A vulnerability in O2βs 4G Calling service exposed user location data through network message headers, allowing potential attackers to pinpoint usersβ locations. The issue affected all users from the serviceβs launch until a recent fix was implemented, highlighting risks in voice over LTE technology. #O2 #4GCalling #LocationLeakage #Cybersecurity
Keypoints
- The vulnerability involved the exposure of user location and device identifiers in network message headers.
- Any device supporting IMS-based VoLTE on O2βs network was potentially susceptible to location tracing.
- Attackers could determine user locations with high precision, even in urban areas.
- The issue persisted from the launch of O2βs 4G Calling in March until a recent security patch was applied.
- O2 confirmed that a full fix has been implemented, and customers do not need to take further action.
Read More: https://www.securityweek.com/o2-service-vulnerability-exposed-user-location/