Virgin Media O2 mobile users' locations exposed for two years in security flaw

The locations of millions of Virgin Media O2 mobile customers were exposed for up to two years until a network security flaw was corrected, it has emerged.
Before the fix was implemented on 18 May, anyone with a Virgin Media O2 sim card could use their phone to obtain sensitive information about the network's other customers using a 4G-enabled device, including their location to the nearest mobile mast.
The flaw has now been patched and reported to the UK's communications and data protection regulators. Virgin Media O2 said there was no evidence that its network security systems had been externally breached.
The locations of customers could be tracked most precisely in urban areas, where mobile masts cover areas as small as 100 square metres.
Dan Williams, an IT specialist who discovered the defect, wrote that he was 'extremely disappointed' not to receive a response when he flagged the issue, which was resolved only after he blogged about it two months later, on 17 May. He said there had been no explanation for the delay.
He wrote: 'I don't want to be the enemy, I simply want to feel comfortable using my phone.'
Williams noticed Virgin Media O2's failure to configure its 4G calling software correctly when he was looking at messaging between his device and the network to work out call quality between himself and another O2 customer.
'I noticed that the responses from the network were extremely long, and upon inspection noticed that extra information from the recipient of the call was sent to the call initiator,' he told the Guardian.
This included normally private information, such as the cell ID, which is the current cell tower a caller is connected to; information about sim card, which could be used for a cyber-attack; and the phone model, which can be used to work out how to access it.
He believed that it was 'possible this was used in the wild and not reported against' though there was no way to quantify that. If it had been that would be 'quite a large problem', as 'there are situations where this data is extremely, extremely sensitive', for example domestic abuse survivors or government workers, he added.
'I came across it by accident. Someone purposefully trying to find these kinds of vulnerabilities would have probably come across it,' he said. 'There are white papers detailing this exact scenario and warning networks against doing this.'
The FT, which first reported Williams's findings, said he had tested the problem with another O2 customer, successfully tracking them to Copenhagen, Denmark.
Disabling the 4G calling feature on devices would have prevented them from being tracked, though this is not possible on some handsets, such as iPhones. The issue may have also affected some customers of Giffgaff and Tesco Mobile, which use Virgin Media O2's network.
Sign up to Business Today
Get set for the working day – we'll point you to all the business news and analysis you need every morning
after newsletter promotion
Alan Woodward, cybersecurity professor at Surrey University, said location data 'could be valuable for scams such as social engineering, or even blackmail' and for phishing attempts referencing a recent location, though they would need other information about the person for this to work.
He said this was unlikely to happen for normal people who were not criminal targets, but nevertheless fixing the vulnerability should have been a 'matter of urgency'.
A Virgin Media O2 spokesperson said: 'Our engineering teams had been working on and testing a fix for this configuration issue over a number of weeks, and we can confirm this fix was fully implemented on 18 May.
'Our customers do not need to take any action, and we have no evidence of this issue being exploited beyond the two illustrative examples given by a network engineer in his blog which we reported to the ICO [Information Commissioner's Office] and Ofcom. There has been no external compromise of our network security at any time.'
An Ofcom spokesperson said it was 'aware that O2 has experienced a network security issue', and is in contact with the provider to establish the scale and cause of the problem.
An ICO spokesperson said that after assessing the information provided by Telefonica and remedial steps taken, 'we will not be taking further action at this stage'.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

The Sun

11 minutes ago

• The Sun

Millions of Freeview watchers hit by big Channel 4 change and must re-scan TV boxes to keep popular channel

