A vulnerability in 4G Calling, a Voice over LTE (VoLTE) service launched just lately by UK telecom large O2, resulted in consumer location data being leaked in community responses.
Primarily based on the IP Multimedia Subsystem (IMS) customary, VoLTE permits customers to make voice calls and ship textual content messages over 4G/LTE and newer cellular networks at greater speeds in comparison with these provided by older 3G/2G networks.
It really works by delivering the voice service as information flows, however requires that the gadget, firmware, and cellular community assist the expertise.
Trying to check the standard of O2’s newly launched 4G Calling service, UK community fanatic Daniel Williams found that messages his telephone obtained from the community contained quite a lot of data, together with particulars on the consumer’s location.
Particularly, 5 headers on the backside of the message contained the Worldwide Cell Subscriber Identification (IMSI) and Worldwide Cell Tools Identification (IMEI) numbers of each the caller and the receiver, in addition to cell information and the recipient’s location space code.
Primarily, Williams explains, anybody capturing this data may then leverage publicly crowdsourced information and uncover the final location of a consumer.
Whereas in some instances this might solely return the macro cell the consumer was on on the time of the decision, in additional crowded, city areas smaller protection websites can be used, permitting an attacker to pinpoint the consumer’s location to areas usually as small as 100 sq. meters.
“I additionally examined the assault with one other O2 buyer who was roaming overseas, and the assault labored completely with me having the ability to pinpoint them to town middle of Copenhagen, Denmark,” he says.Commercial. Scroll to proceed studying.
He additionally notes that his findings are primarily based on the data his telephone was receiving from the community, with no particular gear used, which means that any gadget on O2’s community making a name utilizing IMS would seemingly be affected.
“Any O2 buyer will be trivially situated by an attacker with even a primary understanding of cellular networking. There may be additionally no technique to forestall this assault as an O2 buyer. Disabling 4G Calling doesn’t forestall these headers from being revealed,” he notes.
The problem impacted O2’s 4G Calling service from its launch in March till just lately, when the corporate rolled out a repair.
“Our engineering groups have been engaged on and testing a repair for a lot of weeks – we are able to affirm that is now totally carried out and assessments recommend the repair has labored and our clients don’t have to take any motion,” O2 and Virgin Media spokespersons advised SecurityWeek.
Associated: LTE, 5G Vulnerabilities May Minimize Total Cities From Mobile Connectivity
Associated: Health App Strava Offers Away Location of Biden, Trump and different Leaders, French Newspaper Says
Associated: FCC Fines Wi-fi Carriers for Sharing Person Areas With out Consent
