Recommended reading

Leaky location data bug fixed by O2 UK

News
By published

A bug that was introduced in early 2023 was recently fixed

A graphic showing fleet tracking locations over a city.
(Image credit: Shutterstock / Ekaphon maneechot)
  • A security researcher found a way to pull all sorts of sensitive data from a call
  • Among the data was geo-location information as well
  • The bug was present since early 2023 but was now fixed

O2 UK has fixed a vulnerability in its VoLTE and Wi-Fi Calling implementations that allowed malicious actors to discover people’s locations and other identifiers.

Back in 2017, the company introduced the IP Multimedia Subsystem (IMS) service, called “4G Calling”. The service provides better audio quality, and more reliable phone calls. However, Daniel Williams, a security researcher, recently analyzed the feature and discovered that during the call, he was able to pull all sorts of information about his conversation partner, straight from the network.

That data includes IMSI, IMEI, and cell location.

60% off for Techradar readers

60% off for Techradar readers

With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus.

Preferred partner (What does this mean?)

View Deal

Applying a fix

"The responses I got from the network were extremely detailed and long, and were unlike anything I had seen before on other networks," Williams said in a detailed blog post. "The messages contained information such as the IMS/SIP server used by O2 (Mavenir UAG) along with version numbers, occasional error messages raised by the C++ services processing the call information when something went wrong, and other debugging information."

Luckily enough, the vulnerability was not present since early 2017 but was rather introduced in February 2023.

To get cell location, Williams used the Network Signal Guru app on a Pixel 8 device. He pulled raw IMS signaling messages during a call, and used them to find the last cell tower the call recipient connected to. He then cross-referenced that data with a map of cell towers, pinpointing a person’s location within 100 m2 in an urban environment. In a rural environment, though, the information was somewhat less precise.

Williams said he reached out to O2 UK multiple times and, at first, got no response. The company later reported the issue had been fixed, which Williams also confirmed.

"Our engineering teams have been working on and testing a fix for a number of weeks – we can confirm this is now fully implemented, and tests suggest the fix has worked, and our customers do not need to take any action," Virgin Media O2 told BleepingComputer.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.