There has been a growing debate surrounding the risks posed by Home Location Register (HLR) queries. Opinions are divided. HLR query providers claim the legitimacy of “lookups” for mobile number verification, efficient SMS routing and delivery, and enablers for delivering SMS two-factor authentication. Mobile security insiders, including UK communications regulator Ofcom, oppose the use of HLR queries as an unnecessary security risk that exposes users to potential surveillance and privacy violations.
You may have read recent articles on Commsrisk about HLR queries. The first, “How the Telecoms Industry Legitimizes Theft” introduced the topic. The second examined “TransUnion and the Murky World of HLR Queries”. Extensive analysis of telemetry data from mobile signaling firewalls shows Global Title address ranges leased by HLR query providers are also exploited by surveillance actors for location tracking and comms interception. To put this into perspective, let’s examine how the US-based Somos and its UK subsidiary, XConnect, publicly position themselves as secure and trusted providers while operating in a space long associated with privacy risks and opaque data practices.
Somos presents itself as a trusted leader within the US and global telecommunications ecosystem. Ann Berkowitz, Somos’ VP of regulation, presented at the CEPT meeting on anti-fraud last July in Copenhagen. Her slides (available for download from here) confirm that Somos administers three major US numbering databases on behalf of the Federal Communications Commission (FCC). You can’t get more trusted than that.
Until recently, Somos’ website stated that they were:
Building Trust Through Innovative Solutions… [while] bad actors are replete with opportunities to defraud individuals and organizations alike.
This was reinforced with the following claim:
As a leading provider of information that drives trusted global connections, we’re developing solutions that will target and mitigate fraud, bringing trust back to the world of telecom. Our technologies and databases enable, strengthen, and protect digital identity of all kinds, from phone numbers to IoT assets.
Somos’ website has since been pared back. References to bad actors have been removed but they continue to emphasize their role in maintaining trust. Somos certainly goes to great lengths to project themselves as reputable: FCC-trusted, industry-certified, and committed to transparency. But would a company with such credentials really traffic in HLR queries, the same kind that covertly engage in services to extract subscriber data from mobile networks, monetize it, and redistribute it under the radar? Or is that the business practice that mobile telecoms have come to normalize?
Per the current version of Somos.com/HomeLocationRegistry, their business is trading in HLR data. The page openly references HLR lookups. The concern remains; a company that presents itself as a trusted service provider is simultaneously engaging in network queries long associated with surveillance. When a company offers user-identifiable data services to third parties while branding it as “mobile intelligence,” the industry should take notice.
At this point, you might be asking: how did a company like Somos end up trading in HLR data? One possibility is that they secured explicit consent from approximately 1,000 mobile operators to access and monetize their signaling data. While that’s theoretically possible, it’s highly improbable.
The more likely explanation can be found on the website of XConnect, a small British firm that Somos quietly acquired in 2021 for an undisclosed sum. A closer look reveals that a significant portion of Somos’ current product offerings appears to be lifted directly from the XConnect website. The XConnect website and LinkedIn pages offer a level of transparency, revealing what Somos branding deliberately leaves out.
On LinkedIn, XConnect boasts to operators that they:
enable you to meet your industry obligations.

That raises the question: does XConnect even meet its own data privacy obligations? To explore this, let’s turn to remarks made by Cathal Mc Daid, the respected CTO of ENEA, who responded to Commsrisk’s earlier article about HLR queries. His reply referenced a post of his own that draws attention to relevant GSMA rules regarding HLR usage.
This is contained in multiple GSMA interworking documents, one example below is taken from GSMA BA.27 — Charging Principles, which essentially states:
- Interrogation or HLRs is not permitted unless it has been agreed between two parties in their roaming or interworking agreements
- For avoidance of doubt, IMSI or Node information that could compromise the privacy or location of subscribers must not be disclosed, subject to the relationship established by the parties
- Reselling of results of the queries is not allowed, only by the owner of the HLR, or any parties authorised by the owner of the HLR
- Any breach of this could lead to suspension or roaming/interworking agreements
The rules are clear and weren’t imposed by regulators but written by mobile operators themselves. It’s possible Somos was unaware of HLR query implications when it acquired XConnect. But suggesting that would require a level of naivety that’s hard to reconcile with Somos’ brand positioning as a trusted steward of telecom services.
Buried in older press releases are details that provide more clarity. On June 28, 2022, a full year after the acquisition, it was announced that “XConnect Launches new Global HLR Information Services to Ensure the Delivery of High-Value Voice and Messaging Traffic for Service Providers”. The services were described as supporting data privacy, security, and operator monetization. In short, Somos didn’t just inherit XConnect’s HLR query service. It approved, promoted, and integrated it into its own business strategy.
That press release included the following statement from Eli Katz, CEO of XConnect:
“HLR access by third parties has recently gone through a technical evolution, with the implementation of firewalls and policy enforcement that have solved issues of the past around security, misuse and fraud. Due to these technology advances, HLR sourced information can now be made available to enable the delivery of A2P traffic,” said Eli Katz, founder and CEO at XConnect. [my emphasis]
Katz’s statement defies logic. The notion that mobile operators would invest millions in signaling firewalls only to permit third parties to interrogate and extract their HLR data is not just misleading. It fundamentally misrepresents the principles of network security. Moreover, the expanse of GT leasing activity has contributed to tens of millions of malicious HLR attacks in the past year alone.
Here’s what we know: Somos acquired a company that actively trades in HLR queries. Somos promotes those capabilities on its own website. And if that weren’t clear enough, Somos CEO Gina Perini even liked a social media announcement that highlighted the extent of XConnect’s HLR coverage.
Let’s be honest, blaming this on ignorance would be a stretch.
In my next post on this subject, I’ll take a forensic look at the operation of XConnect’s HLR business.



