How one teen gained access to T-Mobile’s network for free – without any data plan or contract

Student admits it would be easy to fix. The issue might have already been plugged.

David bisson
David Bisson

Teen gains access to T-Mobile network for free - without any data plan or contract

A teenager recently found a way to gain access to T-Mobile’s mobile network for free – that is, without any data plan or contracts.

Jacob Ajit, a 17-year-old student at Thomas Jefferson High School for Science and Technology, was recently alone with nothing to do on a Friday night when he got to playing with his T-Mobile phone.

His device had a prepaid SIM, meaning he could use a basic LTE connection to upgrade his phone’s plan.

Sign up to our free newsletter.
Security news, advice, and tips.

T-mobile screenshot

After some fiddling, Ajit discovered his Speedtest app could achieve a 20 mbps LTE connection.

That’s when a question sprang into his mind. As he explains in a blog post:

“What if TMobile was simply checking for similarly formatted /speedtest folders without any real verification?”

Curious, Ajit set his own /speedtest folder and loaded it up with various files, including a Taylor Swift music video.

T mobile tay

Now he could access any pre-loaded files from wherever he wanted!

But that wasn’t enough. The student wanted the internet at his fingertips, so he created a proxy server on Heroku using Glype.

To his delight, it worked!

T mobile proxy

“Just like that, I now had access to data throughout the TMobile network without maintaining any sort of formal payments or contract. Just my phone’s radios talking to the network’s radios, free of any artificial shackles. Mmm, the taste of liberty.”

Overall, it wouldn’t be hard for T-Mobile to fix this issue. Ajit admits the mobile service provider would simply need to make its allow-list check against Speedtest’s server list found here.

It might have even already done that. One of Motherboard’s journalists who is a T-Mobile customer tried to replicate Ajit’s procedure on his device, but to no success. That could be because the journalist’s phone didn’t use a prepaid SIM card. Or it could be because the issue has since been resolved.

T-Mobile has yet to acknowledge the issue, however, so we can only assume the gates to “Free Data Land” are still open.

But like the most wonderful things in life, it’ll be that way for a limited time only.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

36 comments on “How one teen gained access to T-Mobile’s network for free – without any data plan or contract”

  1. Frank

    So, basically, he's a hi-tech crook. I hardly think this should be celebrated.

    1. The real Frank · in reply to Frank

      if he was a "crook" ( Who uses that term anymore….) he probably wouldn't have gone public with the discovery,and wouldn't have talked about how to fix it…

      1. Jake · in reply to The real Frank

        Usually people who say "Crooked Hillary"

      2. Thomas Dial · in reply to The real Frank

        In a technical sense, Ajit almost certainly violated the Computer Fraud and Abuse act, and could be charged with a federal felony. I do not thing that would be appropriate, or that the act is what we should consider good law. However, the law is what it is, and an ambitious US Attorney might view the act, and Ajit's action, quite differently, as some have done in the past. Announcing it publicly probably was a bit unwise.

    2. Alysa · in reply to Frank

      If he was a "crook" he wouldn't have made it public he would have saved that info to sell to people on the street so that they had unlimited data for a pretty penny in his pocket. Also if he was a real crooked crook he would be street rich, he would be a street runner, and a con artist like Hitlery (had to).

    3. Idiot · in reply to Frank

      Love the generalization. For the things that this kid was able to do and might not even comprehend to you Frank.

    4. Sean · in reply to Frank

      Haha….obviously this person is from the older generation. Darn technology!

    5. DoodleGuy · in reply to Frank

      So, Frank, you're basically a pessimist dumbass. I hardly think you should be allowed to be on the internet.

    6. Dumb@ss Frank · in reply to Frank

      This kid is very smart and Frank you have racist tendencies.

    7. samurai · in reply to Frank

      Frank is just burger flipper the low end of American Sewage, and he knows all about being crook when he gulps those burger down his throat, when nobody is looking.

    8. Jonno · in reply to Frank

      Frank, he is smart, you have to admit it.

    9. Brian Cork · in reply to Frank

      Frank… Frank! The young genius found the problem, tested it, verified it, then reported it to T-Mobile, and shut-down his test. He was a curious young engineer that ended-up doing T-Mobile a favor while showing both integrity and ingenuity.

  2. Alan

    What I take from this is T-mobile rigging the speed test, throttling everything except the speed test sites.

    1. Zero · in reply to Alan

      You're quite right! Even if they're not deliberately throttling it, anything under "speedtest" was set up to bypass checks that slow ordinary activity down.

      1. Fabio · in reply to Zero

        This brings up an interesting point, if that's the case with T-Mobile, I wonder if other internet data providers might be doing this with Speedtest. So even if you're paying for the service and you complain that your speeds are too low and they ask you to run a speed test to verify. After running the tests the speeds come up normal because their servers are rigged to throttle up when when they "see" a speed test but in reality you're stuck a lower speeds everywhere else.

        1. B.Ryan · in reply to Fabio

          all of them do… set QoS on routers to give you the 'best' bandwidth possible to ''…

          1. RobR · in reply to B.Ryan

            Please step by step instructions to get better speeds. what is QoS.

        2. One · in reply to Fabio
  3. fredjohnson

    He's not a very smart crook for all his blabbering of what he did.

    1. Bob · in reply to fredjohnson

      He's not a crook, he's bringing an issue to light after having some fun with it. Such a pessimist.

      1. dele · in reply to Bob

        he was being sarcastic

    2. samurai · in reply to fredjohnson

      @fredjohson…It is wrong for you to publicly announce your "low life Profession". Go to sleep this is not your cup of tea.

  4. Johnny

    Or it could be that he totally faked the issue, and is lying about his 'idea'.

  5. Justice

    Of course he was alone on a Friday night LMAO…

    1. Bob · in reply to Justice

      Don't worry, when he's making millions and you're flipping burgers at McDonald's, he'll be the one laughing.

      1. Leo · in reply to Bob

        Bob Well said. Hats off…

  6. ALR

    Hats off to this young man for having the intelligence of finding a hole in T-Mobile's network and the scruples to come forward so that it can be corrected. I hope T-Mobile recognize him with an award and a summer internship.

  7. Life

    AT&T didn't recognize it, because there was nothing to recognize.

  8. then there\'s #3

    You left out a third possibility: maybe his hack never worked in the first place

  9. Islanderwaab
  10. NLJ2

    all the work to be on t-mobile's shitty network…

  11. John

    Who thinks like that?…""What if TMobile was simply checking for similarly formatted /speedtest folders without any real verification?"…."created a proxy server on Heroku using Glype" Im like what? I'm in IT and have no idea what Heroku and Glype is.

    Someone give this kid something to do. Go to the mall and hang out with your friends. Are you sure Ajit isn't a robot?

  12. rafe

    tmobile cheats and has been rigging the speedtest website and app. If you setup what this kid did you will get high speed data all the time not 3g and 2g once your data cap is finished. T mobile does not believe in net neutrality.

  13. Peter

    What's all this hassle about a 20 millibits per seconde connection?

  14. Big Tits Magillicoughty

    All I see is some kid who needs to find better shit to do on a Friday night.

  15. Bigtits Magillicoughty

    17 years old, Friday night, and this is all he could find to do huh?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.