O2 VoLTE: locating any customer with a phone call
a year ago
- #VoLTE
- #Privacy
- #Security
- VoLTE uses IP Multimedia Subsystem (IMS) for internet-based calls on mobile networks.
- IMS complexity has led to device incompatibility and security concerns.
- O2 UK's IMS implementation, '4G Calling', launched in 2017, exposes sensitive data in SIP messages.
- Headers in SIP messages reveal IMSIs, IMEIs, and Cell IDs of callers and recipients.
- Cell ID data can be used to geolocate users with high accuracy, even when roaming.
- O2 lacks a clear escalation route for reporting security vulnerabilities.
- No response from O2 after attempts to report the privacy risk in March 2025.