Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Teenage Hacker Figured Out How To Get Free Data On His Phone (vice.com)

Posted by BeauHD on from the unlimited-data dept.

An anonymous reader quotes a report from Motherboard: Jacob Ajit is 17 and he just hacked his way to getting free phone data, presumably so that he can do whatever it is that teens do online these days without alerting his parents with overage fees. According to a Medium post Ajit posted on Wednesday, he made his discovery while playing around with a prepaid T-Mobile phone with no service. The phone was still able to connect to the network, although it would only take him to a T-Mobile portal asking him to renew the prepaid phone plan. For some reason, though, Ajit wrote that his internet speed test app still worked, albeit through a T-Mobile server. Ajit figured out that he was able to access media sent from any folder labelled "/speedtest," possibly because T-Mobile whitelists media files from speed tests regardless of the host. He tested his theory by setting up a "/speedtest" folder on his own site and filled it with media, including a Taylor Swift music video, which he was able to access. Ajit writes that he then created a proxy server that allows users to access any site with this method. All a T-Mobile user has to do is go to this page and input any URL they want to visit. "Just like that, I now had access to data throughout the T-Mobile network without maintaining any sort of formal payments or contract," Ajit wrote on Medium. "Just my phone's radios talking to the network's radios, free of any artificial shackles."

10 of 337 comments (clear)

  1. Arrest warrent is being drawn up now by Anonymous Coward · · Score: 5, Insightful

    Note to teenage idiots: Writing online about your criminal exploits is a bad idea.

    What his kid did is called theft of communications services.

    T-Mobile probably won't press a criminal charges, but they could, and the kid would be convicted.

    1. Re: Arrest warrent is being drawn up now by bws111 · · Score: 5, Informative

      Where did you get that idea? For instance, here is an excerpt from NY law explaining when a person is guilty of theft of services

      With intent to avoid payment by himself or another person of the lawful charge for any telephone service which is provided for a charge or compensation he (a) sells, offers for sale or otherwise makes available, without consent, an existing, canceled or revoked access device; or (b) uses, without consent, an existing, canceled or revoked access device; or (c) knowingly obtains any telecommunications service with fraudulent intent by use of an unauthorized, false, or fictitious name, identification, telephone number, or access device. For purposes of this subdivision access device means any telephone calling card number, credit card number, account number, mobile identification number, electronic serial number or personal identification number that can be used to obtain telephone service.

      See anything in there about TOS?

    2. Re: Arrest warrent is being drawn up now by Xest · · Score: 5, Insightful

      As much as all this might have sounded good in your head, when you wrote it, I outright guarantee you that a judge, and jury would trivially be persuaded that your attempt to twist the language has absolutely no legal validity.

      This is why we have lawyers, to advise on reality of such things, unfortunately you're clearly not one, so you should probably stop pretending you are in case you give someone completely misguided advice and get them into trouble.

      You obviously haven't been keeping track of trends in law relating to digital issues, if you had you'd know that there is no get out clause in the law that allows for wishful thinking posted on the internet by a random non-lawyer.

      Like it or not, theft of services is a thing, and this kid would be guaranteed to have been found guilty of it regardless of how desperately you may wish to try and mis-read the law in your favour.

      I know this because such cases have been brought and won succesfully since at least the time of the widespread use of phreaking in the 80s. If you want to argue this guy wouldn't be caught you'd need to explain why this guy's bypass of the security measures in place is somehow different to anyone elses. I think you'll struggle though, simply because it's really not.

  2. Re:Not anymore! by Anonymous Coward · · Score: 5, Funny

    So you're saying Ajit is an ijit?

  3. /speedtest by invictusvoyd · · Score: 5, Funny

    That pretty much proves that T-mobile employs 15 year old Taylor swift fans to handle their networks.

  4. The real reason it works: by quenda · · Score: 5, Insightful

    Why would T-mblie want you to do speedtest on an inactivated SIM? They don't.

    It is a side-effect of them cheating on the speed test. What happens is that speed-test traffic is given #1 priority over everything else.
    The first thing the network checks is "is this a speed-test?" If so, it bypasses everything else non-essential, including the accounting system.

    So this is not just a way to get free data, but to get faster data, if you have a decent proxy.
    But surely a large corporation would never cheat on product performance tests? [cough]VW , Samsung, LG, ...[cough]. Can anyone test this?

  5. Re:Now that this has attracted media coverage... by Anonymous Coward · · Score: 5, Informative

    Don't expect this to be fixed anytime soon. Ookla Speedtest has been exempt from data caps since 2014, and free speedtests are an official feature of T-Mobile data plans.

    Confirmed: T-Mobile exempting speed-testing data from monthly data allotments

    Speedtest servers are hosted by volunteers, and as can been seen from the installation instructions, Ookla Speedtest is fairly hard to exempt without exempting everything under /speedtest

    Installing HTTP Legacy Fallback

    Speedtest servers are located everywhere. T-Mobile could conceivably limit exemptions to only servers on the Speedtest.net server list, but the exemption list would require continual synchronization to keep it up to date.

    Speedtest.net server list

    The trouble is if the exemption list ever becomes out of date, then T-Mobile customers would complain bitterly about being charged for speedtests until the exemption list is updated, and presumably T-Mobile would prefer to avoid complaints about speedtests using data.

  6. Re:Not anymore! by Ol+Olsoc · · Score: 5, Funny

    That's racist! check your privilege!

    I checked it - it's still there - like always.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  7. Re:Not anymore! by meerling · · Score: 5, Informative

    A long time ago when dialup and AOL were viable options, you could use their free software they gave out to get an account with to get online. You'd run it and wait for it to connect to their server, but instead of filling it out and getting an account, you'd tab to your own browser without closing the AOL one, and you were on the internet without any restrictions.

  8. Re:Not anymore! by stealth_finger · · Score: 5, Insightful

    How the fuck is that racist?

    Because apparently everything is, but only if you're white. Didn't you get the memo?

    --
    Wanna buy a shirt?
    https://www.redbubble.com/people/stealthfinger/shop?asc=u