Kevin BeaumontMay 17

Sigh. It's possible to remotely, physically locate any O2 mobile customer at any time over the internet with a trivial method using their mobile phone number, due to O2's poor implementation of 4G Calling which, by design, gives away the Cell ID.

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

O2 VoLTE: locating any customer with a phone call

Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge.

Show threadKevin Beaumont

O2 have fixed this - I’ve just retested this, O2 no longer give out my location.

Full disclosure works. https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/

O2 UK patches bug leaking mobile user location from call metadata

A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target.

BleepingComputer
May 19 at 7:28pmWeb
Show threadKevin BeaumontMay 29
The mainstream have now found out about the O2 thing https://www.ft.com/content/2fc4234a-0065-490d-8483-33feff284ff3
Virgin Media O2 network flaw allowed customer phones to be tracked

Company has reported issue to watchdogs and fixed the problem

Financial Times
Show threadKevin BeaumontMay 29
Btw if anybody tells you this wasn’t exploited in the wild, it was, by both me and the researcher.
Show threadSteveMay 29
@GossiTheDog and that's only that we know of.
Show threadChrisMay 29
@GossiTheDog GCHQ's cursing you both under their breath
Show threadVessOnSecurityMay 29
@GossiTheDog I know some might disagree, but I don't think that the researcher and you count as "wild".
Show threadNKTSecurityMay 29
@bontchev @GossiTheDog I don't know, I've read some of Gossi's tweets. Can be pretty wild!
Show threadDragonMay 29
@GossiTheDog " we have no evidence of this issue being exploited beyond the illustrative examples given by a network engineer in his blog which we reported to the Information Commissioner’s Office and Ofcom" < Well no they wouldn't as they'd have no way of knowing if someone was doing anything with the info they were just handing out since it didn't require a specific query to the network to get that info it was just being sent as part of a call.
Show threadJernej Simončič �May 29
@GossiTheDog Paywall bypass: https://archive.is/O8r2z
Show threadJonnyBMay 29
@jernej__s @GossiTheDog thank you. Articles behind paywalls are very annoying. At least imho. 😊
Show threadKennerMay 29
@GossiTheDog it is not a flaw, it's a feature
Show threadCraig StewartMay 19

@GossiTheDog as an O2 customer it pleases me that this has been fixed.

I can phone my enemies again without fear of them knowing where I am 🙈

Show threadChrisMay 19
@GossiTheDog how long was that then, about five years? ;)
Show threadKynxMay 20
@GossiTheDog yay! I finally found their (well hidden) Contact Us form after reading your post and demanded action. Doubt that did anything and have only seen an automated response since - but the publicity must’ve worked the shaming magic. Keep it up 🙂