Hostile foreign adversaries are using commercial location data to target American servicemembers in an active war zone, 2 US politicians have confirmed for the first time.

In a letter to the Pentagon signed by another 12 bipartisan members of Congress, US Senator Ron Wyden, a Democrat, and Republican Representative Pat Harrigan said that America’s foreign adversaries have exploited commercial geolocation data tied to US troops and used it to target or surveil US personnel in the Middle East.

In the attached response, the Department of War confirmed: “Yes, USCENTCOM (US Central Command) has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater.”

In other words, the data that allowed US adversaries to locate American troops and their movements was bought from a commercial broker selling smartphone advertising profiles.

Addressing the letter to the Pentagon’s Chief Information Officer, Kirsten Davies, the lawmakers are naturally demanding changes to the smartphone security posture across the US military.

That’s because the said posture is just too lax. The Pentagon confirmed that the US military personnel are allowed to use personal devices within operational areas – and that there’s no actual policy to turn off geolocation capabilities on their devices in active war zones.

The Pentagon’s own issued smartphones don’t disable advertising profiles, either. They can be edited by a user.

That’s despite the fact that both iOS and Android include an opt-in privacy setting to disable this unique advertising ID, which the National Security Agency and the Cybersecurity and Infrastructure Security Agency recommend.

Probably most importantly, the Department of War seemingly knew about the issue for a decade.

The letter says that government contractors briefed military leadership on the ease of tracking smartphones owned by US troops as early as 2016.

“Commercial location data can be used to identify where US troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, as well as for counterintelligence purposes,” states the letter.

“That foreign adversaries are still able to buy location data collected from the phones of US personnel serving in military hotspots is a direct result of DoD leadership’s failure to prioritize this threat and implement common-sense cyber defenses recommended by federal cybersecurity experts.”

Senator Wyden’s office says that the politician and his colleagues urged the Pentagon to adopt “common-sense safeguards.”

These include disabling smartphone advertising IDs and replacing web browsers that are designed to facilitate online tracking and data collection, such as Google Chrome, with privacy-focused alternatives.

---

Unlock more exclusive Cybernews content on YouTube.