Did Iran track US troops? Tehran allegedly exploited mobile networks during war: Report
US military personnel and contractors based in West Asia were allegedly targeted in a coordinated cyber-enabled surveillance campaign during the Iran war, with Tehran-linked actors
US military personnel and contractors based in West Asia were allegedly targeted in a coordinated cyber-enabled surveillance campaign during the Iran war, with Tehran-linked actors exploiting vulnerabilities in global telecom networks and commercial smartphone data to track their locations, according to a report by the Financial Times. The surveillance campaign unfolded in the weeks leading up to the US-Israeli military operation against Iran in late February and continued after Tehran launched drone and missile attacks on American military installations across the Middle East, the report said, citing telecommunications data from the Mobile Surveillance Monitor research project. According to the research project, mobile networks across West Asia recorded a surge in suspicious location requests known as SS7 pings, queries sent through the Signalling System No. 7 (SS7), a decades-old telecommunications protocol that allows mobile operators to exchange information when subscribers roam outside their home networks. How SS7 enables tracking Cybersecurity experts who reviewed the data told the Financial Times that the volume and pattern of the requests suggested a coordinated effort to identify the locations of specific mobile devices.
SS7 underpins global telecom roaming services but has long been criticised for security weaknesses that allow entities with legitimate network access to determine the approximate location of a mobile phone. Since Iranian telecom operators maintain roaming agreements with networks across the Gulf and the wider Middle East, they possess the technical capability to send such requests beyond Iran's borders, the report said. "Iran absolutely has capabilities to get real-time, immediate, and continuous location information. It would surprise me very much if Iran were not using SS7, or mobile network access in the region, to track US users," Gary Miller, senior research fellow at cybersecurity watchdog Citizen Lab, was quoted by the Financial Times as saying. Apart from exploiting telecom infrastructure, Iran-linked actors are also suspected of using commercially available smartphone databases to identify the locations of devices, particularly in Iraq's Kurdistan region, according to a US official cited by the newspaper. A CENTCOM warning in April Investigators have not established a direct connection between the digital surveillance campaign and any specific missile or drone strike.
However, several attacks during the conflict targeted hotels in Iraq, Bahrain, home to the US Navy's Fifth Fleet, and other Gulf locations where American military personnel and contractors were present, raising concerns that digital tracking may have aided Iranian targeting efforts. The US Central Command (CENTCOM) had warned Congress in April that it had received "multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theatre". CENTCOM said it had implemented "unprecedented force-protection measures" to safeguard American troops but declined to disclose operational details. A US official also told the Financial Times that any suggestion that digital tracking played a significant role in attacks "is a departure from the facts". The findings have renewed scrutiny of longstanding vulnerabilities in mobile telecommunications systems. Growing sophistication in Iran's cyber capabilities According to The New York Times, data released by the Mobile Surveillance Monitor showed a wave of SS7 signalling requests across multiple Middle Eastern telecom networks at the onset of the conflict.
