ThinkPatternGet the app
Story
WORLD · JUL 14, 2026

Iran Tracked US Military Personnel via SS7 and Commercial Data

Iran exploited mobile network vulnerabilities and commercial advertising databases to track U.S. military personnel and contractors during a Middle East conflict.

The government of Iran conducted a coordinated phone-tracking campaign targeting U.S. military personnel and contractors during a conflict that began in late February 2026. Iranian-linked actors exploited vulnerabilities in the decades-old Signaling System 7 (SS7) protocol to send pings to phones roaming on regional networks and abused commercial smartphone advertising databases to locate devices, specifically within the Kurdistan region of Iraq.

These intelligence operations coincided with Iranian missile and drone strikes on hotels housing U.S. personnel in Iraq and Bahrain, including the Manama Crowne Plaza. While some reports indicate these tracking efforts enabled strikes that caused several injuries, U.S. Central Command denied that location tracking played a significant role in the attacks. The command informed Congress in April that it has since implemented force-protection measures to mitigate the risk of commercial data exploitation.

U.S. lawmakers criticized the military for failing to secure devices, noting that personnel often used personal smartphones instead of secure government-issued phones. This created a digital exhaust that adversaries could analyze. In response, members of Congress have called for stronger digital safeguards and legislation to prevent technology companies from selling the digital footprints of government employees.


Reported across 8 outlets
Actors
Government of IranUnited States Central CommandRon WydenPat HarriganGary Miller

Keep reading in the app

The full story and every source, free in the app.

Download on the App StoreComing soonGoogle Play