A teenager recently found a way to gain access to T-Mobile’s mobile network for free – that is, without any data plan or contracts.
Jacob Ajit, a 17-year-old student at Thomas Jefferson High School for Science and Technology, was recently alone with nothing to do on a Friday night when he got to playing with his T-Mobile phone.
His device had a prepaid SIM, meaning he could use a basic LTE connection to upgrade his phone’s plan.
After some fiddling, Ajit discovered his Speedtest app could achieve a 20 mbps LTE connection.
That’s when a question sprang into his mind. As he explains in a blog post:
“What if TMobile was simply checking for similarly formatted /speedtest folders without any real verification?”
Curious, Ajit set his own /speedtest folder and loaded it up with various files, including a Taylor Swift music video.
Now he could access any pre-loaded files from wherever he wanted!
But that wasn’t enough. The student wanted the internet at his fingertips, so he created a proxy server on Heroku using Glype.
To his delight, it worked!
“Just like that, I now had access to data throughout the TMobile network without maintaining any sort of formal payments or contract. Just my phone’s radios talking to the network’s radios, free of any artificial shackles. Mmm, the taste of liberty.”
Overall, it wouldn’t be hard for T-Mobile to fix this issue. Ajit admits the mobile service provider would simply need to make its allow-list check against Speedtest’s server list found here.
It might have even already done that. One of Motherboard’s journalists who is a T-Mobile customer tried to replicate Ajit’s procedure on his device, but to no success. That could be because the journalist’s phone didn’t use a prepaid SIM card. Or it could be because the issue has since been resolved.
T-Mobile has yet to acknowledge the issue, however, so we can only assume the gates to “Free Data Land” are still open.
But like the most wonderful things in life, it’ll be that way for a limited time only.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
36 comments on “How one teen gained access to T-Mobile’s network for free – without any data plan or contract”
So, basically, he's a hi-tech crook. I hardly think this should be celebrated.
if he was a "crook" ( Who uses that term anymore….) he probably wouldn't have gone public with the discovery,and wouldn't have talked about how to fix it…
Usually people who say "Crooked Hillary"
In a technical sense, Ajit almost certainly violated the Computer Fraud and Abuse act, and could be charged with a federal felony. I do not thing that would be appropriate, or that the act is what we should consider good law. However, the law is what it is, and an ambitious US Attorney might view the act, and Ajit's action, quite differently, as some have done in the past. Announcing it publicly probably was a bit unwise.
If he was a "crook" he wouldn't have made it public he would have saved that info to sell to people on the street so that they had unlimited data for a pretty penny in his pocket. Also if he was a real crooked crook he would be street rich, he would be a street runner, and a con artist like Hitlery (had to).
Love the generalization. For the things that this kid was able to do and might not even comprehend to you Frank.
Haha….obviously this person is from the older generation. Darn technology!
So, Frank, you're basically a pessimist dumbass. I hardly think you should be allowed to be on the internet.
This kid is very smart and Frank you have racist tendencies.
Frank is just burger flipper the low end of American Sewage, and he knows all about being crook when he gulps those burger down his throat, when nobody is looking.
Frank, he is smart, you have to admit it.
Frank… Frank! The young genius found the problem, tested it, verified it, then reported it to T-Mobile, and shut-down his test. He was a curious young engineer that ended-up doing T-Mobile a favor while showing both integrity and ingenuity.
What I take from this is T-mobile rigging the speed test, throttling everything except the speed test sites.
You're quite right! Even if they're not deliberately throttling it, anything under "speedtest" was set up to bypass checks that slow ordinary activity down.
This brings up an interesting point, if that's the case with T-Mobile, I wonder if other internet data providers might be doing this with Speedtest. So even if you're paying for the service and you complain that your speeds are too low and they ask you to run a speed test to verify. After running the tests the speeds come up normal because their servers are rigged to throttle up when when they "see" a speed test but in reality you're stuck a lower speeds everywhere else.
all of them do… set QoS on routers to give you the 'best' bandwidth possible to 'speedtest.net'…
Please step by step instructions to get better speeds. what is QoS.
He's not a very smart crook for all his blabbering of what he did.
He's not a crook, he's bringing an issue to light after having some fun with it. Such a pessimist.
he was being sarcastic
@fredjohson…It is wrong for you to publicly announce your "low life Profession". Go to sleep this is not your cup of tea.
Or it could be that he totally faked the issue, and is lying about his 'idea'.
Of course he was alone on a Friday night LMAO…
Don't worry, when he's making millions and you're flipping burgers at McDonald's, he'll be the one laughing.
Bob Well said. Hats off…
Hats off to this young man for having the intelligence of finding a hole in T-Mobile's network and the scruples to come forward so that it can be corrected. I hope T-Mobile recognize him with an award and a summer internship.
AT&T didn't recognize it, because there was nothing to recognize.
You left out a third possibility: maybe his hack never worked in the first place
One Word: NEO
all the work to be on t-mobile's shitty network…
Who thinks like that?…""What if TMobile was simply checking for similarly formatted /speedtest folders without any real verification?"…."created a proxy server on Heroku using Glype" Im like what? I'm in IT and have no idea what Heroku and Glype is.
Someone give this kid something to do. Go to the mall and hang out with your friends. Are you sure Ajit isn't a robot?
tmobile cheats and has been rigging the speedtest website and app. If you setup what this kid did you will get high speed data all the time not 3g and 2g once your data cap is finished. T mobile does not believe in net neutrality.
What's all this hassle about a 20 millibits per seconde connection?
All I see is some kid who needs to find better shit to do on a Friday night.
17 years old, Friday night, and this is all he could find to do huh?