Did Iran track US troops? Tehran allegedly exploited mobile networks during war: Report

Syrian youth look on as a convoy of US military equipment is transported near capital Damascus on April 16, 2026.

US military personnel and contractors based in West Asia were allegedly targeted in a coordinated cyber-enabled surveillance campaign during the Iran war, with Tehran-linked actors exploiting vulnerabilities in global telecom networks and commercial smartphone data to track their locations, according to a report by the Financial Times.

The surveillance campaign unfolded in the weeks leading up to the US-Israeli military operation against Iran in late February and continued after Tehran launched drone and missile attacks on American military installations across the Middle East, the report said, citing telecommunications data from the Mobile Surveillance Monitor research project.

According to the research project, mobile networks across West Asia recorded a surge in suspicious location requests known as SS7 pings, queries sent through the Signalling System No. 7 (SS7), a decades-old telecommunications protocol that allows mobile operators to exchange information when subscribers roam outside their home networks.

How SS7 enables tracking

Cybersecurity experts who reviewed the data told the Financial Times that the volume and pattern of the requests suggested a coordinated effort to identify the locations of specific mobile devices.

SS7 underpins global telecom roaming services but has long been criticised for security weaknesses that allow entities with legitimate network access to determine the approximate location of a mobile phone. Since Iranian telecom operators maintain roaming agreements with networks across the Gulf and the wider Middle East, they possess the technical capability to send such requests beyond Iran’s borders, the report said.

“Iran absolutely has capabilities to get real-time, immediate, and continuous location information. It would surprise me very much if Iran were not using SS7, or mobile network access in the region, to track US users,” Gary Miller, senior research fellow at cybersecurity watchdog Citizen Lab, was quoted by the Financial Times as saying.

Apart from exploiting telecom infrastructure, Iran-linked actors are also suspected of using commercially available smartphone advertising databases to identify the locations of devices, particularly in Iraq’s Kurdistan region, according to a US official cited by the newspaper.

A CENTCOM warning in April

Investigators have not established a direct connection between the digital surveillance campaign and any specific missile or drone strike. However, several attacks during the conflict targeted hotels in Iraq, Bahrain, home to the US Navy’s Fifth Fleet, and other Gulf locations where American military personnel and contractors were present, raising concerns that digital tracking may have aided Iranian targeting efforts.

The US Central Command (CENTCOM) had warned Congress in April that it had received “multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theatre”.

CENTCOM said it had implemented “unprecedented force-protection measures” to safeguard American troops but declined to disclose operational details. A US official also told the Financial Times that any suggestion that digital tracking played a significant role in attacks “is a departure from the facts”.

The findings have renewed scrutiny of longstanding vulnerabilities in mobile telecommunications systems.

Growing sophistication in Iran’s cyber capabilities

According to The New York Times, data released by the Mobile Surveillance Monitor showed a wave of SS7 signalling requests across multiple Middle Eastern telecom networks at the onset of the conflict. Experts who reviewed the data said it appeared consistent with Iranian efforts to locate US personnel using local mobile networks.

Nikita Shah, a cybersecurity researcher at the Center for Strategic and International Studies, told the publication that the operation reflected a growing sophistication in Iran’s cyber capabilities.

“Iran has become quite creative in the last couple of years, and especially in this conflict. For me, this signals a step up in sophistication,” she said.

US lawmakers have also raised concerns over the national security risks posed by commercially available location data.

The concerns extend beyond SS7. Former CIA official Michael Stokes told the Financial Times that modern smartphones constantly generate a “digital exhaust” containing location information, movement patterns and other metadata that can reveal sensitive information even if the device itself has not been compromised.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

18 − 16 =