A new report claims Iran exploited long-known weaknesses in global mobile phone networks to track the locations of U.S. military personnel across the Middle East before and during the recent conflict.
The surveillance campaign allegedly relied on vulnerabilities in Signaling System 7 (SS7), a decades-old telecommunications protocol that allows mobile networks to exchange information for calls, text messages, and roaming services.
According to the report, Iranian operators used SS7 requests to identify the locations of smartphones connected to roaming networks in countries including Iraq and Bahrain. Researchers believe the tracking data may have helped identify military bases and hotels used by U.S. personnel, potentially supporting missile and drone attacks that followed.
The report also says Iran allegedly combined SS7-based tracking with mobile advertising technology that collects location data for targeted ads. Security experts have long warned that advertising identifiers and location data can be abused for surveillance, allowing attackers to monitor users without directly compromising their devices.
SS7 has been considered insecure for years because it was designed in an era when telecommunications providers trusted one another. Although newer mobile standards offer stronger protections, the protocol remains widely used for roaming and interoperability, leaving opportunities for location tracking if proper safeguards are not in place. Intelligence agencies from multiple countries have previously been linked to similar techniques.
The findings have renewed concerns about the security of mobile communications for government officials, military personnel, and travelers. Lawmakers and cybersecurity experts are calling for stronger protections against telecom infrastructure abuse and tighter controls on the collection and sharing of smartphone location data.





