British regulators have shut down a critical security flaw that allowed criminals and surveillance companies to secretly track mobile phone users anywhere in the world. The move comes as cybersecurity experts raise growing concerns about vulnerabilities in decades-old telecommunications infrastructure.
The UK’s communications regulator Ofcom announced it has banned the leasing of “Global Titles” – special phone numbers that transmit signaling messages across international telecom networks. While these numbers normally help operators manage network functions like roaming services, criminals had found ways to abuse them for surveillance.
According to Ofcom, rogue actors could exploit these titles “to intercept and divert calls and messages, and get their hands on information held by mobile networks.” In some cases, the regulator said the titles “can be exploited by criminals and other harmful actors to track the physical location of individuals anywhere in the world.”
The timing of Ofcom’s announcement is significant. It came just hours before Canadian internet watchdog Citizen Lab released a report detailing how suspected surveillance companies were abusing telecom infrastructure to spy on a “well-known company executive” and track mobile users globally.
This regulatory action highlights a growing problem in global telecommunications. Many of the messaging protocols that power today’s mobile networks were designed decades ago, long before modern privacy and security concerns became paramount. These legacy systems create opportunities for bad actors to exploit weaknesses that were never anticipated by their original designers.
The Global Title system operates within SS7 (Signaling System 7), a set of protocols that allows different mobile networks to communicate with each other. While essential for international roaming and other services, SS7 has long been known to have security vulnerabilities that can be exploited by anyone with access to the network.
Cybersecurity professionals have been sounding alarms about telecom infrastructure vulnerabilities for years. The systems that route calls and messages between networks were built for reliability and interoperability, not security. This has created a situation where state actors, criminal organizations, and commercial surveillance companies can potentially access user data and location information.
The UK’s ban on Global Title leasing represents one of the first major regulatory responses to these concerns. By preventing unauthorized parties from obtaining these special numbers, Ofcom aims to reduce the attack surface available to would-be surveillance operators.
However, the move also raises questions about similar vulnerabilities in other countries. Telecom networks are inherently international, and closing loopholes in one jurisdiction doesn’t necessarily protect users when they travel or communicate across borders. The effectiveness of Ofcom’s action may depend on whether other regulators follow suit with similar measures.
For ordinary mobile users, this development offers some protection against sophisticated tracking attempts. But it also serves as a reminder of how vulnerable our communications infrastructure can be to abuse by those with the technical knowledge and resources to exploit it.