Kevin BeaumontMay 17

Sigh. It's possible to remotely, physically locate any O2 mobile customer at any time over the internet with a trivial method using their mobile phone number, due to O2's poor implementation of 4G Calling which, by design, gives away the Cell ID.

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

O2 VoLTE: locating any customer with a phone call

Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge.

Show threadGraham Sutherland / PolynomialMay 17
@GossiTheDog not to mention the IMEI and IMSI of the other user's handset and SIM.
Show threadGraham Sutherland / Polynomial
@GossiTheDog which, come to think of it, would probably be pretty useful information if you wanted to pull off a SIM-swapping attack.
May 17 at 6:44pmWeb