0

Mobile Device Location Tracking Risks: A Threat to Operational Security


A perspective from Frank Purdy, Managing Partner at Phronesis Research LLC.  

Smartphones have become indispensable tools for our troops, enabling seamless communication, navigation, and real-time team coordination - however, this convergence of military operations with personal technology creates new vulnerabilities to address. These devices, apps and the commercial advertising ecosystem pose significant OPSEC risks.  

Adversaries are actively exploiting commercially available information to identify vulnerabilities in mobile devices to gain access to sensitive location information that exposes our warfighters to mission breech and more. The need for tactical edge communications is significant, and advanced technologies that enable the “edge” communications while not posing OPSEC risks is an imperative for warfighter success. 

The Mobile Threat Landscape 

The threats to mobile devices are vast and ever evolving, with adversaries employing sophisticated tactics to target our forces. Some of the most prevalent threats include: 

  • Spyware: Malicious software designed to gain unauthorized access, steal data, or disrupt operations. 
  • Phishing Attacks: Deceptive tactics to trick users into revealing sensitive information or downloading malware. 
  • Compromised Apps: Legitimate apps infected with malicious code, enabling data theft and remote access. 
  • AI-Powered Intrusions: Advanced techniques using artificial intelligence to bypass security measures and impersonate trusted entities. 
  • Commercially Available Information (CAI): The ability of anyone with a credit card to purchase CAI that divulges individual device location -- globally  

Location Tracking: A Real-World Scenario 

The Russia-Ukraine war has provided a stark example of how personal devices can be exploited for location tracking. Both sides have used their electronic warfare techniques; combined with CAI data to geolocate opposing forces 

These scenarios highlight the critical importance of safeguarding mobile devices and the data they transmit. Even seemingly innocuous information, such as weather app data can provide valuable intelligence to adversaries, putting our troops at risk. 

Ubiquitous Technical Collection and Ubiquitous Technical Surveillance (UTC/UTS) 

The widespread collection and commercial selling of in-app data and the AI-driven analysis of this data, known as UTC/UTS, presents the most formidable challenge to Force OPSEC.  

This comprehensive surveillance environment makes it increasingly difficult for our forces to operate undetected, as even the smallest digital footprint can be exploited by adversaries. 

Mitigation Strategies 

To address these threats, we must adopt a multi-layered approach to mobile device security. This includes: 

  1. Strict Policies and Procedures: Don’t allow personal smart phones/devices in the work environment, on temporary duty or on mission deployments.   
  2. Comprehensive Training: Provide ongoing training to personnel on mobile device security best practices, threat awareness, and OPSEC principles. 
  3. Secure Communications: Utilize secure communication channels and encrypted mobile phones avoiding use of phones with compromising apps mobile ad IDs (MAIDs). This is where Sotera comes in. 
  4. Continuous Monitoring: Implement continuous monitoring and analysis of mobile device activity to identify potential threats and vulnerabilities.

 Conclusion 

There is no question that mobile device security is paramount to safeguarding our operational capabilities and protecting our troops. By acknowledging the threats posed by location tracking, AdTech data exploitation, and UTC/UTS, and implementing robust mitigation strategies, we can begin to take steps to enhance our operational security and maintain a decisive advantage over adversaries. 

Remember, a single compromised mobile device can jeopardize an entire mission. It is our collective responsibility to prioritize mobile device security and ensure our warfighters can operate with confidence and without fear of compromise. 

Leave a Reply

Your email address will not be published.*