O2 UK Fixes Flaw That Exposed Caller Location Data

O2 UK has addressed a security vulnerability in its implementation of Voice over LTE (VoLTE) and WiFi Calling technologies that exposed mobile users’ general location and unique identifiers. The flaw allowed anyone who placed a call to a target number to potentially extract sensitive metadata, including details that could reveal the recipient’s approximate whereabouts.

The issue stemmed from how O2 UK’s network managed call signaling data, inadvertently leaking information during the connection process. While the vulnerability did not grant precise location tracking or access to personal conversations, it raised significant concerns over user privacy and mobile network security.

After the flaw was identified, O2 UK moved to patch the issue, minimizing further exposure risks. The incident highlights ongoing challenges in securing modern telecommunications infrastructure, particularly as networks adopt advanced features like VoLTE and WiFi Calling. No reports of malicious exploitation were disclosed, and O2 UK has not commented on how long the vulnerability remained active.