O2 UK Patches bug and mobile user location of Call Metadata

An error in the implementation of Volte and WiFi Calling Technologies in O2 UK can enable everyone to uncover the general location of a person and other identifiers by calling the goal.

The problem was discovered by security researcher Daniel Williams, who says that the mistake has existed in the O2 UK network since March 27, 2017 and solved yesterday.

O2 UK is a British telecommunications service provider of Virgin Media O2. From March 2025, the company reported almost 23 million mobile customers and 5.8 million broadband customers across Great Britain and positioned it as one of the most important providers in the country.

In March 2017, the company started its IP multimedia -subsystem (IMS) service, which is referred to as “4G calling”, to get better audio quality and the reliability of lines during calls.

As Williams discovered during the analysis of traffic during such a call, the signal messages (SIP header) exchanged between the communicating parties are much too detailed and informative, including imsi, imei and cell location data.

“The answers I received from the network were extremely detailed and long and were different from everything I had previously seen in other networks,” explains Williams.

“The news contained information such as the IMS/SIP server used by O2 (Mavenir UAG) and version numbers, occasional error messages processed by the C ++ services that process call information when something went wrong and other debugging information.”

Find users by call

With the NSG app (Network Signal Guru) in a rooted Google Pixel 8, Williams RAW IMS signal messages were intercepted during a call and decoded the Zell -ID to find the last cell tower to which the call receiver is connected.

Then he used public tools that provide cell tower cards to find the geographical coordinates of the tower.

In urban areas in which the tower cover is tight, the accuracy would reach 100 m2 (1076 ft2). In rural areas, geo-location would become less precise, but could still reveal the goal.

Williams also found the trick when the destination was abroad when he found a test person in Copenhagen, Denmark.

O2 UK confirms the fix

Williams says he contacted O2 UK several times on March 26 and 27, 2025 to report his results and not receive any answers.

After all, he used to get the problem to be solved by O2 UK today, and confirmed this with tests.

In an explanation of Pleping Computer, a spokesman for Virgin Media confirmed that a fixed was implemented, and found that customers do not have to take any measures to protect themselves.

“Our engineering teams have been working for a few weeks and tests a fix. We can confirm that this is now fully implemented, and tests indicate that the fix has worked, and our customers do not have to take measures,” Virgin Media O2 told Bleeping Computer.

Bleeping computer asked O2 whether this error was used as exploited and whether they would like to inform customers accordingly, but we did not receive an answer.