Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Cellphones The Internet Businesses Communications Network The Almighty Buck

A Teenage Hacker Figured Out How To Get Free Data On His Phone (vice.com) 337

An anonymous reader quotes a report from Motherboard: Jacob Ajit is 17 and he just hacked his way to getting free phone data, presumably so that he can do whatever it is that teens do online these days without alerting his parents with overage fees. According to a Medium post Ajit posted on Wednesday, he made his discovery while playing around with a prepaid T-Mobile phone with no service. The phone was still able to connect to the network, although it would only take him to a T-Mobile portal asking him to renew the prepaid phone plan. For some reason, though, Ajit wrote that his internet speed test app still worked, albeit through a T-Mobile server. Ajit figured out that he was able to access media sent from any folder labelled "/speedtest," possibly because T-Mobile whitelists media files from speed tests regardless of the host. He tested his theory by setting up a "/speedtest" folder on his own site and filled it with media, including a Taylor Swift music video, which he was able to access. Ajit writes that he then created a proxy server that allows users to access any site with this method. All a T-Mobile user has to do is go to this page and input any URL they want to visit. "Just like that, I now had access to data throughout the T-Mobile network without maintaining any sort of formal payments or contract," Ajit wrote on Medium. "Just my phone's radios talking to the network's radios, free of any artificial shackles."
This discussion has been archived. No new comments can be posted.

A Teenage Hacker Figured Out How To Get Free Data On His Phone

Comments Filter:
  • Not anymore! (Score:5, Insightful)

    by WolphFang ( 1077109 ) <m@conrad@202.gmail@com> on Wednesday September 14, 2016 @08:34PM (#52890275)
    Not anymore! You can't tell everyone about your free access and expect it to stay that way!
  • by Anonymous Coward on Wednesday September 14, 2016 @08:42PM (#52890315)

    Note to teenage idiots: Writing online about your criminal exploits is a bad idea.

    What his kid did is called theft of communications services.

    T-Mobile probably won't press a criminal charges, but they could, and the kid would be convicted.

    • Comment removed based on user account deletion
      • by postbigbang ( 761081 ) on Wednesday September 14, 2016 @09:30PM (#52890527)

        Hate to be a killjoy, but I think they implemented for their *paying* customers. The young man, genius that he was, found a backdoor.

        In front of a judge, finding a backdoor looks really novel, perhaps fun, and yes, criminally illegal. I wish that T-Mobile and a prosecutor could just laugh it all off, but in this nutzo world, they won't, and the result is likely to be draconian, sad as that may be.

        • "Eh, well, Mr. Prosecutor, it looks like you have me over a barrel. Tell you what though: If you drop those charges against me, I'll promise not to tell Sprint, Verizon, and AT&T about what I did...."
        • Or they could thank him, reward him, and generate mountains of good will. But what are the odds of that happening?

      • Re: (Score:3, Insightful)

        by agm ( 467017 )

        If I send a request to a server and it sends a response back, how can that be illegal? Their server was configured to do this. If I ask a server for a file and it provides it to me then I can't see how that makes me a criminal.

        • by Actually, I do RTFA ( 1058596 ) on Thursday September 15, 2016 @02:11AM (#52891345)

          If I send a request to a server and it sends a response back, how can that be illegal?

          It's illegal to rob a house, even if the door is unlocked.

          I can send millions of requests to a poorly secured bank server, until I find a username password that gets a "logged in" response back. I can send a request after that to move money, and the server sends a response back with a reciept.

          These are all things the server was configured to do. But I think most people would recognize that as theft.

          • Re: (Score:2, Insightful)

            by agm ( 467017 )

            If I send a request to a server and it sends a response back, how can that be illegal?

            It's illegal to rob a house, even if the door is unlocked.

            That analogy is a poor one. It's like someone left their back door open and when asked "can I come in" they say "yes".

            I can send millions of requests to a poorly secured bank server, until I find a username password that gets a "logged in" response back. I can send a request after that to move money, and the server sends a response back with a reciept.

            These are all things the server was configured to do. But I think most people would recognize that as theft.

            It would be a poorly configured server. Again, the situation is different. Nothing is taken in the case of a server sending you files. It's not like taking money at all.

