Slashdot Mirror
A Teenage Hacker Figured Out How To Get Free Data On His Phone (vice.com)
An anonymous reader quotes a report from Motherboard: Jacob Ajit is 17 and he just hacked his way to getting free phone data, presumably so that he can do whatever it is that teens do online these days without alerting his parents with overage fees. According to a Medium post Ajit posted on Wednesday, he made his discovery while playing around with a prepaid T-Mobile phone with no service. The phone was still able to connect to the network, although it would only take him to a T-Mobile portal asking him to renew the prepaid phone plan. For some reason, though, Ajit wrote that his internet speed test app still worked, albeit through a T-Mobile server. Ajit figured out that he was able to access media sent from any folder labelled "/speedtest," possibly because T-Mobile whitelists media files from speed tests regardless of the host. He tested his theory by setting up a "/speedtest" folder on his own site and filled it with media, including a Taylor Swift music video, which he was able to access. Ajit writes that he then created a proxy server that allows users to access any site with this method. All a T-Mobile user has to do is go to this page and input any URL they want to visit. "Just like that, I now had access to data throughout the T-Mobile network without maintaining any sort of formal payments or contract," Ajit wrote on Medium. "Just my phone's radios talking to the network's radios, free of any artificial shackles."
Not anymore! You can't tell everyone about your free access and expect it to stay that way!
leather-dog muksihs
Blog: @muksihs
Note to teenage idiots: Writing online about your criminal exploits is a bad idea.
What his kid did is called theft of communications services.
T-Mobile probably won't press a criminal charges, but they could, and the kid would be convicted.
That pretty much proves that T-mobile employs 15 year old Taylor swift fans to handle their networks.
Everyone always assumes the networks are filtering speed tests to make the results seem faster than normal traffic, but this pretty much confirms they are routing that data different.
We did this years ago on GSM / PPP sessions (remember when you connected a laptop via IR and dialed a number to get internet access?).
Set up a VPN server to listen on port 53 UDP somewhere on the internet, then connect to it from your laptop via the phone.
Used to be able to buy a $2 sim card, and pass hundreds of MB per day (which was a lot at the time) with zero restrictions.
Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
Why would T-mblie want you to do speedtest on an inactivated SIM? They don't.
It is a side-effect of them cheating on the speed test. What happens is that speed-test traffic is given #1 priority over everything else.
The first thing the network checks is "is this a speed-test?" If so, it bypasses everything else non-essential, including the accounting system.
So this is not just a way to get free data, but to get faster data, if you have a decent proxy. ...[cough]. Can anyone test this?
But surely a large corporation would never cheat on product performance tests? [cough]VW , Samsung, LG,
Don't expect this to be fixed anytime soon. Ookla Speedtest has been exempt from data caps since 2014, and free speedtests are an official feature of T-Mobile data plans.
Confirmed: T-Mobile exempting speed-testing data from monthly data allotments
Speedtest servers are hosted by volunteers, and as can been seen from the installation instructions, Ookla Speedtest is fairly hard to exempt without exempting everything under /speedtest
Installing HTTP Legacy Fallback
Speedtest servers are located everywhere. T-Mobile could conceivably limit exemptions to only servers on the Speedtest.net server list, but the exemption list would require continual synchronization to keep it up to date.
Speedtest.net server list
The trouble is if the exemption list ever becomes out of date, then T-Mobile customers would complain bitterly about being charged for speedtests until the exemption list is updated, and presumably T-Mobile would prefer to avoid complaints about speedtests using data.
Dunno. T-Mobile tried to game the system and Ajit gamed them back. If there was any cheating it was by T-Mobile, white-listing speed test servers.
Well, no one would go to the forbes links.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
That whitelisting for speedtests also applies to unactivated SIMs and prepaid SIMs without active service (e.g. due to nonpayment or zero balance.)
I used to keep a spare phone lying about with an unactivated SIM while I had a prepaid SIM, and discovered the speedtest whitelisting was unconditional. I never thought to dig any deeper into it, although I suspected this type of thing was possible all along.
Glad to have my suspicions confirmed without having to risk my ass.
Since every KB is tracked and recorded, what he REALLY hacked is T-Mobile's latent power to bill his sorry butt for the data he used. And I am sure they will do just that.
And if he refuses to pay, it becomes theft of service just like stealing electricity or cable TV and his sorry butt will end up in jail.
Smart move there Einstein.
Sig for hire.
Back in 2000 I had one of those AOL CD's that they liked to shove into everyone's mailbox. The would give you so many free hours, but you still needed a credit card. I remember going through the motions of signing up but stopping short of inputting my CC info, as I didn't have one at the time. There was a part of the sign up that searched for a list of local phone numbers. During that time you were connected to the net.I would switch to a real browser, Netscape at the time, and sure enough I was surfing a 56k. The connection would usually time out a about 20 to 30 minutes and I would have to try again, but it still worked.
They're big on selling off hardware through Daily Steals, too, without telling the buyer that the service the hardware depends on is going to be shut off in just a few months. I have a WiFi router with cell data service from them through Sprint that lasted six months and then just stopped when Sprint turned off the data service.
> > (b) uses, without consent, an existing, canceled or revoked access device;
> Neither canceled nor revoked
It sounds like service was cancelled when the bill wasn't paid, but in any event it's certainly an EXISTING access device. The law says "existing, cancelled, or revoked", and it is certainly existing.
> "an unauthorized, false, or fictitious name, identification, telephone number, or access device"
And that device is not authorized to be using their network. It's an unauthorized access device.
More to the point, judges are not in fact robots, nor are they dictionaries. Any human, including a judge, can see that there is a law against taking services without permission and without paying for them, and can see that he took services without permission and without paying for them. Trying to play word games will only annoy the judge, not persuade them.
Many years ago, back in the days of very small quota's but the exciting new prospect of mp3's, your author did something very similar via his University and its habit of allowing all requests that contained the university URL as part of the address. This was very nearly the end for our young adventurer, as the university in question had plans for expulsion, civil, and possibly even criminal charges! (There may have been one or two other indiscretions of a network related nature). Fortunately in this story, the Dean of Engineering saved the day with a general "boy's will be boy's" attitude and a stern warning, so the hero was not thrown to the legal wolves. The point of this is to say that you should never ever assume that your "one cool trick" won't land you in serious hot water.