Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Not every smartphone exploit is a life-or-death matter of security. Some are just fun. Take, for example, what 17-year-old Jacob Ajit accomplished with just a little spare time and ingenuity.
By using a simple command and a proxy server, Ajit bypassed T-Mobile’s internet-activation process and found a way to surf the net for free — until he graciously notified the company of the flaw, that is.
Ajit is a student at Thomas Jefferson High School for Science and Technology in Fairfax, Virginia. Like any high school student with a smartphone and some time to kill, he decided to fool around with the handset -- an unspecified model of iPhone, judging by Ajit's screenshots, with a prepaid SIM card -- and see if there was anything fun he could accomplish. Ajit found that although he did not have an internet data plan on his phone, it did offer a limited LTE connection for the exclusive purpose of accessing the phone's billing information.
MORE: Best Antivirus Software and Apps
If the phone could access billing information online, could it access other things, Ajit wondered? By clicking links in the billing menus, he eventually found his way out onto the T-Mobile website and realized that the phone could indeed access the internet, plan or no plan. He ran a Speedtest app and discovered that the phone had an active 20 Mbps connection.
After connecting to mitmproxy (which allows users to monitor traffic on a network) on his Mac, Ajit found that if Speedtest could connect to the Internet, T-Mobile must be whitelisting its own servers on phones without paid data plans. From there, he simply designed his own fake Speedtest folder and found that his phone treated it just like a legitimate Speedtest server. Instead of testing Internet speeds, though, Ajit’s Speedtest server took him to a Taylor Swift music video.
The experiment worked, but unless Ajit wanted to program fake Speedtest servers for every site on the Internet, it didn’t have much practical use. That’s where Heroku, a proxy server program, came in handy. Ajit created his own Glype-based proxy system, which tricked T-Mobile’s browser into thinking that every site he visited had its own Speedtest folder to go along with it. The whole Internet was at his fingertips.
Rather than use his finding for evil, however, Ajit turned the information over to T-Mobile, which quickly corrected the error. However, it's not necessarily a happy ending; T-Mobile has refused to speak to either Ajit or the press about its faux pas, making the company seem rather ungrateful for a very easy and rather important fix. In the world of mobile carriers, no good deed goes unpunished.
