Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
O2 Service Vulnerability Exposed User Location

O2 Service Vulnerability Exposed User Location

Posted on May 20, 2025May 20, 2025 By CWS

A vulnerability in 4G Calling, a Voice over LTE (VoLTE) service launched just lately by UK telecom large O2, resulted in consumer location data being leaked in community responses.

Primarily based on the IP Multimedia Subsystem (IMS) customary, VoLTE permits customers to make voice calls and ship textual content messages over 4G/LTE and newer cellular networks at greater speeds in comparison with these provided by older 3G/2G networks.

It really works by delivering the voice service as information flows, however requires that the gadget, firmware, and cellular community assist the expertise.

Trying to check the standard of O2’s newly launched 4G Calling service, UK community fanatic Daniel Williams found that messages his telephone obtained from the community contained quite a lot of data, together with particulars on the consumer’s location.

Particularly, 5 headers on the backside of the message contained the Worldwide Cell Subscriber Identification (IMSI) and Worldwide Cell Tools Identification (IMEI) numbers of each the caller and the receiver, in addition to cell information and the recipient’s location space code.

Primarily, Williams explains, anybody capturing this data may then leverage publicly crowdsourced information and uncover the final location of a consumer.

Whereas in some instances this might solely return the macro cell the consumer was on on the time of the decision, in additional crowded, city areas smaller protection websites can be used, permitting an attacker to pinpoint the consumer’s location to areas usually as small as 100 sq. meters.

“I additionally examined the assault with one other O2 buyer who was roaming overseas, and the assault labored completely with me having the ability to pinpoint them to town middle of Copenhagen, Denmark,” he says.Commercial. Scroll to proceed studying.

He additionally notes that his findings are primarily based on the data his telephone was receiving from the community, with no particular gear used, which means that any gadget on O2’s community making a name utilizing IMS would seemingly be affected.

“Any O2 buyer will be trivially situated by an attacker with even a primary understanding of cellular networking. There may be additionally no technique to forestall this assault as an O2 buyer. Disabling 4G Calling doesn’t forestall these headers from being revealed,” he notes.

The problem impacted O2’s 4G Calling service from its launch in March till just lately, when the corporate rolled out a repair.

“Our engineering groups have been engaged on and testing a repair for a lot of weeks – we are able to affirm that is now totally carried out and assessments recommend the repair has labored and our clients don’t have to take any motion,” O2 and Virgin Media spokespersons advised SecurityWeek.

Associated: LTE, 5G Vulnerabilities May Minimize Total Cities From Mobile Connectivity

Associated: Health App Strava Offers Away Location of Biden, Trump and different Leaders, French Newspaper Says

Associated: FCC Fines Wi-fi Carriers for Sharing Person Areas With out Consent

Security Week News Tags:Exposed, Location, Service, User, Vulnerability

Post navigation

Previous Post: Madhu Gottumukkala Officially Appointed CISA Deputy Director
Next Post: CloudSEK Raises $19 Million for Threat Intelligence Platform

Related Posts

Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying  Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying  Security Week News
Passkey Login Bypassed via WebAuthn Process Manipulation Passkey Login Bypassed via WebAuthn Process Manipulation Security Week News
isVerified Emerges From Stealth With Voice Deepfake Detection Apps isVerified Emerges From Stealth With Voice Deepfake Detection Apps Security Week News
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data  Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data  Security Week News
ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact Security Week News
UNC6692 Deploys Snow Malware via Email Scams and Social Tactics UNC6692 Deploys Snow Malware via Email Scams and Social Tactics Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark