Slashdot Mirror
A Teenage Hacker Figured Out How To Get Free Data On His Phone (vice.com)
An anonymous reader quotes a report from Motherboard: Jacob Ajit is 17 and he just hacked his way to getting free phone data, presumably so that he can do whatever it is that teens do online these days without alerting his parents with overage fees. According to a Medium post Ajit posted on Wednesday, he made his discovery while playing around with a prepaid T-Mobile phone with no service. The phone was still able to connect to the network, although it would only take him to a T-Mobile portal asking him to renew the prepaid phone plan. For some reason, though, Ajit wrote that his internet speed test app still worked, albeit through a T-Mobile server. Ajit figured out that he was able to access media sent from any folder labelled "/speedtest," possibly because T-Mobile whitelists media files from speed tests regardless of the host. He tested his theory by setting up a "/speedtest" folder on his own site and filled it with media, including a Taylor Swift music video, which he was able to access. Ajit writes that he then created a proxy server that allows users to access any site with this method. All a T-Mobile user has to do is go to this page and input any URL they want to visit. "Just like that, I now had access to data throughout the T-Mobile network without maintaining any sort of formal payments or contract," Ajit wrote on Medium. "Just my phone's radios talking to the network's radios, free of any artificial shackles."
Not anymore! You can't tell everyone about your free access and expect it to stay that way!
leather-dog muksihs
Blog: @muksihs
It will be fixed.
Note to teenage idiots: Writing online about your criminal exploits is a bad idea.
What his kid did is called theft of communications services.
T-Mobile probably won't press a criminal charges, but they could, and the kid would be convicted.
Jacob Ajit is 17 and he just hacked his way to getting free phone data, presumably so that he can do whatever it is that teens do online these days without alerting his parents with overage fees.
They know now. And now T-Mobile knows too. And he and his parents can expect a no-knock warrant to bust down their door and shoot their dog in 3...2...1....
T-Mobile may be marginally less evil than other phone companies, but they're still a phone company. And the Computer Fraud and Abuse Act is still the law of the land. This is not going to end well for Jacob Ajit.
And very soon he will learn what the phrases 'unauthorized access' and 'theft of services' mean.
did that trick on Roses phone.
I remember back when I was 17, I drank some very good beer. Wait, that was a Simpsons reference. At 17 you don't think about consequences and largely you don't have much to lose. Still using commercial services in a way the company did not intend might have consequences. My hope is this kid will get a kudos for bringing the fault to light for T-mobile, a slap on the wrist to say be more careful about what you play around with, and later a fun and successful college career and productive life. The failure was to make it public if the fault in the system still exists because it could cause the company monetary damage. That damage would then likely come back to haunt the kid. The correct order for all of you out there who might be in the same boat is to hack politely, cause no damage, report only to an authority and/or owner who can responsibly fix the issue. Yes, there is still the potential for consequences but at least one could argue that they brought the greatest benefit to what was hacked and that they did not bring harm or intended harm to a person or persons.
Though really it is best to hack only things that you own or "have an implied license to own."
There is or can be built a machine that can simulate any physical object. -Church-Turing principle
https://www.freedompop.com/pho...
https://ringplus.net/
That pretty much proves that T-mobile employs 15 year old Taylor swift fans to handle their networks.
Call in the FBI! This is a clear violation of the Computer Fraud and Abuse Act.
Speed Test on unactivated SIM
Look for T-Mobile to give the guy a bunch of free stuff, probably a few years of free service too...
That's just how T-Mobile roles.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"They called it paradise. I don't know why.
You call someplace paradise, kiss it goodbye."
-Glen Fry, "The Last Resort"
Everyone always assumes the networks are filtering speed tests to make the results seem faster than normal traffic, but this pretty much confirms they are routing that data different.
Ajit figured out that he was able to access media sent from any folder labelled "/speedtest,"
What? How does the phone or system know what the folders on the server are named? Is this free data only available using scp or ftp? If it's web-based, then there are no "folders", only URLs.
We did this years ago on GSM / PPP sessions (remember when you connected a laptop via IR and dialed a number to get internet access?).
Set up a VPN server to listen on port 53 UDP somewhere on the internet, then connect to it from your laptop via the phone.
Used to be able to buy a $2 sim card, and pass hundreds of MB per day (which was a lot at the time) with zero restrictions.
Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
You know, artificial shackles getting in between you and the free natural resources, much like sunshine, that is internet-connected bandwidth, DNS services, and everything else that somebody has to pay for so this entitled little jerk can be "unshackled." You know, because he's owed free stuff. Stuff that only other chumps pay for. How dare T-Mobile put shackles on nature's freely available peering systems, routers, maintenance workers, technicians, tower installers, electricity, and all of that other not-at-all-artificial stuff that they're cruelly shackling!
Interesting choice of word, "shackles." This idiot may want to consider how they're used in the real world. You know, like when you're being moved from the county lockup over to the courthouse for your arraignment.
Don't disappoint your bird dog. Go to the range.
Why would T-mblie want you to do speedtest on an inactivated SIM? They don't.
It is a side-effect of them cheating on the speed test. What happens is that speed-test traffic is given #1 priority over everything else.
The first thing the network checks is "is this a speed-test?" If so, it bypasses everything else non-essential, including the accounting system.
So this is not just a way to get free data, but to get faster data, if you have a decent proxy. ...[cough]. Can anyone test this?
But surely a large corporation would never cheat on product performance tests? [cough]VW , Samsung, LG,
This is a great hack. I'll do the same thing so I can get the same... hey, wait a minute. I bet EVERYBODY knows about this now -- even T-Mobile -- so this probably won't work anymore. Nice going, mister brags-a-lot. You've ruined it for everyone now.
It comes with free room and board, the orange suits are free too.
In front of a judge, wouldn't cheating to misrepresent the speed of your mobile network be considered criminally illegal? Would this young man not then be qualified as a whistleblower?
I tried Freedom Pop a couple of years ago. It isn't free. The phone was $119 for a used low end Samsung that was worth about $10. Calls, nearly all of them, sounded like the person I was speaking with was under water way too often. Until I read, from trustworthy sources, that Freedom Pop has indeed turned the corner and has a quality service, I'll not recommend it to anyone. The customer support was absolutely horrible, and could not solve any of the problems I had. In fact, my last call to support, the service rep said he couldn't hear me, shortly after denying that they had any issues.
ANNNDDD ITTT"SSS GONEEEE!!!
https://www.youtube.com/watch?v=_nVk25ZvTkU
Yes but it's automated and it's only deciding to throttle or not to throttle. Nobody is looking at your packets and nothing is altering your data.
Since every KB is tracked and recorded, what he REALLY hacked is T-Mobile's latent power to bill his sorry butt for the data he used. And I am sure they will do just that.
And if he refuses to pay, it becomes theft of service just like stealing electricity or cable TV and his sorry butt will end up in jail.
Smart move there Einstein.
Sig for hire.
The website mentioned in the summary, https://tmobileunlimited.herokuapp.com/, is still up but simply says "No such app". Seems he already took the proxy down.
He'd probably make a more interesting case if he had an "unlimited data" plan and actually got unlimited data this way, though. Probably wouldn't be legally in the clear that way either, but he'd at least be slightly less clearly in the wrong.
Back in 2000 I had one of those AOL CD's that they liked to shove into everyone's mailbox. The would give you so many free hours, but you still needed a credit card. I remember going through the motions of signing up but stopping short of inputting my CC info, as I didn't have one at the time. There was a part of the sign up that searched for a list of local phone numbers. During that time you were connected to the net.I would switch to a real browser, Netscape at the time, and sure enough I was surfing a 56k. The connection would usually time out a about 20 to 30 minutes and I would have to try again, but it still worked.
I dunno I'd be tempted to have not told anyone about that. It'll be closed off in no time now.
That's because they initially launched on the Sprint network. Guess what, if you've ever used Verizon Wireless, the calls sound just as bad because they're using the exact same codecs and network protocols (3GPP2 CDMA2000 1xRTT). FreedomPop has partnered with a GSM operator as of late (I think T-Mobile), which provides a far superior quality of service.
Back in 1998, NetZero offered completely free dialup, with no trickery.
