- Iranian hackers exploited Middle Eastern telecom flaws to locate US personnel phones
- SS7 pings were used to track phones roaming outside their home networks
- Iran used mobile network access to target specific US military devices
Iranian hackers have reportedly exploited the vulnerability of the outdated Middle Eastern telecom infrastructure to locate the phones of US personnel and contractors in the region. The Mobile Surveillance Monitor, a research initiative that studies mobile espionage, has detected that Middle Eastern telecom networks have been receiving a wave of requests seeking to pin down the locations of specific phones roaming outside their home networks.
Gary Miller, a cybersecurity researcher who founded the nonprofit, told The New York Times that the data was indicative of a "coordinated attack campaign."
The malicious cyberattacks came in the build-up to the US-Israeli war against Iran that started late February and continued in the early days of the conflict, when Tehran retaliated with missile and drone strikes against US military installations around the region, according to a Financial Times report.
Autonomy of Iranian Attacks
Tens of thousands of US military personnel are stationed across the Middle East, including in Bahrain, where, according to Miller, telecommunications networks were flooded with information requests called SS7 pings -- a silent query sent through the global telecommunication network to locate a target phone or confirm whether it is active and roaming.
Officials in the Gulf believe Iran or its allies are exploiting roaming agreements with local phone providers to try to locate US personnel, the FT reported.
"Iran absolutely has capabilities to get real-time, immediate, and continuous location information. It would surprise me very much if Iran were not using SS7, or mobile network access in the region, to track US users," said Miller.
He further noted that at least some of the blocked tracking attempts in the data can be linked to an Iranian mobile phone operator, creating a fingerprint that matches several others
"This appears to be very specific user targeting. They are targeting specific devices," Miller added.
Iran's Attacks On US Bases
Backed by its regional militias, Iran has attacked several hotels in Iraq, Bahrain-- base of the US Navy's Fifth Fleet -- and other areas in the Middle East during the war. On some occasions, US contractors and personnel have been injured in these attacks.
Talking to the NYT, Nikita Shah, a cybersecurity researcher at the Centre for Strategic and International Studies, noted that Iran's use of phone network signals to locate targets points to the advancements in its cyberwarfare capabilities, posing a potential danger to US personnel stationed within striking distance of Iranian missiles.
"Iran has become quite creative in the last couple of years, and especially in this conflict. For me, this signals a step up in sophistication," Shah said.
Lawmakers' Warning
Advertising IDs assigned to smartphones by the device manufacturer have made it possible for years to locate a specific phone or a cluster of devices, and the United States has abused ad tech for surveillance.
But the prospect of enemies stalking US personnel has alarmed American lawmakers back home, who have warned that smartphone ad tech has left the military vulnerable to attack.
Ron Wyden, a Democratic senator from Oregon, noted that this attack would mark the first time US adversaries used commercial location data to target American personnel in war.
"For years I've warned both Democratic and Republican administrations about the national security threat posed by foreign adversaries tracking the phones of US personnel," Wyden told the FT.
He noted that Tehran has been reported to have used that method in the past, citing a presentation by the Department of Homeland Security that identified Iran as among the "primary countries" using SS7 to target "US subscribers."
Pat Harrigan, a Republican lawmaker from North Carolina, said he is proposing legislation to stop tech companies from selling the “digitalised footprint” of US government employees.
“The capability and the threat . . . exist. If it continues to be exploited, and it's exploited properly, it could be catastrophic,” Harrigan told the FT.
US Military's Defence
In April, US Central Command (CENTCOM) told Congress that it had "received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater."
However, CENTCOM said it "took unprecedented force-protection measures that we are unable to discuss in order to ensure that our forces remain safe."
Furthermore, a US official told FT that "any claim suggesting data tracking played a significant role in attacks...is a departure from the facts."