:

PENTAGON IGNORED PHONE TRACKING THREAT FOR YEARS

INDUSTRY DESK2 MIN READ
FRI, MAY 29, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

The US military knew for years that adversaries could track troops through unprotected location data on their phones, but failed to implement available fixes. Now hostile forces are actively exploiting this vulnerability during active warfare.

The Pentagon has acknowledged a critical security gap that defense officials say is being weaponized against American soldiers in ongoing conflicts. Despite having knowledge of the vulnerability and access to straightforward countermeasures, the military deployed few of the necessary protections. Location data from military personnel's phones can be extracted through various means, including signals intelligence and data brokerage networks. Adversaries have reportedly used this information to target troops, presenting an immediate operational threat. Defense analysts have long flagged location data as a significant security risk. The necessary fixes—ranging from disabling location services in certain applications to deploying signal-blocking technology—exist and are relatively inexpensive to implement. Yet adoption across the military has remained minimal. The gap between known risks and implemented solutions highlights systemic issues in military cybersecurity protocols. While some units have instituted stricter device policies, comprehensive guidance and enforcement remain inconsistent across commands. Military officials have begun addressing the problem, issuing new guidance to reduce reliance on phones in sensitive operational areas and recommending location-limiting measures. However, these steps come after years of documented warnings from security specialists. The issue underscores a broader challenge: translating security knowledge into institutional practice across a sprawling organization. The military's IT infrastructure spans millions of devices across diverse units with varying technical capabilities and compliance levels. Defense Department representatives confirmed the threat in recent statements but declined to specify which adversaries are exploiting the vulnerability or provide detailed casualty figures. The acknowledgment marks a significant shift from earlier dismissals of the threat's urgency. Military personnel have been advised to review device settings and restrict location-sharing capabilities, particularly on social media and messaging applications. Additional operational security measures are under review.

■ SOURCES

Wired

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.