Kevin BeaumontMay 17

Sigh. It's possible to remotely, physically locate any O2 mobile customer at any time over the internet with a trivial method using their mobile phone number, due to O2's poor implementation of 4G Calling which, by design, gives away the Cell ID.

https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

O2 VoLTE: locating any customer with a phone call

Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge.

Show threadKevin BeaumontMay 19

O2 have fixed this - I’ve just retested this, O2 no longer give out my location.

Full disclosure works. https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/

O2 UK patches bug leaking mobile user location from call metadata

A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target.

BleepingComputer
Show threadKevin BeaumontMay 29
The mainstream have now found out about the O2 thing https://www.ft.com/content/2fc4234a-0065-490d-8483-33feff284ff3
Virgin Media O2 network flaw allowed customer phones to be tracked

Company has reported issue to watchdogs and fixed the problem

Financial Times
Show threadJernej Simončič �May 29
@GossiTheDog Paywall bypass: https://archive.is/O8r2z
Show threadJonnyB
@jernej__s @GossiTheDog thank you. Articles behind paywalls are very annoying. At least imho. 😊
May 29 at 1:47pmWeb