Telco regulator Ofcom has said it is closing a technical loophole that poses a risk to mobile users’ privacy and security., announcing a crackdown on the leasing of phone numbers known as Global Titles.
Global Titles (GT) are used by mobile networks to send and receive signalling messages, which help to ensure a call or text message is received by the intended recipient. According to Ofcom, these signalling messages are used in the background, supporting billions of calls and text message made worldwide, and are never seen by mobile phone users.
However, Ofcom said criminals can use Global Titles to intercept and divert calls and messages, which enables them to capture information held by mobile networks. As an example, a hacker could intercept security codes sent by banks to a customer via a text message.
Global Titles are sometimes leased out by mobile networks – largely to legitimate businesses who use them to offer mobile services. However, they can fall into the wrong hands. This can lead to the security and privacy of ordinary mobile users being compromised as their personal data may be directly or indirectly accessed by criminals.
The National Cyber Security Centre (NCSC) has recognised the risk presented by Global Titles in telecommunications. Due to failures of industry-led efforts to address these issues, Ofcom said that it has taken the step to ban the leasing of Global Titles with immediate effect.
Discussing the leasing of Global Titles, NCSC chief technical officer Ollie Whitehouse said: “This technique, which is actively used by unregulated commercial companies, poses privacy and security risks to everyday users, and we urge our international partners to follow suit in addressing it.”
Among the Global Titles-based services that Ofcom regards as high are Home Location Register (HLR) lookup. These include authentication services, least cost routing and number authentication services. Ofcom said HLR is an example of a higher risk service because it facilitate access to operational data held by mobile networks, some of which may be personal data and/or location data, which is subject to legal requirements under relevant data protection legislation.
“We expect range holders [the original telco operator holding the GT] providing, or indirectly facilitating provision of, HLR lookup services to be alert to the risk that such services may be facilitating access to operational data held by mobile networks which may be contrary to relevant data protection legislation,” Ofcom stated in its Guidance for number range holders to prevent misuse of Global Titles.
Ofcom’s group director for networks and communications Natalie Black said: “We are taking world-leading action to tackle the threat posed by criminals gaining access to mobile networks. Leased Global Titles are one of the most significant and persistent sources of malicious signalling. Our ban will help prevent them from falling into the wrong hands – protecting mobile users and our critical telecoms infrastructure in the process.”
“Alongside this, we have also published new guidance for mobile operators on their responsibilities to prevent the misuse of their Global Titles,” added Black.
The ban on entering new leasing arrangements is effective immediately. For leasing that is already in place, the ban will come into force on 22 April 2026. This will give time to legitimate businesses that currently lease Global Titles from mobile networks to be able to make alternative arrangements.
#Ofcom #bans #leasing #Global #Titles #crackdown #spoofing