US military personnel and contractors were targeted in a suspected phone-tracking campaign during the Iran war, with attackers allegedly exploiting mobile roaming systems and commercial advertising technology to locate American personnel across the Middle East, the Financial Times reported.
According to telecoms data reviewed by the newspaper and people familiar with the matter, Middle Eastern mobile networks faced repeated cyber attacks before and during the conflict, which began with the US-Israeli assault on Iran in late February and was followed by Iranian missile and drone strikes on US forces across the region.
The data, shared by the Mobile Surveillance Monitor research project, showed a surge in SS7 location requests — signalling messages that exploit long-known vulnerabilities in global mobile networks to estimate a phone's location. Cybersecurity experts who reviewed the data said the pattern suggested a coordinated effort to track specific devices.
Officials in Gulf states reportedly suspected Iran or its allies of using roaming agreements with regional telecom operators to identify US personnel. Separately, a US official told the Financial Times that actors linked to Iran had also abused commercially available advertising databases to track phones in Iraqi Kurdistan.
"Iran absolutely has capabilities to get real-time, immediate, and continuous location information," said Gary Miller, a senior research fellow at Citizen Lab. "It would surprise me very much if Iran were not using SS7, or mobile network access in the region, to track US users."
US Central Command told Congress in April that it had "received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theatre" but stressed it had taken "unprecedented force-protection measures" to protect its forces. A US official added that "any claim suggesting data tracking played a significant role in attacks . . . is a departure from the facts".
Democratic Senator Ron Wyden said the reported campaign would represent the first known case of US adversaries using commercial location data to target American personnel during wartime.
"For years I've warned both Democratic and Republican administrations about the national security threat posed by foreign adversaries tracking the phones of US personnel," Wyden said.
Republican Congressman Pat Harrigan, who is proposing legislation to restrict the sale of government employees' digital location data, warned: "The capability and the threat . . . exists. If it continues to be exploited, and it's exploited properly, it could be catastrophic."
A 2024 Pentagon Inspector General review previously found the US military had yet to fully address vulnerabilities associated with commercially issued smartphones used by service members.
By Aghakazim Guliyev
Source: caliber.az