MILLIONS of Freeview watchers have been hit by a big channel change as viewers are urged to re-scan their TV boxes. Channel 4 has boosted Freeview coverage for one of its channels this month, meaning you'll need to retune to continue watching. As part of Freeview's monthly channel update, 4seven transitioned to a new frequency as of Wednesday 18 June. This is because of an important technical change to the way the Channel 4 offshoot channel is broadcast on Freeview. It will give more Freeview users access to the channel at a time when 4seven is increasingly used as an overspill for live events. 4seven has recently become the home of a selected number of men's European Championship U21 games, including Netherlands v Ukraine and Slovenia v Czechia. They have previously broadcast coverage of the Paralympic Opening and Closing Ceremonies. But for the time being, 4seven is broadcasting on both new and old frequencies. At the end of this transition period, the old copy of 4seven will carry a retune caption. But you can retune today to ensure continued reception of 4seven on channel 49. Following your retune, you should see 4seven on channel 49 and the old copy of 4seven on channel 790. What's better is the channel now has universal coverage on Freeview. It's now available to all viewers in the Channel Islands and Isle of Man in addition to UK viewers who can only receive a reduce Freeview channel line-up. If you're a viewer who only receives around 20 basic Freeview channels at your address, you can retune to add 4seven to channel 49. It's a big bonus to some viewers as some remote locations with reduced access to Freeview are also affected by poor internet speeds meaning they can't stream TV either. This follows a reconfiguration of the frequency that carries the main Channel 4 service on Freeview, meaning the 4seven signal can now be aired alongside its parent channel. Kay Burley joins This Morning in TV return after departure from Sky News It's not the only Freeview change seen this month either. Just last week it was announced that Rewind TV is now on channel 81. It has swapped places with Blaze +1 and is now the next-door channel to the vintage Talking Pictures channel. There's also a new shopping channel with Must Have Ideas setting up shop on channel 96. The service was previously exclusive to satellite TV such as Sky and on YouTube but a retune will now add the channel to your service. Millions of Freeview watchers can also enjoy three new channels this month. Starting from this week, viewers will be able to tune into a number of channels including ITV Quiz, a fresh channel dedicated to quizzes.

Daily Mail​

19 minutes ago

• Daily Mail​

'You money grabbing little dog' - 'Jealous' drug dealer's messages to his ex-girlfriend are heard in court as he is accused of brutal murder of 'love rival' who was 'tortured to death' in his own home

A 'jealous' drug dealer accused of masterminding the brutal torture and killing of his alleged love rival branded his ex-girlfriend a 'money-grabbing little dog', a court heard today. John Belfield, 31, allegedly plotted the murder of Thomas Campbell out of 'hostility' because the victim had begun dating his ex-partner, as well as to steal from him. The 38-year-old's bloodied body was found bound in extra-strength duct tape and dressed in only a pair of socks in his own home in July 2022. In the run-up to the killing, Belfield was given crucial details about the intended victim's movements by Campbell's ex-wife Coleen, a jury has heard. She was later found guilty of manslaughter and conspiracy to rob. Today Manchester Crown Court heard of threatening messages that Belfield sent to his ex-girlfriend Demi-Lee Driver, who had begun a relationship with Campbell. In one he wrote: 'You and that helmet will get domed. 'Shut your mouth you dog.' Another read: 'There's not a thing you or him will do so. I think you should get my draws out your house Monday.' Belfield added: 'And I'm going to shag his baby mum now for the point of it, you money grabbing little dog.' Ms Driver refused to give police access to her mobile phone but shared screenshots of the Instagram messages, jurors were told. Giving evidence in his defence today, Belfield admitted being a drug dealer but claimed he had been at his sister's home on the night of the killing. His barrister Richard Wright KC asked him: 'Do you understand that the prosecution allege that, together with his ex-wife Coleen Campbell, you had personal motivation to attack Thomas Campbell because he was in a relationship with your ex partner Demi-Lee Driver? 'You were annoyed or jealous of that relationship?' Belfield replied: 'I understand that.' Mr Wright asked: 'Did you conspire with Coleen Campbell and others to target Mr Campbell as a victim for robbery in his own home?' The 38-year-old, pictured with Coleen on holiday, was discovered by shocked neighbours 'No,' Belfield replied. Mr Wright asked: 'Were you motivated by jealousy or anger to attack Mr Campbell because he was in a relationship with Demi-Lee Driver?' Belfield anwered: 'No.' Belfield admitted that he had planned to to target Mr Campbell at some point in order to steal his drugs and admitted that he himself was a drug dealer. He denied being part of the team which placed a tracking device on Mr Campbell's VW van five days before the murder and said he did not know it had been put there. Belfield admitted he had taken part in alleged 'recces' of Mr Campbell's home in Mossley, Greater Manchester. But he denied that he had been one of the men who bought items used in the torture of Mr Campbell from a B&Q store in Oldham four days before the killing. Mr Wright asked him if he was with Reece Steven - who has been convicted of Mr Campbell's murder - when he was attacked and killed. He replied: 'No. I was at my sister's house with my niece and nephew.' Belfield admitted that he had taken part in efforts to disguise the van used in the attack but said he had done so 'to help my friends'. He also agreed that he had fled the country after the murder, travelling to the former Dutch colony of Suriname in South America. But he said: 'I was scared his friend were going to attack me and kill me because of the rumours they had heard.' The court has heard the 'horrific' killing was the result of 'very careful planning by a team of highly organised criminals' who used a tracking device placed on Mr Campbell's car and carried out reconnaissance on his home in the days before the assault. Jurors have been told that at a 2023 trial Reece Steven was convicted of murder and conspiracy to rob. Stephen Cleworth, from Heywood, who acted as a driver, was convicted of manslaughter and conspiracy to rob. He was responsible for planting the tracker on Mr Campbell's vehicle and assisting with surveillance although he was not present during the murder. Belfield - alleged to have been the 'driving force' behind the killing - is now standing trial for the murder after being extradited back from South America. The prosecution case is that Steven, Belfield and a third unknown man were all present when Mr Campbell was tortured to death. Belfield, of no fixed address, denies murder and conspiracy to rob. The trial continues.

