How one teen gained access to T-Mobile’s network for free – without any data plan or contract

David Bisson

Teen gains access to T-Mobile network for free - without any data plan or contract

Teen gains access to T-Mobile network for free - without any data plan or contract

A teenager recently found a way to gain access to T-Mobile’s mobile network for free – that is, without any data plan or contracts.

Jacob Ajit, a 17-year-old student at Thomas Jefferson High School for Science and Technology, was recently alone with nothing to do on a Friday night when he got to playing with his T-Mobile phone.

His device had a prepaid SIM, meaning he could use a basic LTE connection to upgrade his phone’s plan.

T-mobile screenshot

After some fiddling, Ajit discovered his Speedtest app could achieve a 20 mbps LTE connection.

That’s when a question sprang into his mind. As he explains in a blog post:

“What if TMobile was simply checking for similarly formatted /speedtest folders without any real verification?”

Curious, Ajit set his own /speedtest folder and loaded it up with various files, including a Taylor Swift music video.

T mobile tay

Now he could access any pre-loaded files from wherever he wanted!

But that wasn’t enough. The student wanted the internet at his fingertips, so he created a proxy server on Heroku using Glype.

To his delight, it worked!

T mobile proxy

“Just like that, I now had access to data throughout the TMobile network without maintaining any sort of formal payments or contract. Just my phone’s radios talking to the network’s radios, free of any artificial shackles. Mmm, the taste of liberty.”

Overall, it wouldn’t be hard for T-Mobile to fix this issue. Ajit admits the mobile service provider would simply need to make its whitelist check against Speedtest’s server list found here.

It might have even already done that. One of Motherboard’s journalists who is a T-Mobile customer tried to replicate Ajit’s procedure on his device, but to no success. That could be because the journalist’s phone didn’t use a prepaid SIM card. Or it could be because the issue has since been resolved.

T-Mobile has yet to acknowledge the issue, however, so we can only assume the gates to “Free Data Land” are still open.

But like the most wonderful things in life, it’ll be that way for a limited time only.

David Bisson David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

36 Replies to “How one teen gained access to T-Mobile’s network for free – without any data plan or contract”

    1. if he was a "crook" ( Who uses that term anymore….) he probably wouldn't have gone public with the discovery,and wouldn't have talked about how to fix it…

      1. In a technical sense, Ajit almost certainly violated the Computer Fraud and Abuse act, and could be charged with a federal felony. I do not thing that would be appropriate, or that the act is what we should consider good law. However, the law is what it is, and an ambitious US Attorney might view the act, and Ajit's action, quite differently, as some have done in the past. Announcing it publicly probably was a bit unwise.

    2. If he was a "crook" he wouldn't have made it public he would have saved that info to sell to people on the street so that they had unlimited data for a pretty penny in his pocket. Also if he was a real crooked crook he would be street rich, he would be a street runner, and a con artist like Hitlery (had to).

    3. Frank is just burger flipper the low end of American Sewage, and he knows all about being crook when he gulps those burger down his throat, when nobody is looking.

    4. Frank… Frank! The young genius found the problem, tested it, verified it, then reported it to T-Mobile, and shut-down his test. He was a curious young engineer that ended-up doing T-Mobile a favor while showing both integrity and ingenuity.

    1. You're quite right! Even if they're not deliberately throttling it, anything under "speedtest" was set up to bypass checks that slow ordinary activity down.

      1. This brings up an interesting point, if that's the case with T-Mobile, I wonder if other internet data providers might be doing this with Speedtest. So even if you're paying for the service and you complain that your speeds are too low and they ask you to run a speed test to verify. After running the tests the speeds come up normal because their servers are rigged to throttle up when when they "see" a speed test but in reality you're stuck a lower speeds everywhere else.

    1. @fredjohson…It is wrong for you to publicly announce your "low life Profession". Go to sleep this is not your cup of tea.

  1. Hats off to this young man for having the intelligence of finding a hole in T-Mobile's network and the scruples to come forward so that it can be corrected. I hope T-Mobile recognize him with an award and a summer internship.

  2. Who thinks like that?…""What if TMobile was simply checking for similarly formatted /speedtest folders without any real verification?"…."created a proxy server on Heroku using Glype" Im like what? I'm in IT and have no idea what Heroku and Glype is.

    Someone give this kid something to do. Go to the mall and hang out with your friends. Are you sure Ajit isn't a robot?

  3. tmobile cheats and has been rigging the speedtest website and app. If you setup what this kid did you will get high speed data all the time not 3g and 2g once your data cap is finished. T mobile does not believe in net neutrality.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.