Iranian campaign exploited global telecom flaws to track US forces
The Iranian government exploited longstanding flaws in global cellular networks and advertising technology to locate and strike US military personnel, highlighting severe vulnerabilities in the infrastructure underpinning European and global telecommunications.
The Iranian government exploited well-known vulnerabilities in global telecommunications infrastructure to locate United States military personnel in the Middle East. This surveillance campaign occurred during the build-up to the Iran War and in the early days of the conflict, according to research by the Mobile Surveillance Monitor and government officials.
The operation relied on Signaling System 7, or SS7, a set of protocols for 2G and 3G networks. This system has long served as the backbone for cellular networks connecting globally to route subscriber calls and texts. Intelligence agencies have historically abused SS7 to track cellphones abroad.
By leveraging these flaws, Iran successfully located US military forces stationed in military bases and hotels across Iraq, Bahrain, and other Middle Eastern countries. These tracking capabilities enabled the regime to strike these locations, resulting in several injuries.
Beyond legacy telecom protocols, the campaign also abused advertising technology designed to serve tailored ads to cellphone users. This represents another well-known surveillance technique that weaponises everyday digital infrastructure.
Implications for European Telecoms and Markets
The revelation poses direct challenges for European telecommunications operators and technology firms. Global mobile networks remain deeply interconnected, meaning vulnerabilities in SS7 protocols can be exploited across borders regardless of where a network is headquartered.
Investors and regulators will likely face renewed pressure to audit cross-border signaling security. The reliance on decades-old protocols for modern routing presents a systemic risk that could trigger costly infrastructure upgrades or stricter compliance mandates for mobile network operators.
Furthermore, the weaponisation of commercial advertising technology underscores a growing liability for the digital ad ecosystem. Companies that collect and process location data for targeted marketing may face heightened scrutiny from European data protection authorities.
As geopolitical conflicts increasingly intersect with commercial digital infrastructure, the boundary between civilian technology and state-level espionage continues to blur. This dynamic demands a fundamental reassessment of how global telecom and ad-tech supply chains are secured and regulated.