        • by bws111 ( 1216812 )

          Theft of services is basically defined as knowingly using a service that is being sold without paying for it. It doesn't matter if your method of access is some extremely clever and complicated hack, a mis-configured server, a backdoor, or getting your buddy who works there to authorize your device.

          As with most laws, it is YOUR actions that matter, NOT your targets actions.

        • Comment removed based on user account deletion
    • But he's free of any artificial shackles!
    • Waking up and going about your normal daily activities is a violation of several laws, some with potential for serious punishment.

      Bragging about beating the system and attaching your name to it - that's more likely to attract attention and get one or more of those many laws enforced.

      Even when there are no written laws against the action in question, "the system" has its ways of punishing the irritating.

  • Jacob Ajit is 17 and he just hacked his way to getting free phone data, presumably so that he can do whatever it is that teens do online these days without alerting his parents with overage fees.

    They know now. And now T-Mobile knows too. And he and his parents can expect a no-knock warrant to bust down their door and shoot their dog in 3...2...1....

    T-Mobile may be marginally less evil than other phone companies, but they're still a phone company. And the Computer Fraud and Abuse Act is still the law of the land. This is not going to end well for Jacob Ajit.

  • I remember back when I was 17, I drank some very good beer. Wait, that was a Simpsons reference. At 17 you don't think about consequences and largely you don't have much to lose. Still using commercial services in a way the company did not intend might have consequences. My hope is this kid will get a kudos for bringing the fault to light for T-mobile, a slap on the wrist to say be more careful about what you play around with, and later a fun and successful college career and productive life. The failure wa

  • by ninthbit ( 623926 ) on Wednesday September 14, 2016 @09:01PM (#52890415)

    Everyone always assumes the networks are filtering speed tests to make the results seem faster than normal traffic, but this pretty much confirms they are routing that data different.

  • Ajit figured out that he was able to access media sent from any folder labelled "/speedtest,"

    What? How does the phone or system know what the folders on the server are named? Is this free data only available using scp or ftp? If it's web-based, then there are no "folders", only URLs.

    • He wrote a proxy, so probably something like:

      http://tmobileunlimited.herokuapp.com/http%3A%2F%2Fslashdot.org/whatever

      The proxy fetches the content from the remote server to a local directory /speedtest and then serves the content to the phone from there (rewriting URLs in the process to be relative to /speedtest).

  • by CRC'99 ( 96526 ) on Wednesday September 14, 2016 @09:14PM (#52890459) Homepage

    We did this years ago on GSM / PPP sessions (remember when you connected a laptop via IR and dialed a number to get internet access?).

    Set up a VPN server to listen on port 53 UDP somewhere on the internet, then connect to it from your laptop via the phone.

    Used to be able to buy a $2 sim card, and pass hundreds of MB per day (which was a lot at the time) with zero restrictions.

  • You know, artificial shackles getting in between you and the free natural resources, much like sunshine, that is internet-connected bandwidth, DNS services, and everything else that somebody has to pay for so this entitled little jerk can be "unshackled." You know, because he's owed free stuff. Stuff that only other chumps pay for. How dare T-Mobile put shackles on nature's freely available peering systems, routers, maintenance workers, technicians, tower installers, electricity, and all of that other not-a
  • by quenda ( 644621 ) on Wednesday September 14, 2016 @09:16PM (#52890467)

    Why would T-mblie want you to do speedtest on an inactivated SIM? They don't.

    It is a side-effect of them cheating on the speed test. What happens is that speed-test traffic is given #1 priority over everything else.
    The first thing the network checks is "is this a speed-test?" If so, it bypasses everything else non-essential, including the accounting system.

    So this is not just a way to get free data, but to get faster data, if you have a decent proxy.
    But surely a large corporation would never cheat on product performance tests? [cough]VW , Samsung, LG, ...[cough]. Can anyone test this?

    • by account_deleted ( 4530225 ) on Wednesday September 14, 2016 @09:26PM (#52890507)
      Comment removed based on user account deletion
      • I think this is the really ridiculous part of the story: that he used a system in a different way that was targeted against the customers to fake them a speed they don't actually have.

    • Tell the boy's lawyer, this could be his only chance of not being sued, threatening them with this accusation.
    • by segin ( 883667 )

      Well, from a customer-facing perspective, speed tests on unactivated SIMs would be useful for determining what one can realistically expect for network speeds at a given location/time. A very minute "try before you buy".

