Teen Uncovers Route To Free Web Surfing On T-Mobile U.S. Network

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
How many of you on T-Mobile would have kept this to yourself? All it required was a proxy and “/speedtest” in the URL.

Jacob Ajit, a 17-year-old student at the Thomas Jefferson High School for Science and Technology in Fairfax, Virginia, was bored and screwing around with a smartphone that had service and a SIM for T-Mobile's prepaid phone service. He soon discovered it was possible to still gain access to the Internet without paying for an account; all he had to do was route everything through a proxy application running on a server with "/speedtest" in its Web address.
 
Well cellphone fraud like that is a very serious federal felony. He's looking at jail time ands stiff penalties.
 
The interesting thing is that tmobile wasn't counting speedtests against your data allotment. That's kinda cool if true. It seems that is going to change now.
 
  • Like
Reactions: N4CR
like this
viscountalpha said:
Theft of service right?
Click to expand...

Unauthorised use of a service, tampering with phones or signals to get the aforesaid...lots of stuff falls under the umbrella.


Kid is going to want a lawyer fast. Would have been cheaper legally for the kid to do a DIY cellphone jammer science fair project (which are also very illegal).
 
Skripka said:
Well cellphone fraud like that is a very serious federal felony. He's looking at jail time ands stiff penalties.
Click to expand...

Oh man, the kid is evil, throw the book at him stat!!!?

Ars attempted to contact T-Mobile for comment on Ajit's findings, which he said he has reported to the company. T-Mobile did not respond to requests for comment.
Click to expand...
 
Skripka said:
Unauthorised use of a service, tampering with phones or signals to get the aforesaid...lots of stuff falls under the umbrella.


Kid is going to want a lawyer fast. Would have been cheaper legally for the kid to do a DIY cellphone jammer science fair project (which are also very illegal).
Click to expand...
No tampering was required, just the use of a properly named proxy. Still theft of service though. But since it appears he tested his theory, took his proxy down, and notified T-mobile, I don't think he should need a lawyer.
Somehow, I doubt this kid is the first to notice this flaw. And I would also wager that others have been quietly taking advantage of it for who knows how long.
T-mobile owes him their thanks, not an assault from their legal team.
 
thesmokingman said:
Oh man, the kid is evil, throw the book at him stat!!!?
Click to expand...

Well. That is the law. And telco laws are heavy handedly enforced.

Not saying it is right or wrong. Just the reality.

Gorankar said:
No tampering was required, just the use of a properly named proxy. Still theft of service though. But since it appears he tested his theory, took his proxy down, and notified T-mobile, I don't think he should need a lawyer.
Somehow, I doubt this kid is the first to notice this flaw. And I would also wager that others have been quietly taking advantage of it for who knows how long.
T-mobile owes him their thanks, not an assault from their legal team.
Click to expand...

1) "A properly named proxy", is pretty much tampering. You're intentionally doing things you shouldn't to get an otherwise unobtainable and 100% unintended result...namely getting data service when you shouldn't. I'd call that tampering to my country IANAL sense of judgement.

2) Yea...and thanking the kid for finding and publicizing a flaw....LMFAO....that isn't how cellular ISP megacorporations operate, in case you hadn't noticed.
 
Further proving that speed tests and benchmarks are rigged and to be taken with a grain of salt.

Give the kid some slack, it's not like he committed a real crime.

poptartgun_small.jpg
 
Skripka said:
Well. That is the law. And telco laws are heavy handedly enforced.

Not saying it is right or wrong. Just the reality.



1) "A properly named proxy", is pretty much tampering. You're intentionally doing things you shouldn't to get an otherwise unobtainable and 100% unintended result...namely getting data service when you shouldn't. I'd call that tampering to my country IANAL sense of judgement.

2) Yea...and thanking the kid for finding and publicizing a flaw....LMFAO....that isn't how cellular ISP megacorporations operate, in case you hadn't noticed.
Click to expand...

You are prolly right, but if they do take try to fuck this kid, they will lose at least one business account over it. I may only have 20 people on their service, but I am under no contractual obligation to stay with them. Been thinking of just subsidizing the employees that have to have a phone for work anyway. Except the sales reps phones of course. Those numbers are mine.
 
westrock2000 said:
Further proving that speed tests and benchmarks are rigged and to be taken with a grain of salt.

Give the kid some slack, it's not like he committed a real crime.

poptartgun_small.jpg
Click to expand...
That hardly looks like a gun. The art teacher should be suspended.
 
Last edited:
The kid didn't steal any services. He only tested to see if it worked, then reported it to T-Mobile. No criminal case here. He's a white hat.
 
Well, he is obviously up to no good by reporting the flaw. What else is he hiding?

Seriously though, t-mobile won't probably do anything but put a patch over the issue.
 
evilsofa said:
The kid didn't steal any services. He only tested to see if it worked, then reported it to T-Mobile. No criminal case here. He's a white hat.
Click to expand...

Some companies don't see it that way. Also, somehow the media knows about this so he is creating a negative publicity as a result of this so it could cause other things to go after the kid for.
 
westrock2000 said:
Further proving that speed tests and benchmarks are rigged and to be taken with a grain of salt.

Give the kid some slack, it's not like he committed a real crime.

poptartgun_small.jpg
Click to expand...
Yeah exactly what I was thinking. Bypassing their firewalls when you do a speedtest, isn't that a form false advertising. It's fooling your customers in my book.

Poor kid with the gun cooky. If that's a gun, then I'm superman.
 
If they file charges against this kid they better have some concrete evidence that he took advantage of this loophole or T-Mobile will have a serious publicity problem on their hands.
 
