Coming second half of this year!

Cool, hopefully before their wide-scale 3G switch-off starting August.

It's tough, but when the people don't respond what do you do?

Do you just sit on the info, hoping noone else sees it and exploits it?

Or do you try and get them to fix it somehow?

First of all, thank you for trying to resolve this with the carrier and finally bringing it up to everyone's attention here. Perhaps public attention is what's needed to push them to address the problem.

To be honest, I personally would be scared to report such vulnerabilities with my real identity to begin with. With big tech companies, no matter how poorly their bug bounty programs are run, I still have this naive expectation that they won't shoot the messenger. At worst they could ban my accounts and maybe send threatening letters, but they probably won't ruin my life as long as I abide by the norms (agreed by technical people).

However, I do not feel the same naive optimism towards "legacy" institutions like telecoms and public services. At best it's thankless work, at worst I get sued [0] or become a scapegoat so some official could score some political points [1]. It's unfortunate - I am acutely aware that this is chilling effect at work, and our systems are collectively less secure because of it.

[0]: https://www.cnbc.com/2024/09/15/dark-web-expert-warned-us-ho... [1]: https://techcrunch.com/2021/10/15/f12-isnt-hacking-missouri-...

Being a customer yourself, I guess you could sue them

The headers are included in every single downlink message after initiating a call, including the downlink SIP Invite message before 100 Trying, 180 Ringing or 183 Session Progress.

If you're quick enough (or automate this with dedicated software, like an attacker might actually do), it won't even need to ring out. It's really not good.

that's wild. did you also try any callees connected to a different PLMN?

I doubt it. This is likely O2 UK specific.

This only affects O2, not EE/VF/3, right?

This one is actually on us. The email contacted was actually @virginmediao2.co.uk, not @virginmedia.co.uk. It's a typo in the article.

I'll update it with a correction.

I have spotted another error:

> is within LAC 0x1003 (decimal: 4009)

It should be decimal 4099.

How did you spot that?

When you’ve been working with computers for long enough, the powers of 2 live in your head… and there’s no way 0x1000 is less than 4096 :)

I did the conversion in my head as I was reading.

Oops. Thanks.

We know the relevant team within O2 was actually informed, but evidently no action (or insufficient action) was taken.

Hello, article editor here. Many Android devices with Qualcomm chips offer the option to expose a modem diagnostics port over USB meaning a rooted device isn't even needed. It's just much easier to use NSG rooted on-device than going around with a laptop places.

It's as simple as using Scat (https://github.com/fgsect/scat) with the modem diag port enabled to view all signalling traffic to/from the network.

Yes, you can do the first one. There's a post scrubber on the right hand side of any thread with buttons for top and bottom.

Disclaimer: Flarum core dev

They're asking if posts are loaded in and out with Javascript as you scroll.

Yes they are. When you scroll outside of the currently loaded results, a new set of results will be loaded using ajax/xhr.

Argh, I'm jealous.

I've been looking for suitable SDRs in the ~£180 range for a few months now, and nowhere has one suitable for 5G NR or 4G LTE available. HackRF seems to be pretty crippled in mobile networking, and Pluto seems to not work at all on srsRAN/srsLTE.

I doubt you'd be willing to let go of your full-size LimeSDR for £180, though, and I don't blame you based on its demand level.