A security flaw in O2 UKβs VoLTE and WiFi Calling implementation allowed malicious actors to locate users and access identifying information by analyzing call signaling data. This vulnerability impacted O2 UKβs telecommunications network, including its IMS and cell tower systems. #O2UK #Telecommunications #CybersecurityVulnerability #IMS #CellTowers
Keypoints
- The flaw was discovered in O2 UKβs network and involved verbose SIP signaling messages revealing user data.
- Security researcher Daniel Williams identified that sensitive information like IMSI, IMEI, and cell location could be exposed.
- By analyzing signaling messages, an attacker could locate a userβs position with high accuracy in urban areas.
- The vulnerability existed since March 27, 2017, but was only fixed recently in March 2025.
- O2 UK confirmed the flaw has been fixed and advised customers that no action is needed on their part.