Short Bytes: A school going kid from Virginia, United States was able to bypass the 4G LTE network of T-Mobile. As a part of his fun challenge, he used a prepaid sim and a spare phone to check whether he could use the internet without a data plan. After getting initial success, he went on to unlock the hidden gems in the T-Mobile network.
In a medium post reported by Motherboard, Jacob Ajit writes about how his fun challenge time with a spare smartphone made him discover a flaw in the 4G LTE network of T-Mobile.
Ajit landed up on T-Mobile’s captive portal as no data plan was activated on his prepaid T-Mobile sim. “I played around with this portal for a while, clicking on links and trying to escape. Some links failed, and some worked, somewhat randomly.”
While checking whether random apps would connect to the internet or not, he realized that the Speedtest app was working fine without any data plan. “Sure enough, the Speedtest app was able to test my speed and display a respectable 20 mbps LTE connection.” He even changed the test server and got success.
“I was onto something, or was I? I assumed they must be whitelisting Speedtest-affiliated servers in some way, perhaps using the official list?”
Also Read: Hackers Shows How To Hack Windows And OS X Passwords In 13 Seconds
He was quick and curious enough to test whether the speed test app would work via mitmproxy on his Mac. And it worked. After analyzing the files and their hosting links, Ajit came to know that T-Mobile was simply allowing folders named /speedtest. So, he hosted some files on his page with a folder named /speedtest. He was able to watch all the videos he uploaded without any data. “But having access to a set of predetermined files isn’t quite as good as the good ol’ web, is it?”
To make his fun challenge tougher, he used the Glype proxy script to create a cloud server on Heroku. The server is down as of now.
“I now had access to data throughout the TMobile network without maintaining any sort of formal payments or contract. Just my phone’s radios talking to the network’s radios, free of any artificial shackles. Mmm, the taste of liberty.”
He notes that a trivial solution can help TMobile fix the issue. All it requires is to check their original whitelist against the one Ajit linked to.
Jacob Ajit notified T-Mobile about his findings and is waiting for their response, he mentioned in an update. “I made a decision to go ahead and publish this in the meantime since this unintentional flaw does not pose any harm to T-Mobile or their customers,” he said.
The text quoted in this post is a part of a post published on Medium. Read the original post here.
If you have something to add, tell us in the comments below.