San Francisco: US military movements in Syria were revealed by location info available for purchase from smartphone apps, which included enough information to identify the location of an undeclared US military base in the country.
The sensitive location information was harvested from weather, games and dating apps on the phones of US soldiers and appears to include special ops personnel.
9To5Mac, citing The WSJ, said that the security breach came to light when a US contractor was working on software it hoped would enable the US to track the movements of Syrian refugees.
In 2016, a US defence contractor named PlanetRisk Inc was working on a software prototype when its employees discovered they could track US military operations through the data generated by the apps on the mobile phones of American soldiers.
At the time, the company was using location data drawn from apps such as weather, games and dating services to build a surveillance tool that could monitor the travel of refugees from Syria to Europe and the US.
The company’s goal was to sell the tool to US counterterrorism and intelligence officials, the report said.
But buried in the data was evidence of sensitive US military operations by American special-operations forces in Syria, it added.
The company’s analysts could see phones that had come from military facilities in the US, traveled through countries like Canada or Turkey and were clustered at the abandoned Lafarge Cement Factory in northern Syria.
When PlanetRisk traced telephone signals from US bases to the Syrian cement factory in 2016, it hadn’t been disclosed publicly that the factory was being used as a staging area for US and allied forces.
Moreover, the company could monitor the movements of American troops even while they were out on patrol — a serious operational security risk that opened units up to being targeted by enemy forces, according to the people familiar with the discovery.