T-Mobile US leaked free access to sites with '/speedtest' in the URL
American T-Mobile subscribers can score free internet access by running traffic through a proxy with "speedtest" in its URL.
Seventeen-year-old high school student Jacob Ajit found the loophole , since taken down, which allowed cheapskates to access T-Mobile's data network without paying.
Ajit realised speed testing sites and those with the feature embedded could be accessed using a T-Mobile SIM that had no data credit.
He then set up a proxy on a remote server placing "/speedtest" in the URL and could then access all areas of the network.
Ajit said he reported the flaw to T-Mobile and published his hack without waiting for a fix since exploitation of the hole did not put customers at risk.
[...]
Ajit said he made the decision while bored on a Friday night, trying random apps to see which would load on his credit-depleted account.
T-Mobile customers have responded with confusion since their speedtest hole no longer works.
(Score: 4, Insightful) by Yog-Yogguth on Tuesday September 20 2016, @02:50AM
Simple (not convoluted or complicated), clean (not dirty or nasty), and effective (not marginal or replying on rare or special circumstances); that's a great hack straight through the front door!
Jacob Ajit makes some excellent points towards the end but perhaps the real lesson is that T-Mobile didn't have anyone/anything looking for strange spikes in their network traffic?
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))