Iran has hacked mobile networks throughout the Middle East to track the locations of US personnel and contractors throughout the war, London’s Financial Times (FT) newspaper reports, citing telecommunications data from the Mobile Surveillance Monitor research project and quoting people familiar with the matter.

US lawmakers were alarmed by the information, the newspaper said, as they warned that roaming systems and smartphone advertising technology have left the military vulnerable to attack.

Officials in the Gulf suspected Iran or its allies of exploiting roaming agreements with local phone providers to try to locate US personnel, one person familiar with the matter told the FT.

A US official speaking on the condition of anonymity told the newspaper that actors linked to Iran had abused commercially available advertising databases to track phones in northern Iraq’s semiautonomous Kurdish region.

“Iran absolutely has capabilities to get real-time, immediate and continuous location information,” Gary Miller, a senior research fellow at the cybersecurity watchdog Citizen Lab who reviewed the data, was quoted as saying by the FT.

“It would surprise me very much if Iran were not using SS7, or mobile network access in the region, to track US users.”