Foreign adversaries are using phone location data to track US troops overseas

A group of divided lawmakers is demanding answers from the Pentagon after US Central Command disclosed that it had received multiple threat reports indicating that foreign adversaries were exploiting available location information to target or spy on US forces overseas.

In a letter to Chief Information Officer Kirsten Davies, lawmakers led by Sen. Ron Wyden, D-Ore., and Rep. Pat Harrigan, RN.C., warned that the Pentagon “has not taken basic steps to protect US military personnel from the massive intelligence and security threat posed by the collection and sale of personal information, including data brokers.”

Lawmakers cited information provided by the US Central Command, which told Congress that it had “received numerous threatening reports about the adversary’s exploitation of commercial location data to target or target US personnel in theater.”

The warning centers on the industry’s largest commercial data vendor, which collects and sells location data generated by smartphones, apps and advertising networks. Lawmakers say adversaries could buy or obtain that data and use it to identify military installations, monitor troop movements or track individual service members.

HACKERS SEEK HUGE BREAK OF COMPANY THAT TRACKS AND SELLS LOCATION DATA OF AMERICANS

After revealing that CENTCOM had received multiple reports of threats involving adversaries exploiting commercial location data, lawmakers argued the Pentagon had failed to address a threat that had been known for years.

“That foreign adversaries are still able to purchase location data collected from the phones of US personnel operating in hot spots is a direct result of DOD leadership’s failure to prioritize this threat and implement reasonable defenses recommended by the agency’s cybersecurity experts,” the lawmakers wrote.

According to the letter, CENTCOM told lawmakers it removed the ability to disable location-sharing controls on government-issued smartphones in May. Lawmakers also said advertising identifiers — unique tracking numbers used by advertisers and data vendors to track devices across apps and services — remain active on government-issued devices despite longtime recommendations from cybersecurity agencies to disable them.

ALLSTATE SUED FOR ALLEGEDLY TRACKING AND SELLING LOCATION DATA OF 45M AMERICANS

Lawmakers have urged the Pentagon to disable advertising identifiers on all government-issued smartphones and issue guidance requiring employees to do the same for personal devices used overseas or on military installations. They also called on the Department of Defense to replace web browsers that facilitate the collection of advertising-related data with privacy-focused alternatives that include anti-tracking protection.

The Pentagon has been grappling with the security implications of commercially available location data for years. In 2018, fitness tracking app Strava improperly revealed the locations and movement patterns of soldiers after publishing a global heat map of users’ activity. Similar concerns later arose involving eligibility and location-based apps that exposed military installations and, in some cases, could be used to target individual service members.

The Department of the Army then issued guidance restricting the use of apps and devices that share geolocation data in operational environments. But lawmakers argue that the department has not fully implemented basic safeguards designed to limit the collection and sale of location information in the first place.

Fox News Digital has reached out to the Pentagon for comment.

Cybersecurity experts say the concern goes beyond fitness tracking apps.

Lawmakers cited information provided by the US Central Command, which told Congress that it had “received numerous threatening reports about the adversary’s exploitation of commercial location data to target or target US personnel in theater.” (Jonathan Klein/AFP via Getty Images)

The commercial data ecosystem collects large amounts of location information generated by smartphones, mobile applications, advertising technology systems and other digital services.

“Foreign adversaries of the United States have many opportunities to exploit commercial location data on Americans, because so much location data is being collected, shared, sold, intercepted, and more in the commercial market for millions of Americans every day,” Justin Sherman, CEO of research and advisory firm Global Cyber ​​Strategies, told Fox News Digital.

Sherman said foreign adversaries can gain access to location data through data brokers, digital advertising networks and other commercial programs that collect and sell information about users’ movements.

“If you are one of the foreign enemies of the United States, you have advanced skills in the Internet, but you see all this US data on the commercial market, you can think: ‘why are you hacking when I can’t buy?'”

“Foreign adversaries can take advantage of gaps in US privacy laws, the failure of other countries to encrypt data, and the proliferation of digital systems to obtain location data from data brokers, real-time digital ad bidding networks, and many other commercial sources,” Sherman said.

The commercial data ecosystem collects large amounts of location information generated by smartphones, mobile applications, advertising technology systems and other digital services. (Source: US Army)

Once found, Sherman said the data could be used to identify individuals, track their movements over time and create what intelligence experts call “life patterns” — detailed pictures of a person’s routines, habits and activities.

CLICK HERE TO DOWNLOAD THE FOX NEWS PROGRAM

“The sale of location data especially on Americans’ devices puts military personnel at risk, can expose their families and other people in their lives, and allow anyone with the information to see the sites they visit, map life patterns, conduct intelligence operations against them, and more,” said Sherman. “It is a serious threat to national security.”

The lawmakers’ letter raises new questions about how much commercially available data foreign adversaries have access to and whether the Pentagon’s existing defenses are sufficient to protect American soldiers operating in sensitive areas around the world.