Global titles could previously be leased out by networks, which the watchdog claims allowed bad actors to take advantage of the signalling process to divert communications and access sensitive data
Ofcom has announced a ban on processes that currently enable fraudsters and other criminals to divert calls or messages.
The watchdog claims to have closed a “technical loophole” that allowed the lease of so-called ‘global titles’ – background signalling processes that are used by mobile networks to ensure calls and texts reach their intended recipients.
Global titles are, on occasion, leased out by mobile network operators and, while this leasing is “largely to legitimate businesses… they can fall into the wrong hands”, Ofcom said. Criminals can use the processes to divert calls that may contain sensitive data such as bank codes or location information, according to the regulator.
Related content
- ‘Catastrophically under-resourced’ – top officer cites police cybercrime challenges
- Report calls on police to do more for cybercrime victims
- Police investigated 4,300 cyber offences last year – but charged fewer than 100 criminals
The potential for criminality has previously been flagged up by the National Cyber Security Centre and previous work undertaken by the telecoms industry itself to tackle the issue has “not been effective”, according to the regulator – which said that it is now “stepping in to ban the leasing of global titles with immediate effect”.
Doing so will make the UK a “world leader in protecting people from the malicious use of mobile networks”, Ofcom said.
Ofcom’s group director for networks and communications, Natalie Black, said: “Leased global titles are one of the most significant and persistent sources of malicious signalling. Our ban will help prevent them falling into the wrong hands – protecting mobile users and our critical telecoms infrastructure in the process.”
NCSC chief technical officer at the Ollie Whitehouse added: “Today’s announcement marks an important step in the support of our mission to make the UK the safest place to live and work online. This technique, which is actively used by unregulated commercial companies, poses privacy and security risks to everyday users, and we urge our international partners to follow suit in addressing it.”
