High school student discovers method to get free data on T-Mobile

tmobilelogolarge

T-Mobile has been white-listing speed test apps from data allotments for a while now, letting you test the speed of T-Mo’s network without using your monthly data allowance. Now one high schooler has found an interesting loophole related to T-Mobile and speed tests.

Jacob Ajit was recently playing around with a T-Mobile prepaid SIM with no active service and discovered that he could use it to get free data on T-Mo. Ajit explains that, after noticing that he could access T-Mobile’s website and use the SpeedTest.net app with the inactive SIM, he came up with a theory and decided to test it.

Ajit thought that T-Mo was simply performing a check for formatted “/speedtest” folders, and if there was one when the user was trying to access data, the request would go through. So he put a /speedtest folder on his own site, loaded it with files (like a Taylor Swift music video), and accessed it without a problem. He then set up a proxy server to try and access the full web using this same loophole and was successful again.

T-Mobile hasn’t made any official statements regarding Amit’s findings, but he does say that he’s reached out to T-Mo about the issue. As a result, expect this loophole to be shut down. It’s not something that every single person will take advantage of because it requires a bit more effort than just popping an inactive T-Mo prepaid SIM into your phone and browsing the web normally, but I imagine that it’s still a loophole that T-Mobile would like closed.

Ajit’s full write-up on his experiment is an interesting read, and you can check it out at the link below.

Source: Medium

Tags: , ,

  • Willie D

    Thanks for being a little snitch and blowing it for everyone.

  • User

    I bet you that the people who discovered it before him hate him for reporting it to Tmo

    • Wezi427

      True, even more so after he is compensated for it.(I assume)

      • noh1bvisas

        or arrested for hacking. may be a federal crime since he did it using the airwaves leased from the gov.

  • Adam

    I think the bigger news here is that there are high schools teaching kids marketable skills. The local high school were I live offers technology classes that include subjects like ‘keyboarding’.

    • Aaron Davis

      I had that class in high school too, except we were using Apple IIs.
      They even called it ‘keyboarding’ too, as if that was somehow different than ‘typing’

      They also taught programming, but it was in line basic (basica) on a bunch of 8086 IBM PCs

      I graduated in ’97 BTW, so I’m not that old, the school was just that far behind.

      • Adam

        Computer lit, which is things like keyboarding (no programming), is a 2016-2019 state high school graduation requirement, so it doesn’t sound like your school was that far behind.

        • Aaron Davis

          I was referring to the technology when I said the school was far behind, by about 10 years.

    • drago10029

      Very funny that you assume he learned that in school and that schools are teaching useful skills.

      • Adam

        I made that assumption after following the link and reading about the kid’s school.

        • drago10029

          fair enough, I stand behind my bias and dislike for US education system lol

    • TylerCameron

      I took 2 years of telecommunications in high school and can’t get a job better than Wawa

    • noh1bvisas

      hacking is generally not a marketable skill.

      • #Broken EMMAtaining The Boss!

        If you can use your hacking skills to help tech companies, then you can probably make bank with it.

      • Encino Stan

        I disagree. I worked for a company that other companies (like banks and department stores) would use to find exploits and security holes in their systems (websites, apps, etc.). That company would hire someone with skills to explore and seek ways into a system that a normal person wouldn’t think of.

        • noh1bvisas

          there are white-hack hacking jobs, sure. but for most other IT jobs, you will undergo a background check. this hacking of his will be part of his permanent record. it will come up every time he applies for a job.

        • Adam

          Although the Computer Fraud and Abuse Act is incredibly vague, without any special exemption for when the hacker informs the company of their hole, I have never seen a case where a hacker was prosecuted when informing the company of their hole, instead of self profit.

    • ZZTop

      The kid goes to TJ, one of the best public high schools in the nation. Good for him.

  • Rob916

    I discovered something similar back in 03 with a CDMA regional carrier although you could also access all their systems on their internal network, whoops! I emailed them and advised of the security hole and they never fixed it. With this article I now question now many other carriers have holes in their network.

    • BreakingData

      Was it Alltel, Cause I emailed them as well and got no response

      • Rob916

        No, it was a local carrier here called “SureWest Wireless”. One Interesting thing about Alltel though is I was able to program their BREW store settings into SureWest phones and download BREW apps for free. Seemed to be all kinds of holes in CDMA carriers

    • Adam

      60 Minutes did an in depth report on phone security. They reported the biggest flaw is in SS7.
      http://www.cbsnews.com/videos/hacking-into-a-congressmans-phone/

  • Tony Wu

    Think about: setup Open VPN on your router and you phone, let T-Mo think that you are listening to the music, but actually you phone connect to your home network? Maybe that will work.

  • Fabian

    Some son ova gun here made me believe that T-Mobile doesn’t whitelist speed test apps, that the speed results are the actual speeds we are getting on our devices not the network speed before throttlings and prioritizings, and I believed,

    • a d00d

      I don’t have the link handy, but TMo explicitly says they whitelist the FCC test app and Ookla’s Speedtest.net. I didn’t realize the method they were using was so crude and 80’s-ish. I honestly feel like my intelligence has been insulted.

      • Paul Hansen

        So easy it’s difficult

  • Kendolink

    I kinda noticed they also treat the app store in some areas like speed test making certain things load faster even after i used up my gb and am now on reduced 2g speed.

  • Nobody Special

    I have found a glitch to get extra FULL T-Mobile Tuesday gifts… but im afraid to tell anyone (Multiple Subway Sanwiches/ Multiple T-Mobile T-Shirts) Maybe I should write to T-Mobile Corporate about the glitch.

    But one glitch I have also found has since been fixed…..Thank You T-Mobile :)

  • debra.bonnett

    I am making roughly 6 thousand-8 thousand bucks /every month with an internet task. For everybody ready to work simple freelance tasks for 2-5 hours a day at your home and gain good benefit while doing it… Then this job opportunity is for you… CLCK.RU/A54RG

    aasda