Iran hacked mobile phone networks across the Middle East to track the locations of US military personnel and contractors during the recent conflict. The alleged campaign has renewed concerns about cybersecurity, surveillance, and the protection of sensitive location data.
The US military personnel and contractors were targeted through a coordinated phone-tracking operation before and during the conflict. Cybersecurity experts said the activity appeared designed to identify the locations of specific mobile devices used by American personnel.
Cybersecurity Experts Highlight Tracking Methods
According to the report, telecommunications providers across the region detected and blocked repeated requests known as SS7 pings. These requests can reveal the approximate location of mobile phones roaming outside their home networks.
Two cybersecurity specialists who reviewed the data told the newspaper that the tracking activity appeared to be coordinated. Gary Miller, a senior research fellow at Citizen Lab, said Iran possesses the capability to obtain real-time location information through mobile networks. He added that he would not be surprised if Tehran had used SS7 technology or regional mobile network access to monitor US users.
The report stated that the tracking attempts began before the US-Israeli military operation against Iran in late February and continued during the early stages of the conflict, when Iran launched missile and drone attacks on US military facilities across the Middle East.
Officials Raise Security Concerns
A source familiar with the matter told the Financial Times that Gulf officials believed Iran or groups allied with Tehran may have exploited roaming agreements with regional mobile operators to locate US personnel.
Separately, an anonymous US official claimed that individuals linked to Iran also used commercially available smartphone advertising databases to identify devices in Iraq’s Kurdistan region. The report added that commercial advertising technology may have been used to locate hotels housing US government employees and contractors.
US Central Command told Congress in April that it had received multiple reports of adversaries attempting to exploit commercial location data. However, officials said force-protection measures had reduced potential risks, and there was no evidence that the tracking significantly contributed to attacks on US personnel.
The Iranian embassy in London did not immediately respond to requests for comment.
The report has also renewed calls in Washington for tighter regulation of commercial smartphone location data. Several lawmakers urged stronger restrictions on technology companies to prevent the sale of sensitive location information linked to government personnel and national security operations.
