- The Pentagon has confirmed that America’s foreign adversaries exploited commercially available smartphone location data to track American troops in war zones.
- This disclosure comes despite nearly a decade-old warnings about the risks of smartphone tracking by government contractors.
- The problem persists because the Department of Defense does not require users to turn off geolocation in war zones, and smartphones continue to transmit advertising IDs even when personalized ads are disabled.
America’s foreign adversaries have been able to purchase commercial smartphone data that allows them to track troop movements in theaters of war, including the Middle East, due to a lack of oversight by the Department of Defense (DoD), even as the Pentagon has confirmed such incidents.
The recognition comes at a time when lawmakers, led by Sen. Ron Wyden and Rep. Pat Harrigan, criticized the Defense Department for failing to enforce stronger security protocols for smartphones.
In a letter to DoD CIO Kirsten Davies, they noted that both personal and government-issued devices still transmit advertising IDs that can be used to locate personnel around the world.
A decade-long list of worries
The Pentagon has been aware of the threat to its operational security and, consequently, the safety of its soldiers for at least a decade, as Senator Wyden noted in what reads as a scathing admonition for its perceived lack of response to a glaring security problem:
“[The] “The Department of Defense has reportedly been aware of this threat since at least 2016, when a government contractor briefed Joint Special Operations Command officials and demonstrated the ability to track phones traveling from U.S. special operations bases in the Middle East.”
DOD’s slowness on this issue is seen as a “failure to prioritize this threat,” even as its Bring Your Own Device (BYOD) policy appears to be at odds with operational security (OPSEC) needs.
For context, the military is phasing out government-issued devices in favor of the aforementioned BYOD policy and aims to close the gap by mandating a mobile device management (MDM) policy, which it is still implementing to address some of its security concerns.
It is pertinent to note that even government-issued devices remain a security risk because they do not disable advertising profiles that allow tracking abroad. Any interested party, including foreign adversaries, can purchase these online profiles through commercial data brokers.
A recognition without a solution for now
The Pentagon noted that its current guidance does not always result in disabling geolocation, even as it admitted it had “received multiple threat reports regarding adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.”
Even as this information and warnings are shared in public and private forums, the Pentagon has yet to develop a concrete solution that fully addresses the problem, even as pressure from Congress intensifies.
It is also not the first time in recent weeks that the US military has been reported to have abandoned its security protocols within its own ranks, with a damning report indicating that up to 70,000 sensitive files remained exposed in an open directory listing.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