They're big on selling off hardware through Daily Steals, too, without telling the buyer that the service the hardware depends on is going to be shut off in just a few months. I have a WiFi router with cell data service from them through Sprint that lasted six months and then just stopped when Sprint turned off the data service.
Bill for what? If it's going through an un-metered part of their network, then how will they know how much was used?
> > (b) uses, without consent, an existing, canceled or revoked access device;
> Neither canceled nor revoked
It sounds like service was cancelled when the bill wasn't paid, but in any event it's certainly an EXISTING access device. The law says "existing, cancelled, or revoked", and it is certainly existing.
> "an unauthorized, false, or fictitious name, identification, telephone number, or access device"
And that device is not authorized to be using their network. It's an unauthorized access device.
More to the point, judges are not in fact robots, nor are they dictionaries. Any human, including a judge, can see that there is a law against taking services without permission and without paying for them, and can see that he took services without permission and without paying for them. Trying to play word games will only annoy the judge, not persuade them.
"Eh, well, Mr. Prosecutor, it looks like you have me over a barrel. Tell you what though: If you drop those charges against me, I'll promise not to tell Sprint, Verizon, and AT&T about what I did...."
this just proves how cheating T-mobile is exploiting gullible and clueless customers by advertising FALSE claims about their data speeds.
And their in-store reps would brainwash customers into thinking their data plans are fast.
Never trust their speedtests.
Im sure thats just one whitelist path. /admin /test /plan /check /error /help
and thats just off the top
tcp/8000.
I don't see why not. Why can't they just be more clever about their whitelist? Presumably this isn't an issue for other networks?
...is xhtml.weather.com. A long time ago I had a 30MB data plan and this was one of a few websites that continued to work after running out of data and getting paywalled, although most of the graphical assets were stored on a different domain and thus didn't load post-data bucket depletion. m.us.yahoo.com also used to work, but that was plugged in 2014.
TCP port 53 used to also be wide open, but from what I gathered on various forums, that was patched during the last major VoLTE outage. Two other users commented elsewhere on this story that this port (and it's UDP counterpart) as apparently still open on Verizon Wireless. However, I'm unable to confirm this paragraph.
You can use VPN to tunnell all mobile traffic via UPD and it will work with most cellular network providers too.
Years ago (1995 to be precise), I had a modem plugged into the airphone that used to be in the headrest of the middle seat on Delta and other airplane seats. I had the phone clicked into the holder, but there was a gap that allowed the cable to snake out to the laptop. As we were waiting for take off, I idly pushed the buttons on the handset and after hitting the # key the screen displayed "dial your number" - this only showed if the modem cable was plugged in and the handset was clicked into the headrest. Although the keypad itself was disabled, it was entirely possible to dial using the modem for a data-only call. Just in case, I switched seats and tried it, connected to my internet provider at that time and everything worked great, albeit at 2.4kbps or whatever it was. I did call up the skyphone folks afterwards and told customer care about it. They were very grateful, but I never heard anything from them and I doubt the backdoor was shut. If anyone worked on that system, I'd like to know if it was left there intentionally or not!
Enjoy your prison time kiddo!
A groovy Massive Attack tune is playing at the background..Wait, which decade was it now? I'm getting old and confused.
a) T-mobile will have this fixed by the close of business today
b) Our friend Amit is going to go to jail along with anyone else who tries this
Without a data plan, DNS tunneling works on all the mobile carriers. On most of them you have to tunnel through the carrier's own DNS servers. T-Mobile also allows access to Google Public DNS. Then there's Verizon where port 53 is wide open to anywhere.
Hint: if you're going to do something like this be a lad an choose a handle, don't set up any service on a server that can be traced back to you, and tip the media anonymously. Don't plaster your face all over your work unless by "college" you mean "prison", like the seasoned criminals refer to it too.
So.... He is 17, can he actually be arrested ?
Looks like an ISP-specific, less elaborate trick than PingTunnel, which OTOH has no wrapper on android/iOS AFAIK...
But quite brilliant from a single person!
Herve S.
Give this boy a cookie.
Great example of the fact that people are lazy and sloppy when it comes to network security
The shackles won't be artificial for long..
...was about the same trick. You could access google for free (from Opera browser on my flip) but everything else was like $1/10MB, but just by clicking the "see cached version" that was hosted by google, it worked for free.
