Telco regulator Ofcom has announced a significant step to protect mobile users’ privacy and security by closing a technical loophole related to Global Titles (GT). These Global Titles are crucial for mobile networks, handling the signaling messages necessary for routing calls and texts. While users never see these messages, they play a vital role in ensuring communication goes through.
However, there’s a dark side. Criminals have exploited Global Titles to intercept calls and messages, potentially capturing sensitive information. For example, a hacker may snatch a security code from a bank sent via text.
Mobile networks sometimes lease these Global Titles, mostly to legitimate businesses that require them for mobile services. However, this leasing can also let criminals access personal data, posing a significant risk to the privacy of everyday users.
The National Cyber Security Centre (NCSC) is aware of these risks. Due to the failed efforts from the industry to tackle the issue, Ofcom is putting an immediate stop to the leasing of Global Titles. NCSC’s chief technical officer, Ollie Whitehouse, emphasized the urgent need for action, noting that unregulated companies use this technique, which jeopardizes the security of mobile users.
Ofcom points out that certain services that rely on Global Titles, like Home Location Register (HLR) lookup, are particularly high-risk. HLR helps validate users and access operational and possibly personal data, which falls under strict data protection laws.
Ofcom warns that mobile operators must be vigilant. Natalie Black, Ofcom’s group director for networks and communications, stated that taking action against the misuse of Global Titles is a priority. She highlighted that these leased titles are a major source of malicious signaling, and banning them will help secure users and network infrastructure.
The ban on new leasing is effective immediately. Existing leases will remain in place until April 22, 2026, giving legitimate businesses time to adjust their arrangements.