
Iran exploited mobile network flaws to locate U.S. troops during war, tracking data reveals
Mobile surveillance data released on Tuesday shows Iran abused SS7 protocol and advertising databases to pinpoint American personnel in Bahrain, Iraq, and across the Gulf before and during the conflict.
The surveillance campaign
In the build-up to the US-Israeli assault on Iran in late February 2026 and during the early days of the war, mobile networks across the Middle East were hit by a wave of location-tracking requests targeting US military phones, according to data from the Mobile Surveillance Monitor research project. The signals, known as SS7 pings, sought to locate specific devices roaming on local networks. Two cybersecurity experts who reviewed the data described the activity as a coordinated campaign.
Methods: SS7 and ad tech
The attackers exploited Signaling System 7 (SS7), a decades-old protocol that underpins 2G and 3G network roaming, to request location information. Gary Miller, a senior research fellow at Citizen Lab and founder of the non-profit behind the Mobile Surveillance Monitor, said the data was indicative of a "coordinated attack campaign." A separate tracking technique relied on commercially available advertising databases; a US official speaking anonymously told the Financial Times that actors linked to Iran had abused those databases to track phones in Iraqi Kurdistan. Gulf officials also suspected that Iran or its allies leveraged roaming agreements with local providers to find American personnel.
Iran absolutely has capabilities to get real-time, immediate, and continuous location information. It would surprise me very much if Iran were not using SS7, or mobile network access in the region, to track US users.
Impact and injuries
During the war, Iran and Iran-backed militias struck several hotels in Iraq and Bahrain, including the base of the US Navy's Fifth Fleet, injuring several American contractors and personnel. The tracking activity preceded those strikes, though experts have not yet directly linked specific surveillance events to particular attacks. The data suggests tens of thousands of US service members stationed in the Gulf were potentially exposed.
Iran has become quite creative in the last couple of years, and especially in this conflict. For me, this signals a step up in sophistication.
Response from US officials
The US Central Command told Congress in April 2026 that it had "received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theatre." The disclosure alarmed lawmakers such as Senator Ron Wyden of Oregon, who have warned that roaming systems and smartphone ad technology leave the military vulnerable. A separate intelligence effort to locate troops relied on monitoring hotel reviews and social media postings by personnel.
- US and Israel launch joint military assault on Iran
- Iran retaliates with missile and drone strikes against US forces and installations across the region
- US Central Command notifies Congress of adversary exploitation of commercial location data
- Mobile Surveillance Monitor publishes data on SS7 pings showing a coordinated tracking campaign
What remains unknown
Cybersecurity specialists emphasize that digital surveillance was likely one of several intelligence streams Iran used to identify targets, alongside human spotters and open-source information. The Mobile Surveillance Monitor's data cannot independently attribute specific attacks to the SS7 activity, and further investigation is required. However, the episode underscores the persistent security gaps in global mobile networks that state actors continue to exploit.


