A flaw in O2 UK’s implementation of VoLTE and WiFi Calling applied sciences may enable anybody to reveal the overall location of an individual and different identifiers by calling the goal.
The issue was found by safety researcher Daniel Williams, who says the flaw existed on O2 UK’s community since March 27, 2017, and was resolved yesterday.
O2 UK is a British telecommunications service supplier owned by Virgin Media O2. As of March 2025, the corporate reported having practically 23 million cell prospects and 5.8 million broadband shoppers throughout the UK, positioning it as one of many main suppliers within the nation.
In March 2017, the agency launched its IP Multimedia Subsystem (IMS) service, branded as “4G Calling,” for higher audio high quality and line reliability throughout calls.
Nevertheless, as Williams found whereas analyzing the visitors throughout such a name, the signalling messages (SIP Headers) exchanged between the speaking events are far too verbose and revealing, together with IMSI, IMEI, and cell location information.
“The responses I obtained from the community had been extraordinarily detailed and lengthy, and had been in contrast to something I had seen earlier than on different networks,” explains Williams.
“The messages contained data such because the IMS/SIP server utilized by O2 (Mavenir UAG) together with model numbers, occasional error messages raised by the C++ companies processing the decision data when one thing went mistaken, and different debugging data.”
Supply: mastdatabase.co.uk
Finding customers by name
Utilizing the Community Sign Guru (NSG) app on a rooted Google Pixel 8, Williams intercepted uncooked IMS signalling messages exchanged throughout a name and decoded the cell ID to search out the final cell tower the decision recipient linked to.
Then, he used public instruments that present cell tower maps to search out the geographic coordinates of the tower.
Supply: mastdatabase.co.uk
For city areas the place tower protection is dense, the accuracy would attain 100 m2 (1076 ft2). In rural areas, geo-locating would get much less exact, however may nonetheless be revealing for the goal.
Williams discovered the trick additionally labored when the goal was overseas, as he positioned a take a look at topic in Copenhagen, Denmark.
Supply: mastdatabase.co.uk
O2 UK confirms repair
Williams says that he contacted O2 UK a number of occasions on March 26 and 27, 2025, to report his findings, receiving no solutions.
Lastly, he obtained direct affirmation from O2 UK earlier at this time that the problem has been fastened, and he confirmed this by way of testing.
In a press release to BleepingComputer, a Virgin Media spokesperson confirmed {that a} repair has been carried out, noting that prospects shouldn’t have to take any motion to guard themselves.
“Our engineering groups have been engaged on and testing a repair for quite a lot of weeks – we are able to affirm that is now absolutely carried out, and checks recommend the repair has labored, and our prospects don’t have to take any motion,” Virgin Media O2 instructed BleepingComputer.
BleepingComputer requested O2 whether or not this flaw was recognized to be exploited and in the event that they plan to tell prospects accordingly, however we didn’t obtain reply.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and methods to defend towards them.
