Financial Times reporting found Iran-linked actors compromised Middle Eastern mobile networks to track specific US military personnel and defense contractors before and during the 2026 conflict.
Two attack paths enabled the surveillance: SS7 roaming queries pulled real-time device locations, while commercial adtech data harvested Wi-Fi and Bluetooth signals from smartphone apps even with GPS turned off.
The campaign began during the late-February buildup and continued through active fighting, supplying telemetry in northern Iraq’s Kurdish region and across the Persian Gulf while mapping troop arrivals, departures and hotel stays.
Telecom operators blocked many suspicious queries, but analysts tied some attempts to an Iranian mobile operator and said the operation targeted known devices rather than sweeping broadly.
US lawmakers and researchers say the leaks expose structural force-protection gaps, showing how telecom weaknesses and the commercial data market can create immediate battlefield risks without hacking phones directly.
How did commercial data brokers and smartphone apps become weapons used against US soldiers in the Iran War?
Why can a 50-year-old phone vulnerability still be used to target advanced military forces in 2026?
The 2026 Iran Mobile Tracking Campaign: How Systemic Telecom Flaws Endangered US Military Personnel
Overview
During the 2026 US-Israel-Iran conflict, Iranian threat actors launched a sophisticated mobile tracking campaign by exploiting weaknesses in global mobile phone systems and commercial advertising technology. They manipulated international roaming agreements with local providers, allowing them to maintain real-time location tracking of US military personnel and defense contractors across borders. At the same time, they used advertising identifiers from smartphones to pinpoint the locations of US government employees and contractors, including specific sites like hotels, without directly compromising devices. This dual approach exposed serious operational security risks and highlighted how easily accessible commercial tools and systemic network vulnerabilities can be weaponized in conflict zones.