O2 UK patches bug leaking mobile user location from call metadata

A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. The problem was discovered by security researcher Daniel Williams, who says the flaw existed on O2 UK's network since March 27, 2017, and was resolved yesterday. O2 UK is a British telecommunications service provider owned by Virgin Media O2. As of March 2025, the company reported having nearly 23 million mobile customers and 5.8 million broadband clients across the UK, positioning it as one of the major providers in the country. In March 2017, the firm launched its IP Multimedia Subsystem (IMS) service, branded as "4G Calling," for better audio quality and line reliability during calls. However, as Williams discovered while analyzing the traffic during such a call, the signalling messages (SIP Headers) exchanged between the communicating parties are far too verbose and revealing, including IMSI, IMEI, and ... Read full article.