Vulnerability cyber

Virgin Media O2

May 23, 2025 1 min read
Virgin Media O2

Virgin Media O2 had a vulnerability in its 4G Calling feature that allowed users' general location to be discerned by callers. Researcher Daniel Williams discovered that the network's IMS service was revealing call recipient data, including IMSI, IMEI, and cell ID, which could be used to locate call recipients within a 100 square meter accuracy in dense urban areas. The issue was fixed by the company's engineering teams, and no customer action was required.

Source: https://www.theregister.com/2025/05/20/vmo2_fixes_4g_calling_issue/

TPRM report: https://scoringcyber.rankiteo.com/company/virginmediao2

"id": "vir501052325",
"linkid": "virginmediao2",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Telecommunications',
                        'location': 'United Kingdom',
                        'name': 'Virgin Media O2',
                        'type': 'Telecommunications Company'}],
 'attack_vector': 'Exploitation of VoLTE Implementation',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['IMSI', 'IMEI', 'Cell ID']},
 'date_detected': '2023-03-01',
 'date_publicly_disclosed': '2023-05-17',
 'date_resolved': '2023-05-19',
 'description': 'UK telco Virgin Media O2 has fixed an issue with its 4G '
                "Calling feature that allowed users' general location to be "
                'discerned by those who called them.',
 'impact': {'data_compromised': ['IMSI', 'IMEI', 'Cell ID'],
            'systems_affected': ['4G Calling feature', 'IMS services']},
 'initial_access_broker': {'entry_point': 'IMS services'},
 'investigation_status': 'Resolved',
 'lessons_learned': 'Ensure sensitive data is not exposed in signaling '
                    'messages',
 'motivation': 'Unknown',
 'post_incident_analysis': {'corrective_actions': 'Fix implemented to remove '
                                                  'sensitive headers',
                            'root_causes': 'Exposure of sensitive data in '
                                           'signaling messages'},
 'recommendations': ['Remove sensitive headers from IMS/SIP messages'],
 'references': [{'date_accessed': '2023-05-19', 'source': 'The Register'}],
 'response': {'communication_strategy': ['Public statement confirming '
                                         'resolution'],
              'containment_measures': ['Engineering teams working on and '
                                       'testing a fix'],
              'incident_response_plan_activated': 'Yes',
              'remediation_measures': ['Fix implemented and confirmed']},
 'threat_actor': 'Unknown',
 'title': 'Virgin Media O2 4G Calling Feature Vulnerability',
 'type': 'Data Leakage',
 'vulnerability_exploited': 'IMSI, IMEI, and Cell ID data exposure'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.