Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 18-May-2025 03:39:27 JST Kevin Beaumont

Sigh. It's possible to remotely, physically locate any O2 mobile customer at any time over the internet with a trivial method using their mobile phone number, due to O2's poor implementation of 4G Calling which, by design, gives away the Cell ID.
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

In conversation about a month ago from cyberplace.social permalink
- Embed this notice
  Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Sunday, 18-May-2025 03:55:24 JST Graham Sutherland / Polynomial
  in reply to
  
  @GossiTheDog not to mention the IMEI and IMSI of the other user's handset and SIM.
  
  In conversation about a month ago permalink
- Embed this notice
  Iris Young (he/they/she) (PhD) (iris@neuromatch.social)'s status on Sunday, 18-May-2025 04:24:52 JST Iris Young (he/they/she) (PhD)
  in reply to
  
  @GossiTheDog oh that's very bad. That's permanently disqualifying from companies I will ever trust with my information or money for any reason.
  
  In conversation about a month ago permalink
- Embed this notice
  AnneH (annehargreaves@ioc.exchange)'s status on Sunday, 18-May-2025 05:54:55 JST AnneH
  in reply to
  
  @GossiTheDog If you turn VOLTE off on your handset?
  
  In conversation about a month ago permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 20-May-2025 04:28:34 JST Kevin Beaumont
  in reply to
  
  O2 have fixed this - I’ve just retested this, O2 no longer give out my location.
  Full disclosure works. https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/
  In conversation about a month ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: www.bleepstatic.com
    
    O2 UK patches bug leaking mobile user location from call metadata
    
    from @BleepinComputer
    
    A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target.
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 29-May-2025 18:45:14 JST Kevin Beaumont
  in reply to
  
  The mainstream have now found out about the O2 thing https://www.ft.com/content/2fc4234a-0065-490d-8483-33feff284ff3
  In conversation about 18 days ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: www.ft.com
    
    Virgin Media O2 network flaw allowed customer phones to be tracked
    
    Company has reported issue to watchdogs and fixed the problem
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 29-May-2025 18:46:57 JST Kevin Beaumont
  in reply to
  
  Btw if anybody tells you this wasn’t exploited in the wild, it was, by both me and the researcher.
  
  In conversation about 18 days ago permalink
- Embed this notice
  Dragon (dragon@toast.dragon2611.net)'s status on Thursday, 29-May-2025 21:42:30 JST Dragon
  in reply to
  
  @GossiTheDog " we have no evidence of this issue being exploited beyond the illustrative examples given by a network engineer in his blog which we reported to the Information Commissioner’s Office and Ofcom" < Well no they wouldn't as they'd have no way of knowing if someone was doing anything with the info they were just handing out since it didn't require a specific query to the network to get that info it was just being sent as part of a call.
  
  In conversation about 18 days ago permalink

Public

Conversation

Notices

Feeds