■■■■■ A recent vulnerability in 02 UK’s 4G calling (VoLTE) service, now patched, highlights persistent IMS security concerns.
Ongoing VoLTE network testing has repeatedly revealed weaknesses, including: subscriber location exposure through SIP headers; unencrypted signaling traffic vulnerable to eavesdropping and tracking; flawed anonymous call implementations disclosing identities; and unchecked experimental SIP headers enabling data tunneling.
A detailed whitepaper is provided in the next message.
Daniel Williams identified this vulnerability and followed responsible disclosure procedures, followed by 02 for their prompt response.
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/