[IT뉴스] 심심했던 10대 소년, T-Mobile의 무제한 데이터 네트워크망을 해킹하여

[IT뉴스] 심심했던 10대 소년, T-Mobile의 무제한 데이터 네트워크망을 해킹하여

지난 금요일밤, 토마스 제퍼슨 과학 기술 고등학교에 재학중이며 버지니아주에 거주중인 Jacob Ajit은 방에서 자신의 폰과 함께 놀고있었습니다

놀라운 점은, 그가 티 모바일의 무제한 데이터망을 요금을 내지않고 무료로 쓰고있었다는 점입니다

 

Jacob은 비록 선불기간이 지난 선불유심이더라도 스피드테스트 앱을 이용한 스피드테스트는 여전히 사용이 가능하다는 점을 알아냈습니다

그리고 스피드 테스트는 별도의 비용을 내지않고 계속 돌릴수 있다는 점, 그리고 스마트폰 자체의 웹 브라우저를 통하여 스피드테스트를 구현할수 있다는 점을 이용하여 

티모바일 서버에서는 스피드테스트를 돌리는것처럼 인식을 하게 하였으나, 사실은 비활성화되었던 기기에서도 별도의 비용부담을 하지않고도 4G LTE 네트워크 망에 접속할수있게 하였다고 합니다

 

이에 대하여 소년은 티모바일측에 문제제기를 하였으나 아직 관련 답변은 받지못한 상태입니다

Bored teenager hacks T-Mobile’s network for free unlimited data

It was just another Friday night for Jacob Ajit, a student at Thomas Jefferson High School for Science and Technology. The 17-year-old resident of Fairfax, Virginia was playing around with a T-Mobile prepaid device, when he discovered he could gain unlimited access to 4G internet completely free. And the way he did it makes so much sense that we’re stunned nobody has figured this out before.

T-Mobile pre-paid SIM cards are designed such that users can update their account and purchase additional service without having to go into a T-Mobile location or log onto their account from a wifi network. This is a handy feature, but there’s just one problem: what if the user’s coverage ends, and they want to purchase more? The device would have to still gain access to T-Mobile’s network so the purchase could go through.

So essentially these SIM cards allow phones to have access to the internet at all times, but this access is rigidly blocked, intended to allow users access only to their T-Mobile member portal unless they’ve paid for active service.

But Jacob Ajit discovered that the popular Speedtest app still worked even though the device’s pre-paid period had expired.

Ars Technica hypothesizes that this access may have been white-listed as part of a marketing technique so that unactivated devices could be used to demonstrate network speed.

After playing around for a while with Speedtest on both the mobile device and his Macbook while using mitmproxy, Ajit realized that essentially all the data hosted to test internet speeds contained “/speedtest” in their URL.

He then returned to his prepaid device and discovered he could reach these files outside of the Speedtest app using the smartphone’s browser, even though the device was supposed to only be able to access account-relevant T-Mobile sites. He also discovered that he could publish content on the internet containing “/speedtest” in its web address, and he could access all of this content as well.

The way he did it makes so much sense that we’re stunned nobody has figured this out before.

Thinking on his feet, Ajit setup a remote server that contained “/speedtest” in its web address. By running all of his browsing through that server, he could surf the web at ease on T-Mobile’s 4G network from a non-active device.

Ajit reached out to T-Mobile about the issue, but has yet to receive any response. He decided to go ahead and post his findings to Medium because he believes the oversight is relatively easy to fix and poses no real harm for T-Mobile or the Uncarrier’s customers.

It’s a trivial fix to whitelist Speedtest servers based on their official host list, as I point out in this post, and the educational benefits of sharing with the my findings with community in this case outweighed the case for waiting for a [possible] response from TMobile.

He has since taken down his remote server.

What do you think of this teenager figuring out a way to get free unlimited T-Mobile data on his unactive prepaid phone? Give us your take in the comments!

* 출처 : http://www.androidauthority.com/teenager-hacks-t-mobile-data-716810/