U.S. military personnel in the Middle East are at risk of being surveilled and targeted through the geolocation data on their smartphones, according to a recent disclosure by the U.S. Central Command (CENTCOM). In a letter shared with lawmakers on April 14, CENTCOM confirmed it had received multiple reports of adversaries exploiting commercial location data to target or surveil U.S. personnel in active war zones. The disclosure was first reported by Reuters on May 28.
A bipartisan group of 14 lawmakers, including Sens. Ron Wyden (D-OR) and Martin Heinrich (D-NM), expressed concern that the Department of Defense (DoD) is not adequately safeguarding service members' lives. In a letter to War Department Chief Information Officer Kirsten Davies, they warned that commercial location data can be used to identify troop movements and patterns, enabling adversaries to launch attacks such as missiles, drones, and roadside bombs. The lawmakers also highlighted the potential for counterintelligence exploitation.
The threat stems from the widespread use of location data in digital advertising, which is collected by apps and service providers before being sold to data brokers. Although the DoD has not provided further specifics, CENTCOM's area of responsibility includes the Gulf, where U.S. forces are engaged with Iranian military forces over the Strait of Hormuz. The lawmakers noted that their efforts to obtain more information from military officials about the reported targeting had been unsuccessful.
The disclosure comes amid ongoing U.S. strikes on Iran and concerns about Iran's cyberattacks. Homeland Security Chairman Rep. Andrew Garbarino (R-NY) recently stated that Iran targets the U.S. daily through cyberattacks and would conduct physical attacks if possible.
Sen. Wyden called for treating the adtech industry as a national security threat, emphasizing the need for stronger cyber defenses. The Pentagon did not respond to requests for comment.