Back

U.S. Troops' Location Data Compromised by Adversaries via Commercial Geolocation

Severity: High (Score: 72.0)

Sources: www.reuters.com, Theregister, www.wyden.senate.gov, Technadu, Techcrunch

Published: 2026-05-28 · Updated: 2026-05-29

Keywords: data, location, troops, adversaries, targeted, commercial, phones

Summary

The U.S. Department of Defense confirmed that foreign adversaries exploited commercial geolocation data linked to U.S. troops, allowing them to target military personnel in the Middle East. Lawmakers, including Senator Ron Wyden, have called for immediate changes to smartphone security protocols within the military. The exploitation occurred through smartphone advertising profiles purchased from data brokers, revealing a significant operational security failure. Despite warnings dating back to 2016 about the risks of tracking military smartphones, no policy currently mandates disabling geolocation on personal devices in active war zones. The DoD's Mobile Device Management system does not fully disable advertising profiles on government-issued smartphones. This incident raises serious concerns about the security of military operations and the potential for targeted attacks against U.S. forces. Key Points: • Foreign adversaries exploited U.S. troop geolocation data from commercial sources. • Lawmakers demand urgent changes to military smartphone security protocols. • Current policies do not require disabling geolocation on personal devices in war zones.

Detailed Analysis

**Impact** U.S. military personnel deployed in the Middle East, specifically under U.S. Central Command (USCENTCOM), have had their location data compromised through commercial geolocation sources. This exposure has enabled foreign adversaries to target or surveil troops, potentially facilitating attacks such as missile strikes, drone operations, and roadside bombings. The data at risk includes smartphone advertising profiles and geolocation telemetry tied to both personal and government-issued devices. The scope includes multiple active war zones and affects all branches of the U.S. military using smartphones in these areas. **Technical Details** Adversaries exploited commercial location data obtained from smartphone advertising profiles purchased from data brokers. The data was sourced from both personal and government-issued devices, with no enforced policy requiring servicemembers to disable geolocation in operational theaters. The DoD’s Mobile Device Management (MDM) disables personalized advertising but does not fully disable ad targeting information or location services, which remain editable by users. No malware, CVEs, or specific infrastructure details were disclosed. This exploitation corresponds to the reconnaissance and weaponization stages of the kill chain. **Recommended Response** Immediate enforcement of policies requiring disabling of geolocation services on all devices in operational areas is critical. Accelerate deployment and completion of the new MDM solution capable of fully disabling location services on government-issued devices. Limit or restrict use of personal devices (BYOD) in active war zones until security controls are verified. Monitor commercial data broker activity for potential leaks of military-related geolocation data and implement detection for anomalous access or sharing of device advertising IDs.

Source articles (5)

  • U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’ — Techcrunch · 2026-05-28
    The U.S. Department of Defense has confirmed that adversaries have targeted and surveilled serving military personnel on the battlefield using commercial location data, the latest demonstration of how…
  • Troops’ phones gave away location data to foreign adversaries — Theregister · 2026-05-28
    Lawmakers push DoD to tighten smartphone controls after adversaries exploited commercial tracking data Getting the location of troops at war might be as easy as buying the data from a legitimate busin…
  • Adversaries Exploit U.S. Troop Geolocation Data via Ad Profiles — Technadu · 2026-05-29
    Lawmakers report that America’s foreign adversaries exploited commercial geolocation data tied to U.S. troops, using it to target or surveil U.S. personnel in the Middle East. In response to this seve…
  • Pentagon Says Us Military Personnel Are Reportedly Being Targeted Using Location 2026 05 28 — www.reuters.com · 2026-05-28
  • Foreign Adversaries Are Using Commercial Location Data To Target Us Servicemembers In The Middle East Wyden Harrigan And 12 Other Bipartisan Members Of Congress Reveal Members Call On Department To Adopt Commonsense Safeguards To Protect Us Troops — www.wyden.senate.gov · 2026-05-29

Timeline

  • 2016-01-01 — Warnings issued about smartphone tracking risks: Government contractors informed military leadership about the ease of tracking military smartphones, highlighting potential vulnerabilities.
  • 2026-04-01 — DoD confirms exploitation of location data: The DoD acknowledged multiple threat reports regarding adversaries using commercial location data to surveil U.S. personnel.
  • 2026-05-26 — Congressional letter sent to DoD: Senator Wyden and other lawmakers urged the DoD to enhance smartphone security for military personnel.
  • 2026-05-29 — Public announcement of location data exploitation: The DoD publicly confirmed the misuse of commercial geolocation data, prompting calls for policy changes.

Related entities

  • Apt45 (Apt Group)
  • Data Breach (Attack Type)
  • Operation Epic Fury (Campaign)
  • NASA (Company)
  • U.S. Central Command (Company)
  • U.S. Department Of Defense (Company)
  • Iran (Country)
  • Poland (Country)
  • United States (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Government (Industry)
  • Geolocation (Platform)
  • Mobile Device Management Server (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed