This is something you need to read in order to believe
subject: VoLTE
provider O2 UK
nightmare: infosec
Enormous. Outragerous are some of the words I would use. Take you time to read and learn because they are not the only culprits on the planet with such bad data protection practices
Excerpt
>>
Quite quickly I realised something was wrong. The responses I got from the network were extremely detailed and long, and were unlike anything I had seen before on other networks. The messages contained information such as the IMS/SIP server used by O2 (Mavenir UAG) along with version numbers, occasional error messages raised by the C++ services processing the call information when something went wrong, and other debugging information. However, most notable were a set of five headers near the bottom of the message:
SIP Msg
...
P-Mav-Extension-IMSI: 23410123456789
P-Mav-Extension-IMSI: 23410987654321
P-Mav-Extension-IMEI: 350266809828927
P-Mav-Extension-IMEI: 350266806365261
...
Cellular-Network-Info: 3GPP-E-UTRAN-FDD;utran-cell-id-3gpp=2341010037A60773;cell-info-age=26371
Synthesised excerpt of IMS signalling message for demonstration; not a genuine IMEI/IMSI/cell ID.
Two sets of IMSIs, two sets of IMEIs, and a Cell ID header. How curious…
Sure enough, when comparing both the IMSIs and IMEIs in the message to those of my own devices, I had been given both the IMSI and IMEI of my phone which initiated the call, but also the call recipient's.
<<
^Z
#O2#UK#TeleCom#InfoSec#DataLeak#WTF
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
