Links on Android Authority may earn us a commission. Learn more.
Bored teenager hacks T-Mobile’s network for free unlimited data
T-Mobile pre-paid SIM cards are designed such that users can update their account and purchase additional service without having to go into a T-Mobile location or log onto their account from a wifi network. This is a handy feature, but there’s just one problem: what if the user’s coverage ends, and they want to purchase more? The device would have to still gain access to T-Mobile’s network so the purchase could go through.
So essentially these SIM cards allow phones to have access to the internet at all times, but this access is rigidly blocked, intended to allow users access only to their T-Mobile member portal unless they’ve paid for active service.
But Jacob Ajit discovered that the popular Speedtest app still worked even though the device’s pre-paid period had expired.
Ars Technica hypothesizes that this access may have been white-listed as part of a marketing technique so that unactivated devices could be used to demonstrate network speed.
After playing around for a while with Speedtest on both the mobile device and his Macbook while using mitmproxy, Ajit realized that essentially all the data hosted to test internet speeds contained “/speedtest” in their URL.
He then returned to his prepaid device and discovered he could reach these files outside of the Speedtest app using the smartphone’s browser, even though the device was supposed to only be able to access account-relevant T-Mobile sites. He also discovered that he could publish content on the internet containing “/speedtest” in its web address, and he could access all of this content as well.
The way he did it makes so much sense that we’re stunned nobody has figured this out before.
Thinking on his feet, Ajit setup a remote server that contained “/speedtest” in its web address. By running all of his browsing through that server, he could surf the web at ease on T-Mobile’s 4G network from a non-active device.
Ajit reached out to T-Mobile about the issue, but has yet to receive any response. He decided to go ahead and post his findings to Medium because he believes the oversight is relatively easy to fix and poses no real harm for T-Mobile or the Uncarrier’s customers.
It’s a trivial fix to whitelist Speedtest servers based on their official host list, as I point out in this post, and the educational benefits of sharing with the my findings with community in this case outweighed the case for waiting for a [possible] response from TMobile.
He has since taken down his remote server.
What do you think of this teenager figuring out a way to get free unlimited T-Mobile data on his unactive prepaid phone? Give us your take in the comments!