19.05.2025
2 min
547
National mobile network O2 UK has been leaking geolocation data and user IDs over VoLTE and WiFi calls since February 2023 — the bug has only just been fixed. A security researcher has discovered that SIP headers could allow attackers to determine the location of subscribers with an accuracy of up to 100 m², including IMSI, IMEI and tower data.
Researcher Daniel Williams used a rooted Pixel 8 smartphone and the Network Signal Guru app to intercept IMS signals during WiFi/VoLTE calls on the O2 UK network. The SIP headers contained vulnerable data: IMSI, IMEI, server IDs, errors from internal C++ services and the Cell ID of the last tower the subscriber was connected to. Using public tower databases, the researcher easily determined the exact coordinates of the target – even outside the UK, in particular in Copenhagen. Virgin Media O2 acknowledged the issue and announced a fix on May 19, 2025. Users do not need to take any action.
O2 UK is one of the leading telecom providers in the UK with over 23 million mobile users. The 4G Calling (IMS/VoLTE) service was launched back in 2017 to improve call quality. However, its implementation turned out to be too “chatty” at the SIP signaling level – where the leak vector lay. Despite repeated attempts by the researcher to contact the operator in March 2025, the answer was only provided after the facts were published.
Even large operators can go years without noticing critical leaks of private data. The O2 UK incident shows the importance of monitoring IMS/VoIP solutions and minimizing diagnostic metadata. Users should be aware of the risks even in familiar services, such as 4G calls.
