Gideon Hallett
Q ✨ - DECT 7960
Nico@q wow. That's really bad
Nyx Phoenix@q holy fucking bingle 🦋
isа 
( 
)@q what the fuck?!
Andreas Sikkema@q WTF they don’t clean up internal message headers as they are sent to end user devices? I used to be paranoid about those things…
kcxt @ 39c3@q ohhh god this is insane
Graham Sutherland / Polynomial@q wow that is *bad*
penguin42@q IMHO this might be one to report to NCSC: https://www.gov.uk/guidance/where-to-report-a-cyber-incident
Liam Proven*Astronaut levels gun at other astronaut*
"Always was."
I made 1 "999" call from my mobile, 30Y ago, and they knew who I was, where I was standing, the street corner, everything, when they answered.
This is why burner phones are a thing.
I think this kind of thing is universal, TBH.
@penguin42 @q Oh, agreed!
I'm not saying it's good. I'm just saying I'm not surprised.
We live in a world where senior directors can't tell fancy autocorrect from "artificial intelligence" and will pay billions for it. That they probably fired the one person who understood this and screwed it up? Figures.
Major Denis Bloodnok@lproven @penguin42 @q Huh, I wish they'd done that the night I broke my jaw. I found out in the ambulance I'd rather grind bone and babble than shut up, but I would still have liked not to have to describe my location on the phone.
(Maybe they asked as a double-check?)
@penguin42 I’ve given it to my friends at CERT-Bund given it also seems to affect Germany
Emily_S@q damn, NCIS style "hacking" being real isn't a good thing
9Lukas5 🚂 🐧
Lynx@q
😬 I wonder if that also applies to O2 Germany...
😬 I wonder if that also applies to O2 Germany...
Martin Vogel@q “This effectively means that every O2 device that is making a phone call on IMS (4G Calling / WiFi Calling) is receiving information that can be used to trivially geolocate the recipient of the call.”
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
Ko Simon toku ingoa 
@mardor that’s not good news at all.
stormwoodpecker@q holy bananas that's bad
the obvious follow up question is how many other telcos left those headers in...
the obvious follow up question is how many other telcos left those headers in...
PursuitOfElysia@q Almost comically bad security if it weren't so dire
Inga stands with 🇺🇦 🇵🇸@PursuitOfElysia @q sometimes I feel that everything related to mobile networking is comically bad security (if you even can call it "security") on a very fundamental level.
Like, the entire system is kept together by "just trust me bro" and obscurity and high barrier of entry.
Like, the entire system is kept together by "just trust me bro" and obscurity and high barrier of entry.
David@q Any way to check for this on other devices/carriers without root?
HcInfosec@q does this mean A O2 customer can pinpoint users on other networks as well?
Derrial Book@HcInfosec @q Not necessarily. Best of my understanding, the article states that O2 customer can pinpoint the location of another O2 customer. It says nothing about other carriers.
Even assuming that another carrier is also careless with its data, it may not transfer between two carriers.
It seems that the whole debacle is an internal oopsie.
Even assuming that another carrier is also careless with its data, it may not transfer between two carriers.
It seems that the whole debacle is an internal oopsie.
Klaus Frank
Arne Visscher@q @kimvsparrentak iets om achteraan te gaan wellicht?