O2 UK VoLTE E-UTRAN Cell Identity Leak Vulnerability

A vulnerability in O2 UK's Voice over LTE (VoLTE) service has been identified, allowing subscribers to unintentionally disclose the E-UTRAN Cell Identity (ECI) of other users. This issue arises when an IMS (IP Multimedia Subsystem) call is made, as the 'Cellular-Network-Info' SIP header includes the utran-cell-id-3gpp field, which reveals the Cell ID. This information could be used to approximate a user's location, particularly in urban areas where cell coverage is dense. The vulnerability affects all O2 UK customers using VoLTE or WiFi Calling.

Impact

The vulnerability allows for unauthorized location tracking of O2 UK customers by disclosing their Cell ID and associated location data to callers.

Reproduction

The vulnerability can be reproduced by making an IMS call from an O2 UK customer with a VoLTE-compatible device. The 'Cellular-Network-Info' header will reveal the call recipient's Cell ID, which can be cross-referenced with public data to determine their location.

Remediation

O2 UK has confirmed that the issue has been fixed. Customers do not need to take any action.