impact (work, dating, moving, volunteering, etc.) — the company probably just uses it for survey purposes — so put whichever you want.
Now, this is where we hit the one real weakness in this system, we have to give them our number to verify. After you enter your number and tap "Next," you'll get a text with a number. Open up the app again and enter that verification number. Then, you'll be greeted a mandatory terms-of-service agreement, and warning about 911 calls.
Do remember that carriers are required to put calls to 911 through, regardless of that phones status, which means you can use an old out-of-service phone to make an anonymous call to 911.
Now we get to make our very own burner number, going so far as giving us a choice of area code. A bit of a luxury, considering some people are paying tens of thousands of dollars for custom phone numbers. If you want to use an area code for a city and don't know it off the top of your head, use AllAreaCode's helpful tool to look up phone area codes.
For the lazy among you, here are some of the more popular area codes:
- Atlanta - 404
- Austin - 512
- Chicago - 312
- Houston - 713
- Las Vegas - 702
- Los Angeles - 213, 310, 323
- Miami - 305
- New York - 212
- Orange County - 949
- San Fransisco - 415, 650
- Washington, DC - 202
Note that not all will be available. For example, I had to use 323 for Los Angeles, because burner didn't have 310 numbers available.
When you create your burner number, your first 7 days are free, with 20 minutes of call time and 40 texts. After that, you'll have to pay, unfortunately. Luckily, it isn't too much, only $4.99 a month for one line, with a free burn (number swap) every month. Just like that, you now have your own burner line.
Because you're a diligent hacker, you get a little bonus now. We're going to take a quick look at how we can set up a simple bot using Evernote, one of the many apps Burner connects with. This can be used to create chatbots and automate certain tasks on Burner.
Each note in this notebook is a command for our bot. The title is the command, and the body is our response. Try making one.
Here, if someone texted the words "Wi-Fi" to the bot, it would return:
Network name: Null Byte
With that complete, open Burner and go to your settings. Look for Evernote under available connections, and tap on it. Authorize Evernote, and sign in as needed.
Once you're signed in, change the active notebook to the one you just made, and update the "Auto-responder" header as needed. It should read the note titles automatically and list them as commands after you save by tapping the floppy disk icon in the top-right corner.
There you go, you have a simple bot! You can probably think of all kinds of uses for this. One example that comes to mind is if you are an Airbnb host, you could make one for providing your guests with the Wi-Fi info, key location, and other information. You could also set it to provide information anonymously to anyone texting the number.
One can easily imagine how powerful such a system could be using a more powerful chatbot, such as a social engineering bot with no direct connection to you.
In this article, we learned how burner phones can be used to avoid being tracked and help maintain our privacy while making texts and calls. We looked at the different types of burner phones and got started using a virtual burner on our own smartphones. In a future article, we will compare the different physical burner phone options and try to find the best coverage plan to use with it.
It’s Black Friday week in the Null Byte shop! If you’ve been wanting to improve your skill set in hacker- and cybersecurity-geared topics such as Python, Raspberry Pi, and Linux, now’s the time. We’ve got huge sales on online courses, and we’ve outlined 13 favorites you won’t want to miss. Check them out!
Screenshots by Hoid/Null Byte