- The Pentagon has confirmed that foreign adversaries of the United States have exploited commercially available smartphone location data to track American troops in war zones.
- The disclosure comes despite warnings issued nearly a decade ago about the risks of government contractors tracking smartphones.
- The problem persists because the DoD does not require users to turn off geolocation in war zones and advertising identifiers are still transmitted by smartphones even when personalized ads are turned off.
The United States’ foreign adversaries have been able to purchase commercial data on their smartphones that allows them to track troop movements in theaters of war, including the Middle East, due to a lack of oversight by the Department of Defense (DoD), even as the Pentagon has confirmed such incidents.
The recognition comes at a time when lawmakers, led by Sen. Ron Wyden and Rep. Pat Harrigan, have criticized the Department of Defense for failing to enforce stricter security protocols for smartphones.
They noted that personal and government devices still transmit advertising identifiers that can be used to locate personnel around the world, in a letter to DoD CIO Kirsten Davies.
A decade-long list of concerns
The Pentagon has been aware of the threat to its operational security and, by proxy, the safety of its soldiers for at least a decade, as Senator Wyden noted in what reads as a scathing rebuke of its perceived lack of response to a glaring security problem:
“[The] The Defense Department is believed to have been aware of this threat since at least 2016, when a government contractor briefed Joint Special Operations Command officials and demonstrated the ability to track phones originating from U.S. special operations bases in the Middle East.
The Department of Defense’s slow pace on the issue is seen as a “failure to prioritize this threat”, even though its Bring Your Own Device (BYOD) policy appears at odds with operational security (OPSEC) needs.
As a reminder, the military is phasing out government-issued devices in favor of the above BYOD policy and aims to bridge the gap by imposing a Mobile Device Management (MDM) policy, which it continues to deploy to address some of its security concerns.
It is pertinent to note that even government-issued devices remain a security risk because they do not disable advertising profiles allowing tracking abroad. These profiles can be purchased online from commercial data brokers by any interested party, including foreign adversaries.
An acknowledgment of receipt without solution for the moment
The Pentagon noted that its current guidance does not always result in disabling geolocation, although it acknowledged that it has “received multiple threat reports regarding adversaries’ exploitation of commercial location data to target or monitor U.S. personnel in theater.”
Despite sharing this information and warnings in public and private forums, the Pentagon has yet to develop a concrete solution that would fully address the problem, even as pressure from Congress mounts.
This is also not the first time in recent weeks that the US military has dropped the ball when it comes to its security protocols within its own echelons, with a damning report indicating that up to 70,000 sensitive files remain exposed in an Open Directory listing.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
