Iran Allegedly Tracked U.S. Troops Phones During Middle East Conflict
New reporting suggests Iranian-linked actors exploited weaknesses in global mobile networks and smartphone advertising data to track the locations of U.S. military personnel in the Middle East during the recent conflict. While officials have not publicly confirmed the full extent of the operation, cybersecurity experts say the allegations expose a serious vulnerability with implications for force protection.
Photo by Boitumelo
The next battlefield may not be in the sky.
It may be inside your smartphone.
Gear Spotlight- What Our Readers Are Picking Up
New reporting by the Financial Times, citing telecommunications data analyzed by the Mobile Surveillance Monitor research project, alleges that Iranian-linked actors tracked the phones of U.S. military personnel and contractors before and during the recent conflict in the Middle East.
According to the report, the suspected campaign relied on two well-known techniques.
The first allegedly exploited Signaling System 7 (SS7), a decades-old telecommunications protocol used by mobile carriers worldwide that has long been criticized for security weaknesses. The second reportedly involved commercially available smartphone advertising data capable of revealing users' locations.
Researchers believe the tracking attempts targeted U.S. personnel stationed at military bases and temporary locations, including hotels in Iraq, Bahrain, and other parts of the region, during heightened tensions with Iran.
If you've followed this far, here's the part that actually matters.
The reporting does not claim that Iran hacked individual phones.
Instead, investigators say the suspected operation focused on exploiting weaknesses in global telecom infrastructure and commercially available location data to determine where military personnel were located.
Security researchers say this type of surveillance can reveal troop routines, identify temporary deployments, and potentially expose military movements without ever accessing the contents of a device.
Gary Miller, a senior research fellow at Citizen Lab who reviewed portions of the telecommunications data, said Iran has the capability to obtain "real-time, immediate and continuous location information" and that it would not be surprising if SS7 vulnerabilities were used in such an operation.
The revelations have alarmed lawmakers in Washington.
Members of Congress have renewed calls for stronger protections after years of warnings that commercially available location data could be exploited by foreign adversaries. Reports indicate military officials have since implemented additional administrative controls aimed at reducing location-sharing risks on mobile devices.
Neither the Pentagon nor Iranian officials have publicly confirmed the specific allegations detailed in the report.
However, cybersecurity experts say the incident highlights how modern conflicts increasingly extend beyond missiles and drones into the digital systems people carry every day.
For troops deployed overseas, a phone designed to keep them connected could also become an intelligence tool in the hands of an adversary.
Editor's Note
The reported surveillance campaign remains based on research reviewed by cybersecurity experts and reporting from multiple news organizations. While questions remain about its full operational impact, the allegations underscore growing concerns over the use of commercial data and legacy telecommunications systems in modern warfare.