      Due to the way GSM/UMTS/LTE networks perform, there's no performance gains to be had in unconditional whitelisting of speedtests, since the air interface (wireless last mile) will ALWAYS be the primary bottleneck.

  • It comes with free room and board, the orange suits are free too.
  • Here comes a bill (Score:4, Insightful)

    by RubberDogBone ( 851604 ) on Wednesday September 14, 2016 @10:53PM (#52890845)

    Since every KB is tracked and recorded, what he REALLY hacked is T-Mobile's latent power to bill his sorry butt for the data he used. And I am sure they will do just that.

    And if he refuses to pay, it becomes theft of service just like stealing electricity or cable TV and his sorry butt will end up in jail.

    Smart move there Einstein.

    • Since every KB is tracked and recorded,

      ASSumption.

      • by segin ( 883667 )
        Not a bad assumption. I have a postpaid tablet and data used for "Binge On" is still tracked in "total on-network data", but not against billing data. The 26GB deprioritisation limit applies to the former, not the latter.
        • Except for the literally countless services that use data but are not tracked towards your data usage.

          Also given the numbers the ISPs sometimes come up with I bet they don't so much track users but rather take a rough look at how old you are, apply a typical usage profile, then double it and screw you for going over their limit. :-)

  • The website mentioned in the summary, https://tmobileunlimited.herokuapp.com/ [herokuapp.com], is still up but simply says "No such app". Seems he already took the proxy down.
  • Free AOL (Score:5, Interesting)

    by Dusthead Jr. ( 937949 ) on Wednesday September 14, 2016 @11:14PM (#52890913)
    Back in 2000 I had one of those AOL CD's that they liked to shove into everyone's mailbox. The would give you so many free hours, but you still needed a credit card. I remember going through the motions of signing up but stopping short of inputting my CC info, as I didn't have one at the time. There was a part of the sign up that searched for a list of local phone numbers. During that time you were connected to the net.I would switch to a real browser, Netscape at the time, and sure enough I was surfing a 56k. The connection would usually time out a about 20 to 30 minutes and I would have to try again, but it still worked.
    • by dbIII ( 701233 )
      Around that time I met a spammer who used that trick and wanted someone to set up a dozen modems for them.
      Since he said a few things that indicated he was unlikely to pay (at all) I didn't even have to think about the morality of working for a spammer. There was some shit about seeing how good I was for a few months and then cash in hand after that time. Later I heard he skipped town owing three months rent on his office.
      So much for government assisted "job matching".
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      At that time, there also used to be "warez" call "credit master 4" which would generate an algorithmically correct (but not actual) CC info. Since AOL CDs of the time only checked the algorithm, and not the validity, of input CC info, you were off to the races for weeks until the fictitious CC info was billed.

  • by AbRASiON ( 589899 ) * on Wednesday September 14, 2016 @11:23PM (#52890939) Journal

    I dunno I'd be tempted to have not told anyone about that. It'll be closed off in no time now.

  • ...is xhtml.weather.com [weather.com]. A long time ago I had a 30MB data plan and this was one of a few websites that continued to work after running out of data and getting paywalled, although most of the graphical assets were stored on a different domain and thus didn't load post-data bucket depletion. m.us.yahoo.com also used to work, but that was plugged in 2014.

    TCP port 53 used to also be wide open, but from what I gathered on various forums, that was patched during the last major VoLTE outage. Two other users comm

  • Years ago (1995 to be precise), I had a modem plugged into the airphone that used to be in the headrest of the middle seat on Delta and other airplane seats. I had the phone clicked into the holder, but there was a gap that allowed the cable to snake out to the laptop. As we were waiting for take off, I idly pushed the buttons on the handset and after hitting the # key the screen displayed "dial your number" - this only showed if the modem cable was plugged in and the handset was clicked into the headrest.

  • Looks like an ISP-specific, less elaborate trick than PingTunnel, which OTOH has no wrapper on android/iOS AFAIK...
    But quite brilliant from a single person!

  • ...was about the same trick. You could access google for free (from Opera browser on my flip) but everything else was like $1/10MB, but just by clicking the "see cached version" that was hosted by google, it worked for free.

If all else fails, lower your standards.

Working...