Blog

Hacked Order Page At Boom! Mobile

Christian

The mobile virtual network operator (MVNO) Boom! Mobile was recently hacked. Ars Technica has a good article covering the incident.

A bit of malicious code was inserted in the checkout section of Boom’s website. Hackers used the code to skim payment information and credit card numbers from Boom’s customers. It looks like the malicious code was active for at least a few hours, possibly longer.

Boom’s website was running an outdated version of PHP. At this time, I don’t know what vulnerability the hackers took advantage of. I’m also unsure if this was an isolated incident or if Boom was affected by other security breaches.

I’m not sure Boom should have been handling its own payment processing. The carrier may have violated PCI DSS rules.

Update: A representative from Boom posted the following on Howard Forums:

Hey guys,

Thanks for checking in.

boom MOBILE deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation. We have found that the malware was located only on our shopping cart at boom.us and not on any of our other sites such as myaccount.boom.us which is used by customers to manage their billing. We encourage customers who may have made a purchase from www.boom.us between 9/30/20 – 10/5/20 to take the necessary precautions with their credit card company. This incident did not compromise any boom MOBILE accounts, saved payment or autopay details. Our saved payment/autopay system does not store any bank information and was verified to be safe. The credit card processor provides us with a secure token than can only be used by boom! MOBILE from our secure server. We are committed to protecting your data & privacy. We are PCI compliant and do not store financial data on our servers. Our shopping cart provider has ensured us our site is safe and the malware has been removed.

5G abstract

T-Mobile Expands Mid-Band 5G

Christian

T-Mobile just launched mid-band 5G in a bunch of cities. Here’s the key bit from the press release:

T-Mobile lit up a supercharged 5G experience in another 121 cities and towns with mid-band 5G, delivering up to gigabit-per-second peak speeds and average download speeds around 300 megabits-per-second for capable 5G devices.

The expansion into mid-band 5G is exciting. While T-Mobile has been destroying its competitors in terms of 5G coverage, T-Mobile has relied mostly on slow, low-band 5G.

Twitter sweepstakes

In the press release, T-Mobile mentions a sweepstakes to encourage Twitter users to discuss T-Mobile’s 5G:

To celebrate, T-Mobile is giving away $100,000 on Twitter over the next several months, with #5Gsfor5G.

Interestingly, T-Mobile’s President of Technology, Neville Ray, criticized this sort of thing in a Tweet he shared the same day the sweepstakes launched:

Verizon Expands LTE Home Internet

Christian

Verizon just expanded its LTE Home Internet. The service is now available in parts of 189 markets, including parts of every state except Alaska and Vermont. You can check availability in your area on Verizon’s website.

Verizon’s LTE Home Internet could be a good option in places where conventional broadband is not available. The service has no monthly usage limits, and Verizon says speeds will typically fall between 25Mbps and 50Mbps.

Pricing

Current Verizon mobile customers can get service for as little as $40 per month.1 For those who don’t already have Verizon service, LTE Home Internet is available for as low as $60 per month.2

A special router is needed to use the service. Verizon sells the router for $240 and offers it through a $10 per month payment plan.

Most Verizon Subscribers Are On Unlimited Plans

Christian

On September 15, Hans Vestberg, Chairman & CEO of Verizon, had a public discussion with a Goldman Sachs analyst. A transcript of the conversation is available here.

One bit from the transcript stuck out to me:

Well over 50% of our customers are on unlimited. That means that the rest is on metered plan. That is also a way for us [last year] where we took the unlimited down to a basic unlimited in order to get our metered customers coming into unlimited because, ultimately, unlimited is unlimited. And then we start moving them up in the above and beyond unlimited, which will give you also the experience of 5G.