Noticed funny behaviour on corrupt NZ ISP networks too. Everything else goes average speed, as soon as you run a speed test it detects it and BOOM TEN MILLION BEGAMITS PER SECONDS!!1!!
Meanwhile in real usage you get 1/4 of that etc etc.. even when selecting overseas test locations it's faster than the performance you will get from any other source, even, e.g. Steam/MS/etc and other content networks.
 
N4CR said:
Noticed funny behaviour on corrupt NZ ISP networks too. Everything else goes average speed, as soon as you run a speed test it detects it and BOOM TEN MILLION BEGAMITS PER SECONDS!!1!!
Meanwhile in real usage you get 1/4 of that etc etc.. even when selecting overseas test locations it's faster than the performance you will get from any other source, even, e.g. Steam/MS/etc and other content networks.
Click to expand...
That's fraud. You could sue them.
 
B00nie said:
That's fraud. You could sue them.
Click to expand...

On a terrible rural ADSL connection in New Zealand, I've been so ass-raped and beaten by the monopoly I didn't even consider this aspect. Have challenged them on other aspects and won though never considered the point you make until now.
So thank you - will be doing more testing. This was quite a while ago on other connections also and I had not bothered since.
Perhaps they have since changed this.

Local caching also can provide issues. If playing an overseas source for first time e.g. very fresh/low view content stuff, it will not load very fast. When refreshing it, it will then load super fast..

Just hit speedtest.net... Results incoming.. (yes it's this slow at 2230).

Left it to time out.
537 ping 0.32mbit..
 
Last edited:
N4CR said:
Noticed funny behaviour on corrupt NZ ISP networks too. Everything else goes average speed, as soon as you run a speed test it detects it and BOOM TEN MILLION BEGAMITS PER SECONDS!!1!!
Meanwhile in real usage you get 1/4 of that etc etc.. even when selecting overseas test locations it's faster than the performance you will get from any other source, even, e.g. Steam/MS/etc and other content networks.
Click to expand...

They probably just run a speedtest server in NZ. Most of your congestion is on the undersea cables.
 
As a T-Mobile customer who has limited unlimited data, I noticed when you run a speedtest you get full 4G speed, but when your run YouTube or whatever you get 2G speed. So yea, this could be a method to get around that speed limit.
 
DukenukemX said:
As a T-Mobile customer who has limited unlimited data, I noticed when you run a speedtest you get full 4G speed, but when your run YouTube or whatever you get 2G speed. So yea, this could be a method to get around that speed limit.
Click to expand...

Are you experiencing "not HD" when viewing videos on your phone? T-Mobile did start transcoding (unnamed) video sources to be lower quality to reduce loads on the network. I don't know if that is what you are experiencing.

T-Mobile execs: Binge On uses proprietary adaptive bitrate optimization technology | FierceWireless
 
I knew about this kind of thing about a year ago when I noticed that even with an unactivated T-Mobile SIM card inside a smartphone I could run the Speedtest app and get results. I never went so far as to try and hack it or anything but I damned well did a shitload of speedtests on various devices using a single unactivated SIM for a long period of time. Right now, however, I just inserted an unactivated one in my Flex 2 and it of course connects to T-Mobile's network as expected (because I unlocked LTE bands 2/4/12 on the Flex 2) but it won't connect to the service anymore, it just hangs when trying to get the location - if I enable Wi-Fi I get the location data instantly but it will not pull from T-Mobile's towers anymore.

If I get the location first using Wi-Fi and then switch back to LTE and then attempt to run the speed test (the Speedtest app still being open after getting the location on Wi-Fi) it gives me practically nothing at all in terms of speed, like 0.01Mbps up and down so, either this guy's reported hack has broken that capability using the unactivated SIMs or something else is up. It gets on T-Mobile's network no issue, with LTE (verified by several apps for network info), and I can even call 'em up at 611 or access their website (www.t-mobile.com) but it won't utilize that Speedtest app with the unactivated SIM, at least not for me.

Oh well, so much for all the free speedtesting I suppose. :D
 
westrock2000 said:
Are you experiencing "not HD" when viewing videos on your phone? T-Mobile did start transcoding (unnamed) video sources to be lower quality to reduce loads on the network. I don't know if that is what you are experiencing.

T-Mobile execs: Binge On uses proprietary adaptive bitrate optimization technology | FierceWireless
Click to expand...
Nah, what I'm experiencing is my 2.5GB 4G data running out, and then T-Mobile switches me over to 2G data. So even at low video quality settings, the video plays back poorly.

My solution is to switch over to MetroPCS, cause when my 4G data runs, it switches me over to 3G instead of 2G. I can use 3G just fine.
 
westrock2000 said:
Are you experiencing "not HD" when viewing videos on your phone? T-Mobile did start transcoding (unnamed) video sources to be lower quality to reduce loads on the network. I don't know if that is what you are experiencing.

T-Mobile execs: Binge On uses proprietary adaptive bitrate optimization technology | FierceWireless
Click to expand...
Nah, what I'm experiencing is my 2.5GB 4G data running out, and then T-Mobile switches me over to 2G data. So even at low video quality settings, the video plays back poorly.

My solution is to switch over to MetroPCS, cause when my 4G data runs, it switches me over to 3G instead of 2G. I can use 3G just fine.
 
Well, I pay T-Mobile for my service. But I did notice long ago that if you had a speed test running, it would give you "fastest internet" even if you had already used up your monthly allowance of high speed data.

So I did something similar. It kept me on full LTE speeds, even after I had "run out" of my LTE data.
 
You must log in or register to reply here.
Back
Top