Everyone dreams about having free unlimited 4G Data connections, and Jacob Ajit is no different. Jacob is a Virginia high school student with a special twist. Jacob is a hacktivist and has recently discovered a type of loophole in which provides him access to his respective cell phone carrier, T-Mobile, LTE data network. And the best part is, he doesn’t even need the company’s special plan to get it either.
Jacob wrote in post on Medium saying:
“One Friday night, I was sitting around pretending to be fine having absolutely nothing to do.” Jacob describes his exploit in the post by saying “I had a TMobile prepaid SIM on a spare phone with no active service, so I came up with a fun challenge: could I somehow get access to the internet without a data plane?”
As it turns out, Jacob was able to achieve his goal. Otherwise, I wouldn’t be writing this article, obviously. Jacob had learned that the cell phone company, T-Mobile, does in fact allow devices to have connection to their LTE network, as well as some selected websites and servers without the use of an active account. This free services extends to the popular speed test website, Ookla. This web-based application simply pings a nearby server in order to test the device’s upload and download connection speeds.
By simply creating a proxy server, Jacob spoofed T-Mobile into believing that he did have the right data plan for his device. The trick was to make T-Mobile believe that he was merely accessing the network from Ookla Speedtest website, when in reality, Jacob had full access to the entire Internet connection with free reign of where he wanted to go online.
Later on in his post, he states “Just like that, I now had access to data throughout the TMobile network without maintaining any sort of formal payments or contract,” continuing the blog, “Just my phone’s radios talking to the network’s radios, free of any artificial shackles.”
Jacob also noted that theoretically speaking, it can be rather easy for T-Mobile to just sniff out the proxy he was using and whitelist it. Such ‘sniffing’ can also be performed on other servers attempting to impersonate whitelisted server status. This can be easily done by simply providing a limitation towards their access of the servers that are hosted on Speedtest’s main public list. In essence, implementing a simple whitelist may be a tedious task for the company.
At this time, T-Mobile has not responded to PCMag’s for their request for a comment on their plans of fixing Jacob’s loophole. However, it does appear that his publically available proxy server, which he set up, is no longer working.