Two interesting points here:

  • Vestberg confirmed that unlimited plans dominate Verizon’s subscriber base. Since unlimited plans tend to be more expensive than metered plans, I expect the large majority of Verizon’s revenue from mobile subscriptions comes from unlimited plans.
  • Vestberg referenced the no-longer-offered Above Unlimited and Beyond Unlimited plans. I think he meant to reference Verizon’s current, premium plans (Play More Unlimited, Do More Unlimited, and Get More Unlimited).
AT&T Store

AT&T Introduces Mix-And-Match Program

Christian

Earlier this week, AT&T launched Unlimited Your Way. Customers on multi-line plans can now mix and match between AT&T’s primary plans. For example, a family with three lines can put one phone on AT&T’s Unlimited Starter plan, another phone on the Unlimited Extra plan, and a final phone on the Unlimited Elite plan. Before the program launched, AT&T required all lines on a multi-line account to use the same plan.

Pricing

It doesn’t look like AT&T has changed prices for accounts with 4 or fewer lines. AT&T has added a 5-line price to its website.1 The table below shows AT&T’s per-line pricing before taxes and fees and after a discount for enrolling in paperless billing and automatic payments.

LinesUnlimited EliteUnlimited ExtraUnlimited Starter
1$85$75$65
2$75$65$60
3$60$50$45
4$50$40$35
5$45$35$30

Reflections

Verizon has allowed customers to mix and match between its primary plans for years now. I’m glad to see AT&T copying Verizon’s policy. Since prices aren’t changing, I think the new program will be good for consumers.

What’s Going On With Smartwatch Plan Prices?

Christian 2 Comments

As far as I can tell, all eight carriers that support cellular service on Apple Watches have the same standard policy: service costs $10 per month. In general, watch service is only available as an add-on (e.g., stand-alone plans are not available), and carriers only offer the add-on to postpaid subscribers. Plans offered for other eSIM-based smartwatches generally follow the same $10 per month standard. Why?

Providing service for watches shouldn’t cost network operators much. Most people barely use data on their watches. Demands watches place on networks are minimal. The marginal cost for a network operator provisioning an eSIM should be close to $0.

In an open and frictionless market, I’d expect competition to drive down the price of smartwatch plans. For some reason, that isn’t happening (at least in the United States). I wonder if carriers that offer the Apple Watch have to agree to artificially keep watch service plans at $10 per month. However, it’s hard to square a policy like that with Verizon’s recent changes to some of its plans. Subscribers on Verizon’s Do More Unlimited and Get More Unlimited plans are now eligible for a discount that brings smartwatch service down to $5 per month.

I’m baffled. If you know what’s going on, please leave a comment.

More Starlink Speed Tests

Christian

Last month, speed tests from beta testers of SpaceX’s Starlink leaked. This month, a few tests conducted by StarLink itself were shared in a public FCC filing. The results are outstanding:

Test 1

  • Ping: 19ms
  • Download speed: 103Mbps
  • Upload speed: 42Mbps

Test 2

  • Ping: 18ms
  • Download speed: 103Mbps
  • Upload speed: 41Mbps

Methodology

SpaceX almost certainly cherry-picked the tests to put Starlink in a good light, but the results are still impressive. I wasn’t convinced Starlink would ever deliver on Elon Musk’s claims about sub-20ms latency. Hell, Ajit Pai, the FCC’s chairman, was skeptical Starlink would deliver sub-120ms latency.

The test results come from screenshots in a presentation slide. I don’t know much about the methodology behind the tests, but it looks like they came from Ookla’s speedtest.net.

Along with the test screenshots, the slide includes some text. Here are a few of the bullets:

  • High-speed, low latency broadband to any location on earth
    • Tested at over 100 Mbps using standard user equipment
    • Latency <40-50ms round trip to the internet

I’m not sure if SpaceX was meaning to imply that the screenshots shared in the slide came from tests using standard equipment. While the screenshots do show speeds over 100Mbps, the latency results are lower than 40Mbps (possibly a lot lower if the tests are measuring round-trip as I expect).1

Here’s the graphical portion of the slide:

Graphical portion of slide showing speed test results

At first glance, I thought two separate tests gave nearly identical results. Zooming in, we can see both tests have the same ID.

Screenshot showing two tests with identical ID numbers

I expect it was an honest mistake on SpaceX’s end, but it’s strange.

