Iran reportedly exploited an old technical weakness in mobile networks to track the locations of US troops and contractors deployed in the Middle East. According to the report of Financial Times, SS7 network protocol and mobile ad technology were used for this. It is claimed that through this method the location of people present in American military bases and hotels in Iraq, Bahrain and other countries was ascertained. These activities were seen before and in the initial days of the conflict between America, Israel and Iran. However, US officials have said that data tracking did not play any significant role in the attacks. Meanwhile, cyber security experts called it a sign of Iran's increasing cyber espionage capability.
The Financial Times, quoting mobile surveillance monitors and government officials with knowledge of this campaign, has claimed that Iran took advantage of the weaknesses of SS7 i.e. Signaling System 7. SS7 is the same protocol that has been used for years to route calls and messages between 2G and 3G mobile networks. According to the report, through this technology, an attempt was made to find out where the phone is located and on which network it is roaming by sending SS7 ping to specific mobile numbers. Cyber security expert Gary Miller called it a coordinated tracking campaign.
The report says that Iran used not only SS7 but also the advertising technology used in smartphones. Efforts were made to find out the location of American soldiers and contractors through roaming arrangements and advertising IDs of mobile companies. According to mobile surveillance monitors, a large number of SS7 pings were recorded on the networks of several Middle Eastern countries, including Bahrain. It is claimed that during this period, there were attacks on American bases and hotels in Iraq, Bahrain and other places, in which some soldiers and contractors were also injured.
According to the Financial Times report, Nikita Shah, a cyber security researcher at the Center for Strategic and International Studies, said that this incident indicates further development of Iran's cyber capability. US MP Ron Wyden said that he has been warning in the past also about the danger of mobile tracking of American personnel by foreign countries. Republican MP Pat Harrigan has talked about introducing legislation to stop the sale of digital location data of government employees. At the same time, the US Central Command told Congress that it had received information about such threats and special steps were taken to protect the soldiers. However, a US official told the Financial Times that the claim that data tracking played a significant role in the attacks was not true.