O2 UK VoLTE bug exposed user locations to any caller. #O2 #VoLTE #Privacy

More details: https://securityaffairs.com/178114/hacking/4g-calling-volte-flaw-allowed-to-locate-any-o2-customer-with-a-phone-call.html - https://www.flagthis.com/news/15308

O2 UK VoLTE flaw leaked user location data; patch now available. #O2 #VoLTE #Cybersecurity

More details: https://securityaffairs.com/178114/hacking/4g-calling-volte-flaw-allowed-to-locate-any-o2-customer-with-a-phone-call.html - https://www.flagthis.com/news/15375

#O2 #UK patches bug leaking mobile user location from call metadata

https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/

#privacy

O2 UK has corrected issue that allowed to track its mobile user location through metadata.

https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/
- - -
O2 UK a corrigé le problème qui permettait de suivre l’emplacement de ses usagers mobiles à l’aide des métadonnées.

// Article en anglais //

#UK #UnitedKingdom #RoyaumeUni #O2 #O2UK

O2, a major telecommunications company operating in the United Kingdom, has been leaking user location data for at least a few months.

#O2 #telecommunications #dataleak

https://cnews.link/o2-phone-calls-expose-recipient-location-imei-3/

O2 VoLTE: locating any customer with a phone call | mastdatabase.co.uk
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
😱😱😱
Qué peligro!
Localizar cualquier usuario con una simple llamada
muy fácil de ejecutar y afecta a todos usuarios de O2 al parecer
#privacy #o2

Si[nd] unter den mir folgenden Menschen auch Nutzende des Mobilfunkanbieters #O2?

Können diese bestätigen, dass man aktuell kein Extra-Datenvolumen über die O2 App buchen kann?

Danke im Voraus!

has #O2 even said anything yet about the massive #VoLTE vulnerability? looks very bad on them if they don't say something about it, but then again, there's not even anything on their own support forums about it...

just as a reminder, this is the vulnerability: https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/. all you need is a rooted phone with a paid subscription to Network Signal Guru and the O2 My Network app (since Cellmapper is not required, only helpful to see how far a site covers, what directions a sector points in and whether it's a micro/macro/DAS) to search up cell IDs.

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/ #o2 #privacy

Given the recent story about #O2 leaking location information with #VoWiFi #VoLTE

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

I wonder if @osmocom's project to run VoWiFi with Asterisk and a SIM reader makes this all a lot easier, given you don't need a rooted phone any more.

https://osmocom.org/projects/foss-ims-client/wiki/VoWiFi_with_Asterisk

I've been trying to get it to work on GiffGaff which is a UK O2 Owned/Operated MVO so I'm guessing uses a lot of the same infrastructure.

I haven't got it to work just yet but I'm close.

#o2 Festnetz ohne Glasfaser❗ #vdsl 175 passt. Hier im Hauptort haben sich sehr wenige für einen #Glasfaser Anschluss entschieden ( der Betreiber schickt jetzt Drückerkolonnen los ) wir werden auch nicht wechseln. Da es schon Erweiterungspläne vom Mobilfunk Anbieter gibt. Internet uff'm #Hotzenwald

#balkonInternet .. #5G #D1 uff'm #Hotzenwald .. auch nicht besser. 34.55Mbps .. werde die Telekom nicht vermissen. Festnetz schon zu #o2 gewechselt. #MobilFunk von o2 hab ich schon seit 1999 Vorteil o2 📱 2 MultiConnect Verträge mit 4 DataCards

#balkonInternet .. #5G #o2 uff'm #Hotzenwald .. schwächelt etwas 📱 obwohl der Sendemast in der Nähe steht. Ob ein größeres Haus das schon bremst ? .. selbst mit nur 33.30Mbps läuft alles #cloud #socialMedia

