What are Global Titles (GTs)?
Global Titles (GTs) are unique network addresses used in telecom signaling. They function similarly to phone numbers but are designated for network nodes instead of devices. GTs are essential for routing signaling messages, enabling seamless international roaming and interconnectivity across mobile networks. These addresses facilitate communication between operators, ensuring that services like call routing and SMS delivery work globally.
Key Functions of GTs:
- Routing of international signaling messages.
- Support for subscriber authentication during roaming.
- Enabling SMS delivery and call routing.
- Maintaining seamless interoperability between telecom operators.
What is GT Leasing?
GT Leasing refers to the practice where mobile network operators lease their Global Titles to third parties. These third parties, known as GT Lessees, use the leased GTs to access the global SS7 signaling network, enabling various telecom services. However, this practice raises concerns about network security and transparency.
Key Characteristics of GT Leasing:
- Operators lease GTs to external entities for operational purposes.
- GT Lessees can route signaling messages via international transit carriers.
- Leased GTs may lack oversight, leading to potential misuse.
Risks Associated with GT Leasing
- Malicious Signaling Traffic:
- Leased GTs can be used to send harmful signaling messages.
- Potential activities include:
- Geolocation tracking of subscribers.
- SMS interception and theft.
- Unauthorized access to subscriber data.
- Communication interception.
- Lack of Transparency:
- Operators leasing GTs may lose control over their use.
- Interconnected networks face increased vulnerability to malicious activity.
- Erosion of Trust:
- GT Leasing undermines trust between operators by introducing unvetted third parties.
- Exploitation by Bad Actors:
- Malicious actors can exploit leased GTs for fraud, phishing, and other illegal activities.
- Regulatory Non-Compliance:
- Leased GTs may violate telecom regulations and lead to legal liabilities.
The Role of Global Titles in Telecom Networks
Global Titles play a pivotal role in maintaining the operational integrity of telecom networks. Their secure management ensures:
- International Roaming: Enabling subscribers to access mobile services globally.
- Subscriber Authentication: Validating user identities for secure access.
- Call and Message Routing: Facilitating seamless communication between different networks.
- Interoperability: Ensuring consistent service delivery across international operators.
Global Titles and Mobile Network Security - Proposals to Address Misuse of Global Titles
Ofcom's Proposal
On July 22, 2024, Ofcom proposed new rules to address the misuse of Global Titles (GTs) within the UK’s mobile network. GTs, created from UK mobile numbers, are essential for connecting mobile users and enabling communication across networks. However, they can be exploited for malicious purposes such as intercepting calls, tracking users, or disrupting networks. Ofcom’s proposals include:
- Banning leasing of Global Titles to third parties by operators that hold UK mobile numbers.
- Banning the creation of Global Titles from sub-allocated numbers by third parties.
- Strengthening rules to prohibit the misuse of Global Titles by operators that hold UK mobile numbers.
- Strengthening rules to prohibit the creation of Global Titles from numbers not allocated for use.
These changes aim to reduce malicious signaling and improve transparency among operators. The new regulations are set to take effect immediately after Ofcom’s final decision for rules on misuse and creating GTs from non-allocated numbers. However, the ban on leasing and creating GTs from sub-allocated numbers will come into force on January 1, 2026. By tightening control over GT usage, Ofcom intends to safeguard both UK and international telecom networks, creating a more secure and accountable mobile communication environment. The consultation period for these proposals ended on October 15, 2024.
P1 Security's Response
P1 Security has always been confronted with leased GTs in many SS7 attacks and has seen how this practice can lead to unsafe communication. As such, P1 Security is publicly supporting Ofcom's proposal and responding to its consultation with a detailed document.
Industry Efforts to Mitigate GT Leasing Risks
The GSMA has introduced a Code of Conduct to guide responsible GT leasing practices. Key measures include:
- Due Diligence:
- Operators must vet current and prospective GT lessees.
- Regular audits ensure compliance with security standards.
- Monitoring and Supervision:
- Incoming traffic should be analyzed to detect and prevent misuse.
- GT lessees' activities must adhere to established guidelines.
- Contractual Compliance:
- Roaming agreements should require compliance with the Code of Conduct.
- Existing contracts should be updated to reflect these standards.
- Elimination of Risky Practices:
- Practices like routing via non-compliant GT lessees should be discontinued.
Practical Measures for Operators
To address the risks of GT Leasing, operators should:
- Enhance Network Security: Implement robust monitoring tools to track signaling traffic.
- Increase Transparency: Ensure clear accountability for GT usage.
- Adopt Industry Standards: Support and comply with GSMA recommendations.
- Educate and Enforce: Train staff on GT leasing risks and enforce strict security protocols.
- Audit and Update Contracts: Regularly review agreements with GT lessees to ensure compliance.
Frequently Asked Questions (FAQs)
Q: What is the purpose of a Global Title (GT)?A: GTs are used for routing signaling messages in telecom networks, enabling services like roaming, call routing, and SMS delivery.
Q: Why is GT Leasing a concern?A: Leasing GTs to third parties introduces risks such as malicious signaling, lack of transparency, and potential misuse of network resources.
Q: How can operators mitigate GT leasing risks?A: Operators can adopt GSMA’s Code of Conduct, conduct due diligence, and implement robust monitoring to ensure secure operations.
Conclusion
Global Titles are indispensable for telecom operations, but their leasing introduces significant security challenges. By adhering to industry standards, conducting due diligence, and monitoring network activities, operators can mitigate these risks. A secure and transparent approach to GT leasing will ensure the integrity and reliability of global telecom networks.
P1 security's response: Global Titles and Mobile Network Security: Addressing Misuse with Ofcom's Proposals
