The UK’s communications watchdog claims it is the first regulator anywhere in the world to have taken this step – what’s taking so long?
The UK’s communications regulator, Ofcom, is banning leasing of global titles to help prevent fraud via mobile networks.
Global titles are unique addresses used by mobile networks globally for signalling systems to route calls and text messages between different networks. The global titles are transparent to mobile operators’ customers, although mobile operators sometimes lease them to businesses that offer legitimate mobile services.
Graphic below show a simplified version of how global titles are used in signalling globally
Source: Ofcom
However, global titles can be obtained by criminals to conduct illicit activities such as intercepting or diverting calls and messages to capture potentially valuable or sensitive information. This includes single use pass codes, sent by SMS, from organisations such as banks to their customers to verify transactions or the user’s identity.
The titles can also access network data and track individuals’ movements anywhere in the world without their knowledge.
Ofcom is proud of itself for this step although you have to wonder what took so long: Natalie Black, Ofcom’s Group Director for Networks and Communications, said in a press statement, “We are taking world-leading action to tackle the threat posed by criminals gaining access to mobile networks.
“Leased Global Titles are one of the most significant and persistent sources of malicious signalling. Our ban will help prevent them falling into the wrong hands – protecting mobile users and our critical telecoms infrastructure in the process.”
Unregulated commercial companies
Ollie Whitehouse, CTO of the National Cyber Security Centre, added, “This technique, which is…used by unregulated commercial companies, poses privacy and security risks to everyday users, and we urge our international partners to follow suit in addressing it.”
New leasing agreements are banned immediately. Businesses holding legitimate leases have until 22 April, 2026, to make alternative arrangements, apart from for two unspecified “specific uses” which will be allowed to continue until October 2026 “because of the particular challenges of transitioning to alternative arrangements”.
Ofcom has also released new guidance for mobile operators on their responsibilities to prevent the misuse of their assigned global titles.
SS7 and Diameter
The less good news is that the vulnerabilities in Signalling System 7 (SS7) remain although they’ve been known about for more than a decade. And reportedly, SS7’s replacement for 5G networks, the Diameter protocol, is no safer. The vulnerabilities in the signalling protocols can allow hackers to read or redirect text messages, listen to phone calls, and track the phone’s location.