🌕 O2 VoLTE：透過電話定位任何客戶
➤ O2 VoLTE 服務中的嚴重隱私漏洞讓用戶暴露於位置追蹤風險之下。
✤ https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
一位安全研究人員發現，英國電信業者 O2 的 VoLTE (Voice over LTE) 服務存在嚴重的隱私漏洞，允許來電者透過 IMS (IP Multimedia Subsystem) 訊號訊息輕鬆追蹤被呼叫者的精確位置，即使對方未接聽電話亦然。漏洞源於 O2 在這些訊息中暴露了 IMSI、IMEI 和 Cell ID 等敏感資訊，這些資訊可以與公開的基地臺資料庫 (例如 cellmapper.net) 結合，精確定位用戶。研究人員已向 O2 報告此問題，但至今未收到任何回應。
+ 真的太可怕了！這意味著任何人只要撥打電話，就能知道你在哪裡。電信公司應該更重視用戶的隱私安全。
+ 這篇文章提醒我們，科技進步的同時，也可能帶來隱私方面的風險。希望 O2
#網路安全 #隱私洩露 #電信 #VoLTE #O2

This is something you need to read in order to believe

subject: VoLTE
provider O2 UK
nightmare: infosec

Enormous. Outragerous are some of the words I would use. Take you time to read and learn because they are not the only culprits on the planet with such bad data protection practices

Excerpt

>>

Quite quickly I realised something was wrong. The responses I got from the network were extremely detailed and long, and were unlike anything I had seen before on other networks. The messages contained information such as the IMS/SIP server used by O2 (Mavenir UAG) along with version numbers, occasional error messages raised by the C++ services processing the call information when something went wrong, and other debugging information. However, most notable were a set of five headers near the bottom of the message:

SIP Msg
...
P-Mav-Extension-IMSI: 23410123456789
P-Mav-Extension-IMSI: 23410987654321
P-Mav-Extension-IMEI: 350266809828927
P-Mav-Extension-IMEI: 350266806365261
...
Cellular-Network-Info: 3GPP-E-UTRAN-FDD;utran-cell-id-3gpp=2341010037A60773;cell-info-age=26371

Synthesised excerpt of IMS signalling message for demonstration; not a genuine IMEI/IMSI/cell ID.

Two sets of IMSIs, two sets of IMEIs, and a Cell ID header. How curious…

Sure enough, when comparing both the IMSIs and IMEIs in the message to those of my own devices, I had been given both the IMSI and IMEI of my phone which initiated the call, but also the call recipient's.

<<
^Z

#O2 #UK #TeleCom #InfoSec #DataLeak #WTF

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

"I had been given both the IMSI and IMEI of my phone which initiated the call, but also the call recipient's.
...
With all this information, we can make use of publicly crowdsourced data, ... to work out a general location of the [called] user.
...
Attempts were made to reach out to O2 ... reporting this behaviour and privacy risk, but I have yet to get any response or see any change in the behaviour."

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
#privacy #cellular #ims #leak #volte #o2

O2 leaks customer location information down to a 100m², sometimes closer on small cell sites. And the only special device needed to see it is a rooted Android.

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

#privacy #cellular #o2 #virginuk #security #infosec

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

oops - anyone who's likely to be stalked and uses O2 needs to know this is possible and is trivial to do!

#O2 #VMO2 #VoLTE #4G #GSM #privacy #geolocation

☎️ Habe gerade herausgefunden, was die ominöse Meldung "Grow Vorteil Berechtigungspack läuft bis zum 07.07.2025" bei #o2 #Telefonica bedeutet: am 07.07.2025 bekommt mein Tarif jeden Monat zusätzlich 10 GB Datenvolumen dazu; statt 140 GB stehen mir dann 150 GB zur Verfügung.

Die neuesten Quartalszahlen von O2 Telefónica weisen 2 Millionen weniger Mobilfunkkunden aus. Eine Überraschung? Nicht wirklich. Denn die Ursachen dafür sind schon länger bekannt. https://www.inside-digital.de/news/o2-telefonica-verliert-fast-2-millionen-kunden #o2telefonica #o2 #Mobilfunk #Telefonica #TelefonicaDE