A critical flaw in the UK telecom giant’s implementation of the IMS standard puts users at risk of location tracking

A recent vulnerability in O2’s 4G Calling service, a Voice over LTE (VoLTE) service launched in March, has exposed user location data in network responses. The issue, which has since been fixed by the company, allowed anyone with basic knowledge of mobile networking to pinpoint a user’s location with alarming accuracy.

UK network enthusiast Daniel Williams discovered the flaw while testing the quality of O2’s newly launched service. He found that messages received from the network contained a wealth of information, including the International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) numbers of both the caller and the receiver, as well as cell data and the recipient’s location area code.

“This information could be used to leverage publicly crowdsourced data and discover the general location of a user,” Williams explained. “In some cases, this could only return the macro cell the user was on at the time of the call, but in more crowded, urban areas, smaller coverage sites would be used, allowing an attacker to pinpoint the user’s location to areas often as small as 100 square meters.”

Williams’ findings were not limited to users within the UK. He also tested the attack with another O2 customer who was roaming abroad, and was able to pinpoint their location to the city center of Copenhagen, Denmark.

“The issue impacted O2’s 4G Calling service from its launch in March until recently, when the company rolled out a fix,” a spokesperson for O2 and Virgin Media told SecurityWeek. “Our engineering teams have been working on and testing a fix for a number of weeks – we can confirm this is now fully implemented and tests suggest the fix has worked and our customers do not need to take any action.”

The vulnerability highlights the importance of robust security measures in the implementation of new technologies. As more services move to VoLTE and other advanced mobile networks, it is crucial that companies prioritize the security of their users’ data.

In an era where location data is increasingly being used to track and target individuals, the O2 vulnerability serves as a stark reminder of the importance of vigilance and responsible innovation in the tech industry.