1. Forum
  2. USENET
  3. uk.telecom.mobile

  • Any O2 customer can be trivially located by an attacker

    From Richmond@dnomhcir@gmx.com to uk.telecom.mobile on Sat May 17 20:14:42 2025
    From Newsgroup: uk.telecom.mobile

    I came across this which sounds alarming.

    "Any O2 customer can be trivially located by an attacker with even a
    basic understanding of mobile networking.

    There is also no way to prevent this attack as an O2 customer. Disabling
    4G Calling does not prevent these headers from being revealed, and if
    your device is ever unreachable these internal headers will still reveal
    the last cell you were connected to and how long ago this was."

    Is it true?

    https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/ --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Theo@theom+news@chiark.greenend.org.uk to uk.telecom.mobile on Sat May 17 22:22:30 2025
    From Newsgroup: uk.telecom.mobile

    Richmond <dnomhcir@gmx.com> wrote:
    I came across this which sounds alarming.

    "Any O2 customer can be trivially located by an attacker with even a
    basic understanding of mobile networking.

    There is also no way to prevent this attack as an O2 customer. Disabling
    4G Calling does not prevent these headers from being revealed, and if
    your device is ever unreachable these internal headers will still reveal
    the last cell you were connected to and how long ago this was."

    Is it true?

    https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

    I can't verify that but it sounds entirely plausible. It's very serious.

    Also it seems likely that it works for any O2 customer, even if they aren't using VoLTE / don't have a 4G phone. The attacker needs to use VoLTE, but
    the recipient doesn't - any 2/3/4/5G mobile will do.

    Theo
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Richmond@dnomhcir@gmx.com to uk.telecom.mobile on Mon May 19 22:37:08 2025
    From Newsgroup: uk.telecom.mobile

    Theo <theom+news@chiark.greenend.org.uk> writes:

    Richmond <dnomhcir@gmx.com> wrote:
    I came across this which sounds alarming.

    "Any O2 customer can be trivially located by an attacker with even a
    basic understanding of mobile networking.

    There is also no way to prevent this attack as an O2
    customer. Disabling 4G Calling does not prevent these headers from
    being revealed, and if your device is ever unreachable these internal
    headers will still reveal the last cell you were connected to and how
    long ago this was."

    Is it true?

    https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

    I can't verify that but it sounds entirely plausible. It's very
    serious.

    Also it seems likely that it works for any O2 customer, even if they
    aren't using VoLTE / don't have a 4G phone. The attacker needs to use
    VoLTE, but the recipient doesn't - any 2/3/4/5G mobile will do.

    Theo

    Fixed.

    https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/
    --- Synchronet 3.21a-Linux NewsLink 1.2