Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

      July 24, 2025

      Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

      July 24, 2025

      AI and its impact on the developer experience, or ‘where is the joy?’

      July 23, 2025

      Google launches OSS Rebuild tool to improve trust in open source packages

      July 23, 2025

      Atomic Design Certification Course

      July 24, 2025

      How to streamline GitHub API calls in Azure Pipelines

      July 24, 2025

      Reform Collective: A New Website, Designed to Be Seen

      July 24, 2025

      Motion Highlights #11

      July 24, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Moderate Image Uploads with AI/GenAI & AWS Rekognition

      July 24, 2025
      Recent

      Moderate Image Uploads with AI/GenAI & AWS Rekognition

      July 24, 2025

      WCAG Compliance for Drupal Sites with UserWay

      July 24, 2025

      AI-Driven Auto-Tagging of EC2 Instances Using Amazon SageMaker

      July 24, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

      July 24, 2025
      Recent

      FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

      July 24, 2025

      How to Open Control Panel in Windows 11

      July 24, 2025

      How to Shut Down Windows 11

      July 24, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Development»Ofcom Bans Global Titles Leasing to Thwart Criminal Abuse of UK Mobile Networks

    Ofcom Bans Global Titles Leasing to Thwart Criminal Abuse of UK Mobile Networks

    April 22, 2025

    Global Titles, UK Telecom, NCSC, UK TelecommunicationsTwo-Factor Authentication

    The UK communications regulator Ofcom has banned leasing of “Global Titles,” a special phone number type used in mobile network signaling, in a landmark decision to counter growing threats from cybercriminals and foreign intelligence actors.

    Effective immediately, mobile operators are prohibited from entering new leasing agreements for Global Titles. The move closes a longstanding technical loophole that allowed criminals to exploit mobile infrastructure for surveillance, fraud, and data theft — often without detection.

    Ofcom’s decision positions the UK as a global leader in mobile network protection, following concerns raised by the National Cyber Security Centre (NCSC) and cyber threat intelligence specialists about persistent abuses of mobile signaling systems.

    Natalie Black, Group Director for Networks and Communications at Ofcom, called the move a “world-leading action.”

    “Leased Global Titles have become one of the most persistent sources of malicious activity on telecom networks,” Black said. “Our ban will help prevent them falling into the wrong hands – protecting mobile users and our critical telecoms infrastructure in the process.”

    Global Titles: A Hidden Risk in the Mobile Backbone

    Mobile networks use Global Titles to route signaling messages that ensure calls and texts reach their intended destinations. These identifiers operate silently behind the scenes, supporting billions of daily communications without ever being visible to the users making or receiving them. While consumers are unaware of their presence, these numbers play a critical role in routing communications globally.

    Traditionally, mobile operators lease Global Titles to legitimate enterprises offering mobile services. But weak oversight and the anonymity provided by leasing arrangements have made them attractive to malicious actors.

    Criminal groups have used Global Titles to intercept two-factor authentication codes, track user locations, and divert SMS or call traffic — posing significant risks to individuals, financial institutions, and national security infrastructure.

    Because Global Titles are leased, not owned, bad actors often operate under the guise of legitimacy, making them difficult to detect and attribute.

    “This technique, which is actively used by unregulated commercial companies, poses privacy and security risks to everyday users,” said Ollie Whitehouse, Chief Technical Officer at the NCSC. Today’s action by Ofcom sets a new bar for telecom security and the UK encourages other nations to follow suit, Whitehouse added.

    Industry Efforts Fell Short

    The telecom industry has long acknowledged the risks associated with signaling exploitation, but voluntary measures failed to deliver meaningful results. Ofcom noted that self-regulation did not adequately prevent misuse or enforce accountability across mobile operators and signaling brokers.

    Frustrated by the lack of progress, the regulator opted for decisive action.

    “The industry has been aware of these vulnerabilities for years,” said one senior security engineer at a UK telecom operator. “This ban forces everyone to raise the baseline of security and treat signaling as a live threat surface, not just a background protocol.”

    Also read: CISO’s Guide to Telecom Security: Combatting Cyber Threats with Modern Intelligence

    Ofcom Implementation Timeline and Guidance

    While new leasing is now banned, existing leases will be phased out. All current arrangements must end by April 22, 2026. An extended deadline of October 22, 2026, applies to two specific use cases that face complex transition challenges.

    Ofcom also released updated guidance for mobile network operators, outlining how to monitor and safeguard their signaling assets and prevent unauthorized access or misuse.

    The regulator’s approach aims to strike a balance between urgent risk mitigation and operational continuity for businesses that depend on Global Title services.

    Growing International Concern Over Mobile Signaling Exploits

    SS7 and related signaling systems have come under intense scrutiny in recent years due to their lack of authentication and encryption. These legacy protocols remain active across much of the global telecom landscape and are often exploited by threat actors with access to international or leased network elements.

    In several known cases, attackers have used signaling exploits to track political dissidents, compromise bank accounts, or conduct targeted espionage operations. Experts have repeatedly warned that without strict regulation, signaling vulnerabilities could enable cross-border attacks and surveillance.

    Ofcom’s move aligns with recommendations from international cyber authorities and comes at a time when governments are reassessing how national telecom assets are protected in light of geopolitical tensions and hybrid warfare tactics.

    NCSC’s Whitehouse called the decision “a critical milestone in securing the UK’s digital infrastructure,” urging international regulators to take similar steps. Security professionals welcomed the move, noting it sets a precedent for treating mobile signaling security with the same urgency as core internet protocols or data protection standards.

    “This is overdue,” said a threat intelligence analyst. “We can’t keep securing endpoints and ignoring what’s happening in the transport layer of mobile communications.”

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleTransgate | Convert Audio to text in min
    Next Article The AI Fix #47: An AI is the best computer programmer in the world

    Related Posts

    Development

    Moderate Image Uploads with AI/GenAI & AWS Rekognition

    July 24, 2025
    Development

    WCAG Compliance for Drupal Sites with UserWay

    July 24, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    Disney+ or Hulu subscriber? You could win a cruise or concert tickets now – here’s how

    News & Updates

    ASUS warns of critical auth bypass flaw in routers using AiCloud

    Security

    CVE-2023-53145 – Qualcomm Bluetooth BTSdio Use After Free Buffer Overflow

    Common Vulnerabilities and Exposures (CVEs)

    Critical Linux Vulnerabilities Expose Password Hashes on Millions of Linux Systems Worldwide

    Security

    Highlights

    CVE-2025-6718 – B1.lt WordPress SQL Injection

    July 18, 2025

    CVE ID : CVE-2025-6718

    Published : July 18, 2025, 6:15 a.m. | 4 hours, 42 minutes ago

    Description : The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands.

    Severity: 8.8 | HIGH

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    TwelveTransfers

    May 17, 2025

    Overwatch 2 shows off its ambitious Stadium Mode, new hero, launch date, and more in the new Season 16 gameplay trailer

    April 17, 2025

    CVE-2025-34057 – Ruijie NBR Series Router Information Disclosure Vulnerability

    July 2, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.