Inside the Military Phone Tracking Crisis That Pentagons Top Brass Ignored

Inside the Military Phone Tracking Crisis That Pentagons Top Brass Ignored

Iranian-backed entities tracked US military personnel and contractors in the Middle East during recent conflicts by exploiting a combination of global telecommunications roaming vulnerabilities and commercial smartphone advertising databases. This dual-threat strategy allowed adversaries to bypass standard military security protocols without actually hacking the soldiers' devices. Instead, they tapped into the deep flaws of the Signalling System No 7 (SS7) roaming network and harvested the target's digital exhaust from ad networks.

This silent surveillance method bypassed traditional defensive measures, turning the everyday smartphones in soldiers' pockets into active beacons. The security failure exposes a critical gap between military operational security and the commercial realities of global telecommunications.

The Legacy Protocol Weaponized Against Modern Troops

For decades, global mobile networks have relied on a signaling protocol known as Signalling System No 7. It is old. Designed in the 1970s, SS7 is the foundational infrastructure that allows different mobile operators to talk to one another, making sure that when you step off a plane in a foreign country, your phone automatically connects and routes your calls. It was built on trust, assuming that only legitimate telecom operators would ever access the network.

That trust is now a national security threat. Iranian mobile phone operators maintain roaming agreements across the Persian Gulf and the wider Middle East. By abusing these legitimate agreements, actors connected to Tehran have been able to send what are called SS7 pings directly into regional networks.

These pings do not require a phone to be compromised by spyware. They simply ask the network where a specific phone is located to route a hypothetical call or text message. When the regional network responds, it reveals the approximate location of the target device, often down to the specific cell tower.

Data compiled by the Mobile Surveillance Monitor research project showed a massive surge in these suspicious SS7 requests targeting regional networks right as geopolitical tensions escalated. The queries were not random. They were highly targeted attempts to pinpoint the exact locations of specific devices belonging to US contractors and service members deployed in hotspots.

The Commercial Ad Network Backdoor

While the SS7 exploit targets the telecom infrastructure itself, a second, equally devastating vulnerability lies in the apps running on top of those networks.

Every modern smartphone generates a unique string of numbers called a Mobile Advertising ID. This identifier is designed to help advertisers track your preferences across different apps and websites so they can serve you targeted ads. However, these IDs also broadcast precise location coordinates, movement patterns, and behavioral profiles back to commercial ad servers.

This data is bought, packaged, and sold by private data brokers. It is entirely legal, unregulated, and available to anyone with a credit card.

During the buildup to regional clashes, Iranian-linked entities utilized commercial advertising databases to track devices inside Iraqi Kurdistan. By geofencing specific coordinates—such as hotels known to house US government staff, military bases, or transit routes—and cross-referencing those areas with active advertising IDs, adversaries could map out exactly who was staying where.

Digital surveillance of this nature does not operate in a vacuum. It acts as the initial filter in a multi-layered intelligence pipeline. Once ad-tech databases and SS7 pings identify a high-density cluster of active US devices at a specific hotel or temporary base, adversaries can deploy human spotters, monitor local social media posts, or direct drone strikes to those precise coordinates.

A Pentagon Blind Spot of Epic Proportions

The most alarming aspect of this vulnerability is that the Pentagon has known about it for years.

Back in 2017, the fitness tracking app Strava published an interactive global heatmap of its users' runs, inadvertently drawing bright, glowing outlines around secret US military outposts in Syria, Afghanistan, and the Horn of Africa. The Department of Defense responded by banning the use of wearable devices and geolocating apps in active operational areas.

Yet, that ban addressed only the surface of the problem. A simple app ban does nothing to stop the background tracking built into the operating systems of the phones themselves.

A bipartisan coalition of lawmakers recently warned that the Pentagon has failed to implement basic cyber defenses to protect troops from this exposure. Shockingly, US Central Command confirmed that unique advertising IDs are still not deactivated on government-issued smartphones. While the National Security Agency and the Cybersecurity and Infrastructure Security Agency have long recommended disabling these tracking numbers, bureaucratic inertia has left the setting active on thousands of official military devices.

Compounding this issue is the reality of the modern battlefield. Soldiers and contractors routinely carry personal, unmanaged smartphones alongside their government-issued gear. These personal devices run standard social media, navigation, and gaming apps that constantly leak location data to the open market.

To shut down this threat, the military must treat commercial data and cellular roaming vulnerabilities with the same urgency as active electronic warfare. This means enforcing the automatic deactivation of advertising IDs on all military-associated hardware, mandating privacy-first web browsers that block tracking networks, and routing cellular traffic through secure, obfuscated networks when operating in high-risk zones. Until these steps are taken, every soldier deployed overseas carries a tracking device that the enemy can query at will.

SY

Savannah Yang

An enthusiastic storyteller, Savannah Yang captures the human element behind every headline, giving voice to perspectives often overlooked by mainstream media.