"Science will win because it works." - Stephen Hawking
I hope this boy likes cockmeat sandwiches because he's going to be a double stuffed Oreo for the next 15 to life.
Mobile internet dongle has portal.
I did something much simpler, though. I embedded an iframe in the page and it worked.
I assume referrer or something similar was being used to track valid pages.
Eventually patched.
The link now gives 404 not found error. No more free access.
The parents should call the police
http://www.adequacy.org/stories/2001.12.2.42056.2147.html
...presumably so that he can do whatever it is that teens do online these days without alerting his parents...
Let me fix that:
...presumably so that he can watch porn.
It's bitztream, the autism-hating Slashdot troll!
Looks like they'll sell you a SIM card if you want to pick your own phone. As others have said, they apparently started as a Sprint PCS virtual operator, but if they've switched to SIM cards they probably use AT&T or T-Mobile, both of which are significantly higher quality.
You are not alone. This is not normal. None of this is normal.
o you can turn off automatic top-off (you wont get charged $10).
o if you ALLOW the $10, it will allow for overages (I think 500mb-1gb -- cant recall)
o you can BYOD. My son has an iphone 5c on it. With "freedompop friends", he gets an additional 500MB free. Thats (200min/500text/1gb data free)
For $7.99 you get 2g outgoing calls (uses cell service rather than VOIP), voice mail, data rollover and a few other services. I had that for about 2 years on my spare phone (hell of a lot cheaper than regular service). It's a good deal.
They also have their "global sim". 200min/500text/200MB free across most of europe and the US. "freedompop friends" can bump that up to 700MB. It cost me $1.99 for the sim -- I turned off all the "pay services" before I would get my first bill and dropped the sim in my tablet. More data than my 200mb for life tmobile sim. Plus it's service is in Great Britain -- (goes through a provider in London) I can access BBC videos in California reserved for GB only. Latency is high (low 200-mid-to-upper 300) but speed is very good. Latency also improves over a constant connection (telnet, for example).
That said, God help you if you ever need to call customer service.
They're actually "global sims" for service from Britain's 3 mobile (usable in most of Europe and the US). You need to set your phone to "roaming" in the US. It seems to favor AT&T but will connect on tmo as well.
I picked one up for $1.99. 200min (VOIP)/500txt/200MB data. You can bump up the data just linking to other freedompop users as (freedompop friends) and get an additional 500MB for a total of 700 MB. I turned off all the "$$$" services and went straight free and replaced my 200MB data for life TMO sim for this one. Other than higher latency than I would like (data goes through london -- latancy is around 200-380 on average), it's great. Added benefit is I can watch Britain only videos on BBC in the US.
Remember, "voice service" isn't really VOICE. It's VOIP. If you have a good connection on a tower thats not busy it works GREAT. Talking in a moving car *CAN* cause problems as you switch towers and "so-so" data connections are painfully bad. But it's FREE vs. $30 for a low cost "regular" cell phone solution with minimal data.
Gotta give him credit for figuring this out. Another example of what happens when engineers do stupid things thinking "nobody will figure this out."
Yeah - they always do. Where there's a will, there's a way.
I for one am laughing at this find. It is terrific !! It was a curious situation and I'm glad he spent the time getting to the bottom of "why"
But... Curiosity killed the free internet :-P
Phone network hacking is actually called phreaking so it would be a teenage phreaker.
"All phones or SIM cards purchased from 1-800-TMOBILE or online at T-Mobile.com come activated with a Pay As You Go plan with 30 minutes of talk or 30 texts (or any combination of the two that adds up to 30)." Apparently there's some limited data capability as well.
http://prepaid-phones.t-mobile...
T-Mobile SIMS have been a popular means of porting land lines to Google Voice service. GV only ports cell phone numbers. Cheap T-mobile SIMs come with enough service to port the land line to T-Mobile which is subsequently ported to GV.