Daily Mail​

32 minutes ago

• Daily Mail​

Girl, three, has arm ripped open by cockapoo as her father is forced to 'hold her skin together' after attack outside primary school

A girl, three, has had her arm ripped open by a cockapoo, with her father forced to 'hold her skin together' after the attack outside a primary school. Bunnie was walking home with her father Rowen Skinley and two siblings in Rainham, Kent, on Tuesday when the designer dog attacked outside Miers Court Primary School. She had to be rushed to hospital in London for emergency plastic surgery after the Cocker Spaniel and Poodle crossbreed brutally mauled her unprovoked. The owner of the small, sandy-coloured pooch 'just disappeared', leaving no details, after pulling the dog off the toddler and tearing her skin in doing so, Mr Skinley said. The father explained: 'I was so shocked. All I had to stop the bleeding was my hands. I had to basically hold her skin together.' Thankfully, he continued: 'She's doing well now. She's just a bit shaken and keeps talking about how scared she is of the dog... 'It's really upsetting that the woman didn't stop because it makes you fear for the safety of other kids.' A Kent Police spokesperson confirmed an investigation is ongoing. Cockapoos have often been touted as family-friendly bundles of cuteness - playful, warm, curly-haired teddy bears, who are easy to manage and train. But Mr Skinley had a rather different experience with the popular breed: 'It happened parallel to the school on the main road. I was just walking home after the school run. 'The path is quite narrow and a woman was walking her dog on the actual road itself. 'Then, out of nowhere, the dog just lunged for my daughter and pulled her to the floor.' Bystanders rushed over to help: 'People who saw what happened came over and said that my daughter hadn't even put her hand out to the dog.' Bunnie was taken to Medway Maritime Hospital in nearby Gillingham before being transferred to St Thomas' Hospital in Westminster, London, the next morning. There, she had several X-rays to ensure the puncture had not hit her bone, before undergoing the reconstructive surgery. Mr Skinley explained: 'She also has a lung condition and really bad asthma so she had to be marked down as a high-risk category for sedation.' The girl will have to return to hospital within a week for a check-up, to assess if she needs even more surgery. Anyone with information that could assist officers' inquiries, including CCTV or doorbell footage, should contact police on 01634 792209, quoting 46/102876/25. It comes after MailOnline revealed at the end of last year that at least 16 dangerous dogs are seized every day in the UK. Just under 6,000 dangerous dogs were seized by 27 forces from November 2023 until the same month the following year, a Freedom of Information (FOI) request found - meaning 114 dogs are taken every week. Of the forces which responded to the FOI, Greater Manchester had the highest figures, with 19 dogs seized a week. It took 1,000 in a year and put 337 of the animals to sleep. Second highest is the West Midlands force with 17 dogs, followed by Northumbria with nine. West Yorkshire seized eight a week, while Leicestershire said it seized six. Experts have now warned that banning dangerous dogs in order to keep the public safe has 'critical flaws' and the focus should be on making owners more responsible instead. A spokesperson at which obtained the data, said: 'The Dangerous Dogs Act has been in effect for over three decades and yet, hospital admissions due to dog bites continue to rise.' They added that instead of focusing on breed, the emphasis should be on 'addressing the root causes of dog aggression' instead.