Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday September 19 2016, @11:57PM   Printer-friendly
from the formerly-freebie dept.

T-Mobile US leaked free access to sites with '/speedtest' in the URL

American T-Mobile subscribers can score free internet access by running traffic through a proxy with "speedtest" in its URL.

Seventeen-year-old high school student Jacob Ajit found the loophole , since taken down, which allowed cheapskates to access T-Mobile's data network without paying.

Ajit realised speed testing sites and those with the feature embedded could be accessed using a T-Mobile SIM that had no data credit.

He then set up a proxy on a remote server placing "/speedtest" in the URL and could then access all areas of the network.

Ajit said he reported the flaw to T-Mobile and published his hack without waiting for a fix since exploitation of the hole did not put customers at risk.

[...]

Ajit said he made the decision while bored on a Friday night, trying random apps to see which would load on his credit-depleted account.

T-Mobile customers have responded with confusion since their speedtest hole no longer works.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday September 20 2016, @04:39AM

    by Anonymous Coward on Tuesday September 20 2016, @04:39AM (#404123)

    Not sure if T-mobile works in your area? Go to Bestbuy or Amazon and buy a $4.99 SIM card kit. Will work best if your phone has at least band 2 and band 4 LTE. No activation is required or any info at all just put the SIM card in your phone and test.

    As plainly stated, it was a try-before-you-buy freebie.

    Now since it no longer works, infer it was too easy to abuse with nothing more than a web browser and a gylpe proxy.

  • (Score: 2) by butthurt on Tuesday September 20 2016, @05:46AM

    by butthurt (6141) on Tuesday September 20 2016, @05:46AM (#404126) Journal

    What's plainly stated on Reddit may not have been what the company intended (or maybe it was; I don't know).

    T-Mobile, while one of the only carriers in the US to offer completely unlimited data plans, was also one of the first to pioneer the practice of throttling its customers’ data speeds in lieu of charging overages.
    [...]
    As it stands right [now, in November 2014], when a customer has their data speeds to reduced a crawl (usually around 128kbps or 64kbps), some speed tests will only show the speed of T-Mobile’s network as it normally stands — not the current throttled speeds.

    One site with "speedtest" in its URL named T-Mobile as the "Fastest Mobile Network." The site works out who's fastest this way:

    Speed tests are aggregated by averaging each user's and devices' tests in a given location, each day.

    --http://www.speedtest.net/awards/methodology [speedtest.net]

    Based on what's plainly stated on that site, if T-Mobile customers whose service had been throttled came to the site, and if that site's speed were throttled, it would lessen the average speed recorded for the T-Mobile network, imperilling T-Mobile's number-one ranking.

    • (Score: 0) by Anonymous Coward on Tuesday September 20 2016, @06:25AM

      by Anonymous Coward on Tuesday September 20 2016, @06:25AM (#404137)

      Plainly what you should do is sell an app that artificially throttles your speed and runs Speedtest.net tests every day to lower the ranking. Everyone will buy your app and you will be a billionaire. Because absolutely everyone is an evil shit who wants to fuck over their mobile carrier.

      • (Score: 4, Insightful) by tangomargarine on Tuesday September 20 2016, @03:40PM

        by tangomargarine (667) on Tuesday September 20 2016, @03:40PM (#404278)

        Because absolutely everyone is an evil shit who wants to fuck over their mobile carrier.

        They started it

        --
        "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    • (Score: 4, Interesting) by pTamok on Tuesday September 20 2016, @06:43AM

      by pTamok (3042) on Tuesday September 20 2016, @06:43AM (#404138)

      T-Mobile, while one of the only carriers in the US to offer completely unlimited data plans, was also one of the first to pioneer the practice of throttling its customers’ data speeds in lieu of charging overages.

      Frankly, this is the kind of behaviour I want to encourage. Charging for data over a limit, when it is very difficult for a customer to know how close they are to the limit is a sharp practice. Throttling to a bare minimum once you have reached your quota and giving you the option of buying more if you choose to do so strikes me as a very sensible approach. The throttle looks to be enough to prevent video streaming and massive downloads.

      I wish more providers did this.

      • (Score: 0) by Anonymous Coward on Tuesday September 20 2016, @12:16PM

        by Anonymous Coward on Tuesday September 20 2016, @12:16PM (#404198)

        But what is not OK is to cheat on the speed tests, so you don't see that it is your network connection that's throttled, rather than the server you're trying to access being slow.

        Also, since they obviously have the infrastructure in place, one may wonder what other services get a preferred treatment, on the cost of everybody else (especially the competitors of those services).