Freedompop is a fucking scam. They told me they had a phone in stock, I needed one right away, so I took their offered deal. Except, wait, it was fraud! They didn't have the phone in stock at all, and lied to me about it. So I had to buy another phone. I called repeatedly before they shipped, but could not get a human on the line, so I could not cancel my order. They ship your phone in a plain brown paper box which is not from freedompop, but from a "shipping center" so that you cannot figure out what it is in order to reject the package. (I figured it out since nothing else was shipped to me in that time.) And then once they get it back, they don't refund your money for a month.
Fuck freedompop right in their ear.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
BYOD
Discovered - yes. Hacked - no.
we have been doing simler thing for a very long time boost mobile used to use a simmler tstic and we would make proxys to get around the wall.
BYOD
They're frauds, and the only thing I'd consider bringing them is a lawsuit.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
And its gone. Typical kid, cant keep his mouth shut.
they initially launched on the Clearwire (later Sprint WiMAX) network
FTFY. They started with just hotspots. They're on the Sprint 3G/4G networks now.
People have been arrested for stealing electricity by charging a phone on an outlet in park. That probably was theft of less than a penny.
http://www.heraldtribune.com/a...
Ninjas don't carry tic tacs
Holy fuck! That's almost as long as one of those hosts-file rants...
Requiem for the American Dream
o you can turn off automatic top-off (you wont get charged $10).
Not when I last dealt with these people. I spent a lot of time on the phone discussing the meaning of the words "totally free", and there was no way to get an account without a credit card they could charge, and no way to have it just stop at 500MB. Their excuse was that you could be streaming data too fast for their system to detect you had gone past the 500GB limit and you'd be running over your "free" data, so they HAD to charge when you hit 400MB.
o if you ALLOW the $10, it will allow for overages (I think 500mb-1gb -- cant recall)
Yes, the excuse for charging was to pay for overages. But if you never go over, you still get charged. That first 400MB might be "totally free", but that 1MB that takes you to 401MB is $10. And that's for a "totally free 500MB/month".
Now, $10/MB is not as bad as the $15/MB that T-Mobile charges for data if you're international roaming and not on the right plan, but it's still not "totally free".
That said, God help you if you ever need to call customer service.
Amen.
I cringe a little when I here this person described as a "hacker," but this is still a pretty neat discovery. Security through obscurity FTW!
Someone demonstrated this hack to me last December.
On the other hand, T-Mobile might pay him a scholarship and hire him through a COOP and then after college.
Have you fscked your local propeller head today?
What exactly are you smoking? I copy-pasted the exact text of the statute. The commas are exactly the same as the original statutory text:
https://www.nysenate.gov/legis...
See that? Commas. Now let's go eat grandma.
I'm not sure who you think you're going to convince with that story, but alright I'll play along. I could use a laugh. Thanks for replying to some of the message I put to not-obfuscon AC but not other parts because it wasn't really your AC post. Am very appreciative. One thing I haven't been able to work out is: what is your point? You seem very keen to educate us unknowledgables. Please enlighten us with your wisdom. Looking forward to hearing from you, the poster not formerly known as AC.
Sigger than your average
As I'm sure our dear friend Jacob Ajit was doing, and pulling from my own personal experience as a basement dwelling 17 year old nerd in the 90's, I can attest we will go to GREAT lengths to obtain free pron. I would almost go as far to say most exploits, innovations and experiments in cyberspace were all driven expressly with the intent of obtaining free porn.
This will of course be shut down now. He chose fame over having unlimited free data forever.
"Not when I last dealt with these people."
Not sure when the last time you dealt with them but I'd say the ability to turn it off has been there for at least 2 years. Service would just stop after you were within 100 MB of your data limit (400MB-450MB or maybe a bit more). Also, if you DID get the $10 charge, it doesn't just "vanish". It gets used piecemeal until you've eaten through an additional 500 MB. Of OVERAGE. In other words, if you got the top up charge but never went over 500 MB, the $10 stays there and you don't get changed again the FOLLOWING month if you get close. And lets say you burn through 700 MB that month (200 over), you'll STILL have 6 or 8 bucks credit for the next month. Or three. Or whenever.
Typical cheater. So what and who cares about another hacker cheater fraudster. This is the same type of loser who will be stealing cable tv one day or chisel his way fown the breakdown lane to sneak past a long line of traffic waiting on an off ramp. Have some self worth. Have some pride. Have some integrity. Don't ifolize these little creeps.