Ofcom, the UK communications regulator, has made a groundbreaking decision to ban the leasing of “Global Titles,” a specific type of phone number used in mobile network signaling. This move comes in response to the increasing threats posed by cybercriminals and foreign intelligence actors who have been exploiting this loophole in the system.
Effective immediately, mobile operators are no longer allowed to enter into new leasing agreements for Global Titles. This decision closes a longstanding technical gap that has been exploited by criminals to carry out activities such as surveillance, fraud, and data theft on mobile infrastructure without being detected.
The National Cyber Security Centre (NCSC) and cyber threat intelligence experts raised concerns about the misuse of mobile signaling systems, prompting Ofcom to take action. By banning the leasing of Global Titles, the UK is positioning itself as a global leader in mobile network protection.
Natalie Black, Group Director for Networks and Communications at Ofcom, hailed the decision as a “world-leading action.” She emphasized the importance of preventing Global Titles from falling into the wrong hands to protect mobile users and critical telecoms infrastructure.
Global Titles are used in mobile networks to route signaling messages that ensure calls and texts reach their intended destinations. While consumers may not be aware of their presence, these identifiers play a crucial role in the global communication network.
Traditionally, mobile operators lease Global Titles to legitimate businesses offering mobile services. However, the lack of oversight and anonymity provided by leasing arrangements have made them attractive to malicious actors who use them for intercepting authentication codes, tracking user locations, and diverting SMS or call traffic.
Due to the leased nature of Global Titles, bad actors often operate under the guise of legitimacy, making them challenging to detect and attribute. The NCSC’s Chief Technical Officer, Ollie Whitehouse, emphasized the privacy and security risks posed by these activities and commended Ofcom for taking decisive action to address the issue.
The telecom industry has long been aware of the risks associated with signaling exploitation, but voluntary measures have not been effective in preventing misuse. Ofcom noted that self-regulation within the industry did not adequately address the problem, leading the regulator to implement the ban on leasing Global Titles.
Existing leasing arrangements will be phased out by April 22, 2026, with a later deadline for certain use cases facing complex transition challenges. Ofcom has also provided updated guidance for mobile network operators on monitoring and safeguarding their signaling assets to prevent unauthorized access or misuse.
The international community has expressed concerns about mobile signaling exploits, particularly regarding SS7 and related signaling systems that lack authentication and encryption. Ofcom’s decision aligns with recommendations from cyber authorities and underscores the importance of securing national telecom assets in the face of evolving threats.
Security professionals have welcomed Ofcom’s action, highlighting the need to prioritize mobile signaling security and treat it with the same urgency as core internet protocols. The decision has been described as a critical milestone in securing the UK’s digital infrastructure and setting a precedent for global regulators to follow suit.
In conclusion, Ofcom’s ban on leasing Global Titles marks a significant step towards enhancing mobile network security and safeguarding critical communications infrastructure from malicious actors. This move underscores the importance of proactive regulatory measures in addressing emerging cybersecurity threats in the telecommunications sector.