Data Outage Affecting Some Mint Mobile Subscribers

Christian 3 Comments

A data outage has been affecting some Mint Mobile subscribers throughout the day. One of Mint’s co-founders, Rizwan Kassim, posted about the issue on Reddit:

An upstream error seems to have caused data provisioning errors for a number of subscribers.

It’s being worked, they don’t have a root cause yet, but I know this has been escalated. Down Detector showing issues on our carrier as well; not sure if it’s related or not.

I strongly think, but do not know, that this has nothing to do with the iOS 14 upgrade many of you installed today.

Based on reports I’ve read from Mint subscribers, the issue appears widespread geographically. I don’t know what proportion of Mint’s subscriber base is affected.

Kassim’s Reddit post suggests the issue may also be affecting T-Mobile. While Downdetector shows a slightly unusual level of issues associated with T-Mobile, I don’t think Downdetector’s data is consistent with a large-scale problem for T-Mobile subscribers.

I did a bit of my own digging for T-Mobile subscribers’ complaints about the networks’ performance today. I didn’t run into anything out of the ordinary.

Verizon Expands Connected Device Plans

Christian

Today, Verizon announced changes to its connected device plans. Verizon is now offering two add-on plans for mobile hotspots and tablets. Most subscribers on Verizon’s unlimited plans are eligible for the add-ons.

  • Unlimited – $20 per month
  • Unlimited Plus – $30 per month

Subscribers on the Do More Unlimited and Get More Unlimited plan can get a 50% discount on either plan.

Here’s a graphic from Verizon’s website:

While the graphic suggests there are two plans, I think its easier to make sense of the new offerings as four different plans:

  1. A $20 hotspot plan
  2. A $20 tablet plan
  3. A $30 hotspot plan
  4. A $30 tablet plan

Hotspot plans

The hotspot plans really shouldn’t be called “unlimited.” On the $20 plan, subscribers only have 15GB of regular-speed data. On the $30 plan, subscribers have 30GB of regular-speed data.

Verizon throttles customers that use all of their regular-speed data. I expect Verizon is sticking with its old policy of throttling to 600Kbps. At that speed, mobile hotspots lose most of their usefulness. I would find working on a laptop with a 600Kbps connection extremely frustrating.

Tablet plans

The tablet plans have limited allotments of “premium data” (15GB on the $20 plan and 30GB on the $30 plan). While subscribers have premium data available, they’ll have high-priority connections during periods of network congestion. After premium data allotments run out, subscribers may experience especially slow speeds if Verizon’s network becomes congested. Fortunately, congestion is rare in most areas.

5G

The Unlimited Plus plan includes unlimited 5G Ultra Wideband data on both tablets and hotspots.1 While that sounds great, it’s rarely meaningful in practice since Verizon’s 5G coverage is extremely limited. I’m guessing the unlimited 5G data will be dropped from the plan when Verizon’s 5G coverage expands and the 5G network becomes more congested.

Artificial Hotspot Limits

Christian

It’s common for cell phone plans to include limits on mobile hotspot data that are separate from limits on overall data use limit. E.g.,

  • Verizon’s Get More Unlimited offers unlimited regular data but caps mobile hotspot use at 30GB.
  • One of Mint Mobile’s plans comes with 35GB of regular data but caps mobile hotspot use at 5GB.

Recently, a Reddit user was confused about Mint’s policy and asked:

What’s the reason for the 5gb cap on the hotspot? I have a friend who this plan would be perfect for, however he tethers his iPad frequently to watch YouTube. Not sure what the big deal is since you could just switch the sim anyway.

Here’s how I responded:

My speculation:

Even though Mint allows 35GB of use, it knows the vast majority of subscribers won’t use that much data. If all subscribers used their full allotments, the plan would be much less profitable for Mint.

By restricting hotspot use, Mint reduces data use and (more importantly) dissuades some very heavy data users from ordering the plan in the first place.

I may not have that that exactly right. Mint’s arrangements with its host operator, T-Mobile, are not public knowledge. But the underlying logic is right. A gigabyte of mobile hotspot data isn’t more cost-intensive for a carrier than a gigabyte of on-device data.