CyberSecurity news
FlagThis
@cyberinsider.com
//
O2 UK has recently patched a security vulnerability in its 4G Calling (VoLTE) and WiFi Calling technologies that could have allowed unauthorized individuals to determine the general location of its mobile users. The flaw stemmed from an improper implementation of the IMS standard, leading to the leakage of user location data through network responses. An attacker could exploit this by simply initiating a phone call to the target, making it a significant privacy concern for O2 UK's nearly 23 million mobile customers. The problem, discovered by security researcher Daniel Williams, is believed to have existed since February 2023 before being resolved.
The vulnerability resided in how O2 UK handled encryption protocols, specifically within the EEA2 encryption algorithm. Researchers from Beijing University of Posts and Telecommunications and the University of Birmingham discovered that this algorithm was not as robust as previously believed, allowing attackers to intercept and decrypt voice call data. By examining the non-encrypted MAC sub-header, attackers could identify the Logical Channel ID (LCID) of the sub-PDU, enabling them to specifically target VoLTE traffic. This exposed call metadata, including call times, duration, direction, and the user's approximate location.
O2 UK's swift action to patch the bug demonstrates the critical importance of telecom providers adhering to stringent security standards. Proper validation and security measures in IMS implementations are essential to safeguarding user privacy. The incident serves as a reminder for regular security audits and enhanced protection of user data within telecommunications networks. As VoLTE and WiFi Calling continue to transform communication with superior call quality and reliability, addressing security vulnerabilities is paramount to maintaining user trust and preventing future exploits.
ImgSrc: mnwa9ap4czgf-u1
References :
The vulnerability resided in how O2 UK handled encryption protocols, specifically within the EEA2 encryption algorithm. Researchers from Beijing University of Posts and Telecommunications and the University of Birmingham discovered that this algorithm was not as robust as previously believed, allowing attackers to intercept and decrypt voice call data. By examining the non-encrypted MAC sub-header, attackers could identify the Logical Channel ID (LCID) of the sub-PDU, enabling them to specifically target VoLTE traffic. This exposed call metadata, including call times, duration, direction, and the user's approximate location.
O2 UK's swift action to patch the bug demonstrates the critical importance of telecom providers adhering to stringent security standards. Proper validation and security measures in IMS implementations are essential to safeguarding user privacy. The incident serves as a reminder for regular security audits and enhanced protection of user data within telecommunications networks. As VoLTE and WiFi Calling continue to transform communication with superior call quality and reliability, addressing security vulnerabilities is paramount to maintaining user trust and preventing future exploits.
ImgSrc: mnwa9ap4czgf-u1
Share:
References :
- securityaffairs.com: A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due to improper IMS standard implementation.
- cyberinsider.com: A critical privacy vulnerability in O2 UK's Voice over LTE (VoLTE) system allows any caller to accurately geolocate any O2 customer simply by initiating a phone call, without their consent or knowledge.
- The Register - Security: Researcher finds VoLTE metadata could be used to locate users within 100 meters UK telco Virgin Media O2 has fixed an issue with its 4G Calling feature that allowed users' general location to be discerned by those who called them.
- Tech Monitor: O2 UK resolved security vulnerability in VoLTE and WiFi Calling features, which exposed users' general locations and personal identifiers.
- The DefendOps Diaries: Security Flaw in O2 UK's VoLTE and WiFi Calling: A Call for Enhanced Protection
- BleepingComputer: O2 UK patches bug leaking mobile user location from call metadata
- bsky.app: A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/
Classification:
- HashTags: #VoLTE #LocationLeak #TelecomSecurity
- Company: O2
- Target: O2 Customers
- Product: 4G Calling
- Feature: VoLTE/WiFi Calling
- Type: Vulnerability
- Severity: Medium