- A security researcher found a way to pull all sorts of sensitive data from a call
- Among the data was geo-location information as well
- The bug was present since early 2023 but was now fixed
O2 UK has fixed a vulnerability in its VoLTE and Wi-Fi Calling implementations that allowed malicious actors to discover people’s locations and other identifiers.
Back in 2017, the company introduced the IP Multimedia Subsystem (IMS) service, called “4G Calling”. The service provides better audio quality, and more reliable phone calls. However, Daniel Williams, a security researcher, recently analyzed the feature and discovered that during the call, he was able to pull all sorts of information about his conversation partner, straight from the network.
That data includes IMSI, IMEI, and cell location.
Applying a fix
“The responses I got from the network were extremely detailed and long, and were unlike anything I had seen before on other networks,” Williams said in a detailed blog post. “The messages contained information such as the IMS/SIP server used by O2 (Mavenir UAG) along with version numbers, occasional error messages raised by the C++ services processing the call information when something went wrong, and other debugging information.”
Luckily enough, the vulnerability was not present since early 2017 but was rather introduced in February 2023.
To get cell location, Williams used the Network Signal Guru app on a Pixel 8 device. He pulled raw IMS signaling messages during a call, and used them to find the last cell tower the call recipient connected to. He then cross-referenced that data with a map of cell towers, pinpointing a person’s location within 100 m2 in an urban environment. In a rural environment, though, the information was somewhat less precise.
Williams said he reached out to O2 UK multiple times and, at first, got no response. The company later reported the issue had been fixed, which Williams also confirmed.
“Our engineering teams have been working on and testing a fix for a number of weeks – we can confirm this is now fully implemented, and tests suggest the fix has worked, and our customers do not need to take any action,” Virgin Media O2 told BleepingComputer.
Via BleepingComputer
Leave a comment